Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requires excessive permissions #62

Open
am11 opened this issue Nov 12, 2019 · 2 comments
Open

Requires excessive permissions #62

am11 opened this issue Nov 12, 2019 · 2 comments

Comments

@am11
Copy link

am11 commented Nov 12, 2019

none of the required permissions seem relevant to functionality this extension provides:

image
@Sxderp
Copy link

Sxderp commented Nov 15, 2019

I can probably help with this. But Rob could go more in depth.

  1. Required to intercept headers and figure out if the extension should open the dialog
  2. History is required because the extension is actually private-browsing aware. A lot of developers don't take this into consideration. But when in private browsing the extension deletes its own window url from history.
  3. Pretty much the same as above.
  4. Tabs permission is required to remove the tab after the dialog box appears. To create similar behavior to the native box.
  5. This one seems silly to me and I feel like should be brought up in a bugzilla feature request to extend the webRequest api. Anyway, it technically doesn't really grant any more permission than what 1. already gives. But it's used for determining if the user aborts navigation.

@Rob--W
Copy link
Owner

Rob--W commented Nov 17, 2019

Thanks @Sxderp for providing an answer. Most of what you said is correct, but in some cases (2, 3, 4) there are slight differences.

  1. "Access your data for all websites" (<all_urls>) - This is needed to see network requests and their headers, in order to show the dialog when needed.
  2. "Access browsing history" (history) - This is to prevent the dialog's moz-extension://-URL from appearing in the history. The URL is not meaningful to users, and removing it from history prevents it from appearing in the location bar's autocompletion results.
  3. "Access recently closed tabs" (sessions) - This is to prevent the dialog from re-appearing when the user re-opens the most recently closed window - see Download dialog should not appear in Recently Closed Windows #43
  4. "Access browser tabs" (tabs) - needed to see the current URL of a tab/dialog. Not used in the current implementation, but kept because it could be necessary again in the future for the extension to work. This permission is similar to the next permission (webNavigation).
  5. "Access browsing activity during navigation" (webNavigation) - Used to detect whether the request has been aborted, in order to detect whether the dialog should be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Rob--W @am11 @Sxderp