Bookmark-search-plus-2 icon indicating copy to clipboard operation
Bookmark-search-plus-2 copied to clipboard

Published 20 hours ago verified publisher icon aaFn

Technique to reduce required permissions

Open Gitoffthelawn opened this issue 6 years ago • 6 comments

According to your excellent Wiki page https://github.com/aaFn/Bookmark-search-plus-2/wiki/Permissions-and-Privacy-policy, the only reason this extension needs the Access your data for all websites permission is to handle favicons.

Would it be possible to have favicons disabled by default, and then only request this permission if the user enables favicon support? If so, that would be wonderful!

Gitoffthelawn avatar Mar 22 '19 18:03 Gitoffthelawn

From what I'm reading here this should be rather easy: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/permissions

Gitoffthelawn avatar Mar 23 '19 01:03 Gitoffthelawn

Hello @Gitoffthelawn , to keep the behavior consistent with the original BSP, I prefer to leave favicon fetching activated by default.

Now, I could look at forgetting the permission when people deactivate favicon fetching. Not sure if this is possible, but I will study it. Thanks for the suggestion.

aaFn avatar Mar 30 '19 21:03 aaFn

Yes, it's a tricky conundrum. Keeping the behavior consistent is desirable, and so is not turning people away due to too many big permissions.

Here's an idea that may work: Take the permission out for new installs (existing installs have already agreed to it, so it didn't deter them), and then on a fresh install query the user if they want to add favicon fetching (and explain that an additional permission will be needed).

Gitoffthelawn avatar Mar 31 '19 03:03 Gitoffthelawn

Interesting idea .. I guess I need to study that API better to understand how this is working. And I am still hoping that FF will make the favicon available to us https://bugzilla.mozilla.org/show_bug.cgi?id=1315616 .. which should make the permission unneeded anymore (I hope, I didn't check much if removing it didn't have side effects, like on opening new tabs with URL from bookmarks .. etc ..)

aaFn avatar Mar 31 '19 08:03 aaFn

Any update on this request (to remove the Access your data for all websites permission) ?

xan2622 avatar Mar 06 '20 23:03 xan2622

Hello @xan2622, I looked at it, but it is in fact quite complex to implement. Because I have then to manage things nicely when the user decides to refuse individual permissions, which is a lot of work. So no, no update yet. Note: this is non functional, and I still spend the few time I have available for BSP2 to improve functions as required by users. So this one is still under the pile, priority going to functions. It will eventually get in, when I have time for it.

By the way, on the case of Access your data for all websites permission, if FF eventually came with a solution for making favicon available (https://bugzilla.mozilla.org/show_bug.cgi?id=1315616), that would immediately allow to remove that permission and all the stuff on favicon fetching, and would be much better :-)

aaFn avatar Mar 07 '20 09:03 aaFn