Introduce a mechanism to enable users to opt in to extension functionality
Categories
(WebExtensions :: General, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: robwu, Unassigned)
References
(Depends on 1 open bug, Blocks 3 open bugs)
Details
(Whiteboard: addons-ux)
In addition to the effort of giving users more control over which websites an extension can access (bug 1711787), we should also consider controls to enable us to offer powerful extension functionality with explicit post-user install consent. This could cover features that are only useful to a small subset of extensions, and that are powerful enough that they should not be granted when a user mindlessly clicks through an installation prompt.
Examples of such features are the ability to downgrade security headers (bug 1787155), local file access (bug 1246236), code execution for user script managers (bug 1687782).
A potential way to implement this is by withholding (internal) permissions by default, and allow users to opt in via the Add-on manager UI (about:addons).
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Reporter | ||
Comment 1•10 months ago
|
||
Chrome has shipped a comparable feature, tied to their existing "Developer Mode" checkbox at their extension management page.
Originally developed to restrict the Chrome-only debugger
API to developers (https://crbug.com/1267489), the feature has since been decoupled from debugger
and attached to the userScripts
API instead (https://crbug.com/1495451). Chrome's current documentation for the feature is at https://developer.chrome.com/docs/extensions/reference/api/userScripts#developer_mode_for_extension_users
The difference between what I proposed here and the flag in Chrome is that I intended this to be a per-extension toggle, not a global one.
Description
•