Wildcard base and edge casesThrough enterprise policies: Notes: Currently, a wildcard port is serialized as an empty port into prefs. Changing the semantics would require migration.
Pattern | Expected behavior | Implemented behavior | Reason for implemented behavior | http://foo.com:80/ https://bar.com:443/ https://bar.com:8081/ | Allowed | Allowed | Everything specified. | http://foo.com/ https://bar.com/ | Allowed | Allowed | Concrete scheme, concrete host, empty path, unspecified port (implicit wildcard). Matches origins with any port. | http://www.foo.com:* https://www.foo.com:* | Allowed | Allowed | Concrete scheme, concrete host, empty path, explicit wildcard port. Matches origins with any port. | www.foo.com:80 *:www.foo.com:80 | Allowed | Allowed | Wildcard or unspecified (=implicit wildcard) schemes are permitted | *://www.foo.com www.foo.com:*
| Allowed | Allowed | Unspecified/wildcarded ports and schemes are permitted. | https://www.foo.com:443/* | Allowed | Allowed | Path wildcards are allowed. They are meaningless, as the pattern is always matched against an origin. | https://[*.]foo.com:443 [*.]foo.com | Disallowed | Disallowed | Disallowed because of subdomain wildcard in host. | https://*:443 | Disallowed | Disallowed | Disallowed because of a full wildcard in host. | * *:* | Disallowed | Disallowed | Scheme host port path all wildcard. Disallowed because of the host wildcard. Scheme/path/port wildcard would be fine. | https://* https://*:* | Disallowed | Disallowed | Concrete scheme, but host port path all wildcard. Disallowed because of the host wildcard. |
Through extensions (format, note that port cannot be specified, but path must be specified):
Notes: The omitted port maps to the default port (80 and 443), not the wildcard. The port can be optionally specified, and can be specified as “*”, which then maps to the wildcard. The only allowed path for http/https is “/*”, and that maps to the empty path, not a wildcard.
Pattern | Expected behavior | Implemented behavior | Reason for implemented behavior | http://foo.com/* https://bar.com/* http://foo.com:80/* https://foo.com:80/* | Allowed | Allowed.
| The omitted port is assumed to be the default port, and /* maps to the empty path. | https://foo.com:*/* | Allowed | Allowed. | Concrete scheme, host, empty path, wildcard port. | *://www.foo.com/* | Allowed | Allowed | Wildcard scheme is permitted. | <all_urls> | Disallowed | Disallowed | All-wildcard. | https://*.foo.com/* | Disallowed | Disallowed | Subdomain wildcard. | https://*/* *://*/* | Disallowed | Disallowed | Domain wildcard. | www.foo.com/* *.foo.com/* | Invalid | Invalid (The scheme must be present) |
| http://foo.com/path* www.foo.com/index.html http://www.google.com/ http://www.google.com | Invalid | The only allowed path for http/https is “/*”, and that maps to the empty path, not a wildcard. |
| http://*foo/bar/* http://foo.*.bar/baz/* https://[*.]foo.com:443/* | Invalid | Invalid ('*' in the host can only be the first character and must be followed by ‘.’, and subdomain wildcards are not supported) |
|
|
|