Closed
Bug 652896
Opened 13 years ago
Closed 6 years ago
Allow AMO to show extension install dialog before downloading XPI
Categories
(Toolkit :: Add-ons Manager, enhancement)
Toolkit
Add-ons Manager
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: jruderman, Assigned: Unfocused)
References
Details
Attachments
(2 files)
The current flow (click Install, wait for download, confirm intent to install) causes numerous usability and security problems. We should allow AMO to give us the information for the dialog up-front, as part of the InstallTrigger call. (If the information shown in the dialog does not match what is extracted from the extension, we'd need to bail, but this shouldn't happen on AMO.) Then we can download the XPI in parallel with the user seeing and reading the dialog, which will make the installation process much smoother overall. I think this is the most important part of the plan to reduce extension installation security-dialog pain (https://wiki.mozilla.org/Security/Add-Ons_Discussion).
Comment 1•13 years ago
|
||
(In reply to comment #0) > The current flow (click Install, wait for download, confirm intent to install) > causes numerous usability and security problems. Could you elaborate on what these problems are for the uninitiated?
Reporter | ||
Comment 2•13 years ago
|
||
Having the dialog after the download forces users to wait twice, and might predispose them to click Install. It raises questions of what happens if you click AMO's green Install button and then switch tabs, with the most obvious answer being to interrupt users with a security dialog (always bad).
Comment 3•13 years ago
|
||
Slight elaboration: We currently download an add-on's .xpi file before the user is asked permission to install it. While it's roughly understandable enough for users to navigate through, the order is backwards compared to the vast majority of similar installation flows. Installing a file before asking both flies in the face of user expectation, and gives the impression at first that we will be installing an add-on without asking permission at all (see: Windows Vista). This may cause users to prematurely cancel an installation on the onset. If we can ask the user's permission first - even with imperfect add-on data - and then download the file, we'll be following a very well expected and utilized model (in computing and in life) of asking for permission and then completing the action once it is obtained.
Comment 4•13 years ago
|
||
Comment 5•13 years ago
|
||
Comment 6•13 years ago
|
||
I don't know, whether it is the right place to ask a question like this (and I beg you to correct me if it is not), but: Why not download the .xpi in the background while asking for permission and discard it in the case the user denies to install it? This reduces the time the user has to wait for his extension, and just downloading the .xpi wouldn't hurt from a security perspective, or would it?
Reporter | ||
Comment 7•13 years ago
|
||
That's the plan :) "Then we can download the XPI in parallel..."
Assignee | ||
Comment 8•13 years ago
|
||
Looks like this will be part of my work in bug 643020.
Assignee: nobody → bmcbride
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
Comment 9•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•