[mastazi]

The public suffix list is also used by other browsers to determine whether resources are cross origin (see below), not just by Firefox. So, I think it's a pretty authoritative list, and also consider that domains are added by formal request of the domain holder, not as a result of someone's curation.

That list is the reason why CORS behaves differently e.g. across two subdomains like [subdomain].herokuapp.com (requests are considered cross origin) in comparison with two subdomains of the type [subdomain].[myowndomain.ext] (requests are considered same origin)[1] - the reason for this difference is that herokuapps.com is part of that list.

[1] unless you added your own domain to the public suffix list.

[tialaramex]

One of the maintainers of the PSL (Ryan Sleevi) has written on HN before that they'd sure like it if people leant on the PSL less rather than more.

It's a nasty hack, the successor to even worse proprietary hacks but still something we ought to strive to get rid of.

I can see exactly why it was the choice here, and I don't blame Mozilla for choosing it, but we're not going to make things better if nobody gets out and pushes.

That said, since we're stuck with the PSL for the foreseeable, I sure would like it if Mozilla shipped a way for extensions to just consult Firefox's built-in copy of the PSL, rather than needing to either build yet another awful hack or ship the entire PSL again in an extension.

[mastazi]

How do you propose getting rid of the PSL? I don't see alternatives to having an authoritative publicly available list, unless we change the current standards somehow?

> I sure would like it if Mozilla shipped a way for extensions to just consult Firefox's built-in copy of the PSL

the PSL is available at https://publicsuffix.org/list/public_suffix_list.dat - as noted elsewhere in this tread it is also used by other browsers. I guess the one built into Firefox is just downloaded from there and cached? If so why would you want that over the other?

[tialaramex]

I do not have a concrete proposal. If I did I'd probably be too busy arguing about it with other people in that space to comment here.

> I guess the one built into Firefox is just downloaded from there and cached? If so why would you want that over the other?

If your extension is 10kB of Javascript and you typically update it once or twice a year to tweak things, it's crazy that now the total extension size is over twenty times bigger and you need updates every month or so at least because otherwise things might not work for some users.

If your extension wraps, say, the New York transit map, or Wikipedia's list of English monarchs then fine, there's no reason Firefox would know those, you need to ship or fetch the data. But the PSL is necessarily built-in to Firefox, they do have the data, you just can't access their copy.

[mastazi]

I was thinking about downloading the data at runtime, not baking it into the extension source. Obviously I don't know what your extension does and maybe there are reasons why this is not possible (e.g. maybe that's not doable because you need offline support).