Why is Banana Cake Pop asking for extended clipboard permissions?

[moander]

Product

Banana Cake Pop

Is your feature request related to a problem?

I always click Block, and the clipboard seems to be working fine. Am I missing something?

The solution you'd like

I don't want to be asked to share my clipboard :-)

[glen-84]

This is used to support the (seemingly-undocumented) "New Document from Clipboard" functionality (which is able to create a document by extracting information from a curl command on your clipboard).

I agree that the random prompt is far from ideal. Perhaps it should only prompt for permission when you use the function for the first time.

[michaelstaib]

@glen-84 not sure if that is possible. @rstaib is that possible what @glen-84 suggests :)

[moander]

@michaelstaib the clipboard api ask for permission when called.

Put this on your web page and you dump the users clipboard to console every 3 seconds:

setInterval(() => navigator.clipboard.readText().then(txt => {
  console.log(`secret: ${txt}`)
}), 3000)

[tobias-tengler]

Just to add to this: We're making heavy use of preview deployments and each preview has a distinct URL. When navigating to <preview-host>/graphql you therefore always end up with a "fresh" BCP instance and get prompted for clipboard access. This is quite annoying and every engineer I watched immediately blocked clipboard access. Which is a natural reaction. "Why should this tool want to access my clipboard before I even started using it, without explaining why it needs this access". I think this feature does more harm than good. Asking for full clipboard access without explaining why doesn't inspire confidence in the software, especially for a first time user. I'd guess if you tracked whether the user gave consent or not, you'd end up seeing that 99% of users don't give consent.

[rstaib]

I will see how to make it lazily ask for permission. It makes totally sense.