violentmonkey icon indicating copy to clipboard operation
violentmonkey copied to clipboard
verified publisher icon violentmonkey

[Feature] Sync in current Firefox container

Open cprn opened this issue 3 years ago • 6 comments

Motivation Syncing to Google / DropBox / any online service never worked for me and never will because I use containers for sessions separation and it's impossible (I think) to tell Violentmonkey which container to use when making a backup. When I hit "authorize" button it always opens a sign-in page in the default container where I'm never logged in (and can't be for security reasons).

Proposed Solution It'd be awesome if Violentmonkey just synced scripts and settings to Firefox Sync like some other Firefox plugins do. Firefox Sync doesn't share its session with websites so it's cross-site attack immune by definition and doesn't care for containers. Implementation might not be trivial because it seems not every aspect of it is properly documented, as stated in Mozilla wiki:

Build a Sync engine (if you need to sync more than just preferences). If you need this, please drop by the #sync channel in IRC so you can chat with a Sync developer (there are some important details not currently captured formally in any docs).

Use Cases Because of the above, as a user who was making ZIP backups manually (actually by a cron-triggered JS script) and lost them today due to carelessly executed bleaching/privacy software (same would happen if a local ZIP file became unreadable for whatever reason), I'd like Violentmonkey to keep a backup in the cloud (preferably by default) making such cases less of a disaster.

cprn avatar Nov 17 '22 14:11 cprn

It's related to https://github.com/violentmonkey/violentmonkey/issues/1527 and the use case is applicable there as well.

cprn avatar Nov 17 '22 14:11 cprn

The API is the same as #1527, so one issue is enough.

As for containers, we can try detecting the container and set up the request accordingly.

tophf avatar Nov 17 '22 15:11 tophf

we can try detecting the container and set up the request accordingly

Seriously? I thought it's impossible for JS to run request in a different container than default. 😮 If it's doable it kind of beats the purpose of containers, I think, as any malicious code can simply send multiple requests, one for each container, until it gets the right one. Or did I misunderstood something?

cprn avatar Nov 17 '22 20:11 cprn

Extensions are special things, so it may be possible, I don't know.

tophf avatar Nov 17 '22 20:11 tophf

A work around would be copying the authorize URL (from default container) and open it in google container manually. Other native applications (Google Drive for example) works this way.

dangh avatar Dec 01 '22 15:12 dangh

@dangh This never worked for me. I just checked and Google Drive works only when opened in the same container. Alas, the backup request has to be made in the same container as Google Drive authentication. Also redirection that takes place after authorization would happen in a different container than where it started so I can't see how it'd work.

cprn avatar Dec 04 '22 19:12 cprn