RESTClient icon indicating copy to clipboard operation
RESTClient copied to clipboard

Published 20 hours ago verified publisher icon chao

Drop requirement for "Access your data for all websites" permission

Open pedropedruzzi opened this issue 7 years ago • 1 comments

The addon required the new permission "Access your data for all websites" to update (in addition to the reasonable "Clipboard access" one). I don't want to grant such a general permission. Could you clarify why is it needed for RESTClient? Can you drop it or make it optional?

pedropedruzzi avatar Jan 31 '18 15:01 pedropedruzzi

Access your data for all websites permission is used for OAuth 2.0 authentication. In OAuth 2.0 RESTClient need to intercept the OAuth2 web service redirect endpoint, inject a content script for obtaining the access token. That redirect endpoint could be any website.

I don't know how to request a permission only when you need it (e.g. before you use OAuth 2.0), any pull request are welcome!

chao avatar Feb 01 '18 01:02 chao