Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Technique to reduce required permissions #91

Open
Gitoffthelawn opened this issue Mar 22, 2019 · 6 comments
Open

Technique to reduce required permissions #91

Gitoffthelawn opened this issue Mar 22, 2019 · 6 comments

Comments

@Gitoffthelawn
Copy link
Contributor

According to your excellent Wiki page https://github.com/aaFn/Bookmark-search-plus-2/wiki/Permissions-and-Privacy-policy, the only reason this extension needs the Access your data for all websites permission is to handle favicons.

Would it be possible to have favicons disabled by default, and then only request this permission if the user enables favicon support? If so, that would be wonderful!
@Gitoffthelawn
Copy link
Contributor Author

From what I'm reading here this should be rather easy: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/permissions

@aaFn
Copy link
Owner

aaFn commented Mar 30, 2019
edited
Loading

Hello @Gitoffthelawn , to keep the behavior consistent with the original BSP, I prefer to leave favicon fetching activated by default.

Now, I could look at forgetting the permission when people deactivate favicon fetching.
Not sure if this is possible, but I will study it.
Thanks for the suggestion.

@Gitoffthelawn
Copy link
Contributor Author

Yes, it's a tricky conundrum. Keeping the behavior consistent is desirable, and so is not turning people away due to too many big permissions.

Here's an idea that may work: Take the permission out for new installs (existing installs have already agreed to it, so it didn't deter them), and then on a fresh install query the user if they want to add favicon fetching (and explain that an additional permission will be needed).

@aaFn
Copy link
Owner

aaFn commented Mar 31, 2019
edited
Loading

Interesting idea .. I guess I need to study that API better to understand how this is working.
And I am still hoping that FF will make the favicon available to us https://bugzilla.mozilla.org/show_bug.cgi?id=1315616 ..
which should make the permission unneeded anymore (I hope, I didn't check much if removing it didn't have side effects, like on opening new tabs with URL from bookmarks .. etc ..)

@xan2622
Copy link

xan2622 commented Mar 6, 2020

Any update on this request (to remove the Access your data for all websites permission) ?

@aaFn
Copy link
Owner

aaFn commented Mar 7, 2020
edited
Loading

Hello @xan2622, I looked at it, but it is in fact quite complex to implement. Because I have then to manage things nicely when the user decides to refuse individual permissions, which is a lot of work.
So no, no update yet.
Note: this is non functional, and I still spend the few time I have available for BSP2 to improve functions as required by users. So this one is still under the pile, priority going to functions. It will eventually get in, when I have time for it.

By the way, on the case of Access your data for all websites permission, if FF eventually came with a solution for making favicon available (https://bugzilla.mozilla.org/show_bug.cgi?id=1315616), that would immediately allow to remove that permission and all the stuff on favicon fetching, and would be much better :-)

@elandorr elandorr mentioned this issue Apr 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xan2622 @Gitoffthelawn @aaFn