Open Bug 1303108 Opened 8 years ago Updated 2 years ago

Control Center should only show non-default permissions

Categories

(Firefox :: Site Permissions, defect, P3)

Product:
Firefox
Component:
Site Permissions
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox51 --- affected

People

(Reporter: MattN, Unassigned)

References

Details

(Whiteboard: [fxprivacy] )

User Story

As a user I want to be in control of the permissions that a site has access to.

If a site has a non-default permission I should be able to revert to the default value with the (X) in control center.
Follow-up from bug 1295151 comment 6 since a short-term solution was used in that bug.

Control Center should be where users are in control of what permissions a site has access to. If a site is broken due to lack of permissions or seems to have permissions I don't want it to have I should be able to revert to default permissions from Control Center with the (X) button.

Once we fix this we should make sure all permissions that have other preference UI are shown in Control Center (including add-on installation).
Priority: -- → P3
Whiteboard: [fxprivacy] [triage] → [fxprivacy]
STR:
1) Open about:preferences#security
2) Click [Exceptions…] beside "Warn me when sites try to install add-ons"
3) Type "https://people.mozilla.org" in the textbox
4) Click "Allow"
5) Open https://people.mozilla.org in a new tab

Expected result:
The dot appears on the (i) icon indicating a non-default permission (even if add-on installation is the only permission granted to the origin) and add-on installation is shown in the control center permissions section.

Actual result: 
Due to bug 1295151, add-on installation is never shown in control center even if it's on a non-default allowed site.
Has STR: --- → yes
Potential fix 1 (Generic fix):
* Expose the fact that a permission is default/preloaded state on nsIPermission[1]
* Ignore permissions that indicate they are preloaded in SitePermissions.jsm[2]

This fix also handles when an administrator overrides the permissions.manager.defaultsUrl pref to configure different permission defaults by not showing those default values (which could be good or bad from a user perspective).

Potential fix 2 (Mozilla-specific exclusion list):
* In SitePermissions.jsm, exclude https://addons.mozilla.org and https://testpilot.firefox.com (and maybe other install permission origins from [3]) so they are excluded from UI indicating non-default values.

With either fix we probably should update doc comments in SitePermissions.jsm and we may want to rename functions to indicate that they aren't just a wrapper on nsIPermissionManager and can provide different results. e.g. getAllByURI could be renamed to getChangedByURI or getNonDefaultByURI.

[1] https://dxr.mozilla.org/mozilla-central/source/netwerk/base/nsIPermission.idl
[2] https://dxr.mozilla.org/mozilla-central/source/browser/modules/SitePermissions.jsm
[3] https://dxr.mozilla.org/mozilla-central/source/browser/app/permissions
Component: Site Identity → Site Permissions
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.