Rob--W
Explain permission required in readme
Hi! Thank you for the excellent extension.
It looks like it performs a simple, but essential, function.
Can you update the readme (or just answer below), why it needs each of its permissions?
The current required permissions are:
- Access your data for all websites
- Access browser tabs
- Access browser activity during navigation
And if it's possible to reduce/remove any permissions, that would be great.
Thanks!
- To redirect http to https, the extension needs the permission to see all requests. It is used at: https://github.com/Rob--W/https-by-default/blob/8498f6aaafcaefb5cbcc021b5aab4652d7d3fb5c/firefox/background.js#L175
- To detect repeated attempts to open http-URLs (e.g. because the site does not support https), the extension needs to see the URL of the current tab. It is used at: https://github.com/Rob--W/https-by-default/blob/8498f6aaafcaefb5cbcc021b5aab4652d7d3fb5c/firefox/background.js#L141-L145
- This was used to detect the current tab's URL. It is no longer used since the removal of the
webNavigationcall at https://github.com/Rob--W/https-by-default/commit/c8c5b024075ecbccb391e8ca260e01658f06ad6d I'm still preserving the permission in case it is needed again to improve the detection of http:-requests.
The most "scary" permission is 1, but that cannot be removed as it is necessary for the extension to function reliably.
Thanks so much!
Regarding the "Access your data for all websites" permission: If I'm understanding you correctly, an extension needs that permission just to see what url the browser is requesting. Is that correct? I was hoping there was a way around that.
BTW, the information you provided is very useful. Would you like to add it to the readme, or would you like me to do that? Or would you prefer neither?
Neither. I think that my reply in this issue is sufficient. There are not that many issues in this repo, so anyone who is interested would easily find the question and answer here.