Required permissions should be dialed down

[asfaltboy]

The current content script domain url matching, shows a "scary" permission required message where all data on all sites is exposed to extension.

I'm sure some people would appreciate that the exposed sites will be github/bitbucket as the extension advertises, is there a reason for this change?.

[ekweible]

+1 - I just removed the extension because of this change. Seems unnecessary to not limit it to a list of sites.

[stevepeak]

Thank you for the feedback. The reason for extending the privileges (and I agree in a "scary" manner) is because of customers using Codecov in self-hosted Enterprise mode.

I'll be creating a separate application for enterprise customers and place the privileges back to the minimum as it once was.

Meanwhile, the source code is (and will remain) open source in this repository.

[hutson]

@stevepeak thank you for your transparency on this matter.

I too look forward to those permissions are dialed down to the minimal required for effective use of CodeCov with public code hosting platforms.

[AnthonyClark]

Any chance this will be revisited?

[dmnd]

@stevepeak it's been two years now; do you intend to adjust the permissions back? The extension is extremely useful, but 9/10 times I recommend it to someone they don't install it because of this permissions request.