Provide a way for users to control host permissions
Categories
(WebExtensions :: General, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: c4609174, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [permission])
Attachments
(2 files)
Safari-permission-2.png
Chromeium announced they'll add some more permission controls to host permissions: https://blog.chromium.org/2018/10/trustworthy-chrome-extensions-by-default.html Obviously, Firefox should add these, too. :) BTW it also talks about a new manifest version, but as there is not yet much info about it, I did not create another Bugzilla ticket for that. Please move this into the "WebExtensions" category or something like that.
Hi, Thank you for taking the time to add this suggestion. As you mentioned, I'll move this report to Toolkit: Add-ons Manager component for better visibility and handling. If this is not the appropriate component, please feel free to move it to the proper one.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Chrome's implementation seems fairly cumbersome and directed at power users of the browser. I'd hold off on copying what Chrome did to see how it is working in the wild. Giving users more control over host permissions is something Firefox should do, but there may better ways to do it.
|
|
||
Comment 3•2 years ago
|
||
Firefox will not be copying Chrome, in the literal sense of doing exactly what Chrome does. We will, however, be adding features to increase both user awareness and control of extensions in the browser. I'm closing this bug in anticipation of more specific feature requests that can be tracked and implemented separately.
|
||
Comment 5•2 years ago
|
||
Mike, there seems to be renewed interest in this feature or something like it -- see https://www.reddit.com/r/firefox/comments/cutny7/vivaldi_has_the_ability_to_sleep_extensions_until/ - it has 231 net votes and people seem to appreciate the idea or feature here, especially the idea that it would be nice to disallow an extension from accessing a page until its popup is activated.
Is it best to open a new request for this, or have you given any further thought to whether that feature (or the others from Chrome 70) can be implemented?
Thanks!
|
|
||
Comment 6•2 years ago
|
||
Passing this off to Philipp for consideration.
|
||
Comment 7•2 years ago
|
||
I agree that we shouldn't just copy Chrome. The UX for a such feature is particularly challenging to design in a way that it would allow users with different levels of understanding to make sensible decisions. Having too many prompts will train users to click the prompts away.
That said, I am in favor of providing more user control w.r.t. host permissions. I'm re-opening this bug and we have this under considertion in product planning. We'll update this bug further once we get closer.
|
||
Comment 8•2 years ago
|
||
Marking this as blocker of the manifest-v3 bug, because runtime host permissions are part of the manifest v3 (in Chrome), so anything here is relevant for the metabug.
|
|
||
Updated•1 year ago
|
|
||
Comment 12•10 months ago
|
||
A user on Reddit mentioned the design Apple plans to launch in Safari.
|
|
||
Comment 13•10 months ago
|
||
Second example -- seems host permissions might be withheld completely after installation until this first interaction:
|
||
Updated•10 months ago
|
|
||
Comment 15•9 months ago
|
||
The safari way seems ideal to me.
This feature is critical for me personally, so that I don't have to disable several addons whenever I need to visit my bank website, so that all my banking information isn't exposed to the addons which require full page access.
|
||
Comment 17•5 months ago
|
||
(In reply to jscher2000 from comment #12)
Created attachment 9158383 [details]
Safari-permission-2.pngA user on Reddit mentioned the design Apple plans to launch in Safari.
Safari-way seems the best, better than Chrome implementation.
|
||
Comment 18•4 months ago
|
||
(In reply to Viacheslav Guzhov from comment #17)
(In reply to jscher2000 from comment #12)
Created attachment 9158383 [details]
Safari-permission-2.pngA user on Reddit mentioned the design Apple plans to launch in Safari.
Safari-way seems the best, better than Chrome implementation.
I think that scaring users with a prompt that every extension wants to access your passwords and such is a bit too much (which is usually not true).
But I agree that even the Chrome implementation would enchance security. If you are suspicious, you can restrict the add-on.
|
|
||
Comment 19•4 months ago
|
||
(In reply to Mike Conca [:mconca] from comment #3)
Firefox will not be copying Chrome, in the literal sense of doing exactly what Chrome does. We will, however, be adding features to increase both user awareness and control of extensions in the browser. I'm closing this bug in anticipation of more specific feature requests that can be tracked and implemented separately.
What do you think now?
Description
•