Document reason for "Access your data for all websites" browser permission (more prominently?)

[cooljeanius]

While trying to figure out why RefinedGithub was causing me some issues on a non-GitHub website (gcc.gnu.org to be specific), I noticed that RefinedGithub has "Access your data for all websites" under "Optional permissions for added functionality" enabled on my browser. I may very well have enabled that permission myself at some point, but if so, I forget why. If there was some sort of prompt or dialog that showed up explaining why the extension wanted the permission, then I've forgotten what it might have said. If documentation for why the extension might want this browser permission is already available, it should be made more prominent, and linked to from (more of) the places in which a user might look for documentation.

[cooljeanius]

Screenshot of the permissions I currently have enabled:
(this is RefinedGithub 24.3.20 for Firefox 123.0.1)

[busches]

It's needed for GitHub Enterprise. It's an optional permission, so it doesn't do anything until you enable it on that domain. Example where I just enabled it on espn in chrome:

I'm curious what issue you thought it was causing on another site.

[fregante]

RGH's own code doesn't have any permission requests, adding permissions is only possible via:

• Chrome's native UI
• this per-domain toggle https://fregante.github.io/webext-permission-toggle/?name=Refined%20GitHub&icon=https%3A%2F%2Fraw.githubusercontent.com%2Frefined-github%2Frefined-github%2Fmain%2Fsource%2Ficon.png

In your case, you most likely clicked Chrome's native UI toggle because we never ask for "all"

@busches The problem is most likely related to extraneous CSS injection

[cooljeanius]

RGH's own code doesn't have any permission requests, adding permissions is only possible via:

• Chrome's native UI

• this per-domain toggle fregante.github.io/webext-permission-toggle/?name=Refined%20GitHub&icon=https%3A%2F%2Fraw.githubusercontent.com%2Frefined-github%2Frefined-github%2Fmain%2Fsource%2Ficon.png

In your case, you most likely clicked Chrome's native UI toggle because we never ask for "all"

I'm on Firefox, though, not Chrome

[fregante]

s/Chrome/Firefox/

same

[jwakely]

I'm curious what issue you thought it was causing on another site.

It keeps sending POST /api/graphql HTTP/2.0 which gets 404 every time and then can trigger fail2ban to block your IP, and then you can't access the website at all.

[thesamesam]

I observed the same and I had the permission OP reported already off. Additionally, if I right click the icon in the menu bar, "Enable for this domain" is unchecked for the sites I was inadvertently spamming...

[fregante]

I observed the same and I had the permission OP reported already off.

Literally impossible. Refined GitHub does not have any more permissions than what you give. Permissions are handled and limited by the browser.

"Enable for this domain" is unchecked for the sites I was inadvertently spamming...

That checkbox doesn't work well when the "all sites" permission was granted

[cooljeanius]

I'm curious what issue you thought it was causing on another site.

It keeps sending POST /api/graphql HTTP/2.0 which gets 404 every time and then can trigger fail2ban to block your IP, and then you can't access the website at all.

Apparently this is to identify whether a server is GitHub Enterprise or not? Anyways, one other thing worth noting: when using the "Start process to identify feature..." button under the add-on's preferences, and the "all sites" permission is granted, it can cause the feature identification UI to appear on other sites, such as the GCC bugzilla, which can look really weird when the site in question isn't designed for it.

[fregante]

Duplicate of #7319 (comment)

[fregante]

In hands entrusted, a tool I gave,
Yet in your grasp, you find it grave.
"Why does it hurt?" you plead with me,
As if my answer could set you free.

In your grip, it's you who's harmed,
Release, find peace, be disarmed.
Lay it down, let healing start,
And mend the wounds within your heart.