-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Enable changing the permissions for only new user #711
Comments
I don’t think this strictly needs new config/flags, but browsers could handle new permissions differently. Browsers are already able to deny access to certain hosts even if specified in the manifest. For example, the user can go visit ProposalLikewise, the browser could install an updated manifest and keep the new host disabled, using this capability. It is up to the extension to use Notes
|
Safari is fine for host permissions, but API permissions, like Chrome and Firefox, Safari will also disable the extension if a new non-optional one is added and it expands the capabilities of the extension into a new "bucket" — like adding injected content when none were present before, or adding |
This one resonates deeply for Tango. We’ve also been extremely careful to expand our feature set because of the current limitations. Today the choice has been:
The proposal outlined is a great balance because:
|
Added
follow-up: chrome
For those interested, the meeting notes are pending review at #720 and once merged will be available at https://github.com/w3c/webextensions/blob/main/_minutes/2024-11-07-wecg.md |
We discussed this issue in today's meeting. In this comment I'm going to try to capture some personal thoughts I didn't have time to express before the meeting and to capture some major points from the discussion. Personal thoughtsBroadly speaking I think browsers are open to the idea, but there are some challenges that a model change like that could have on the ecosystem. Currently, one aspect of the WebExtensions permission model is that everything in the Developers would need to use Discussion notesDuring today’s meeting, the view expressed by browser vendors was that the problem as outlined appears to primarily be related to Chromium’s current handling of permission upgrades. When Firefox fetches an updated version with new permissions, the previous version that is already installed continues running and the user is prompted to grant additional permissions for the next version. If they reject this request, the previous version will continue working. If they approve this request, the next version will replace the previous version. I’m not as familiar with the details for Safari, but generally speaking I believe the majority of permissions are not exposed directly to the user, so the requested behavior change is less impactful. Given that, my impression is that it’s not clear that there’s an obvious need for the requested behavior at the platform level, but all browsers are still open to additional discussion and consideration on this topic. I also want to note that @Rob--W briefly suggested a slightly modified approach to this capability request. As I understood it, Rob's suggestion was that rather than changing how permissions in the † While true in +95% (made up number) of cases, grants for “required” permissions are not strictly guaranteed. Some permissions are directly manageable by users through browser UI controls. For example, |
As a quick follow-up, I want to call out that my personal thoughts were primarily focused on the coding patterns during development and the mental model of how "required" permissions work in WebExtensions. I expressly did not focus on the user experience of upgrading extensions or the user's mental model for permissions. That said, I suspect that a closer review of the user experience across browsers and how proposals would affect those experiences may provide a compelling argument. |
Very much in favour of improving the whole permissions on upgrade behaviour. Abstractly speaking, in an ideal world extension developers specify all the permissions they might want/need to use and specify a subset of this list as "request on installation". Introducing a new key, something like As @fregante mentioned, without any changes, current behaviour could be improved. On extension updates, instead of offering users the ability to either accept the new permissions or simply uninstall the extension. It could prompt to either accep the new permissions or keep the permissions as they are, yet keep the extension installed, allowing the extension to then request permissions later in the flow after giving an explanation to the user.
@xeenon
@brianshultz This is actually a best practice to do even if you request required permissions. Due to all kinds of reasons permissions might be revoked. For example, users removing host permissions in |
Wanted to flag a feature request where you can change the permissions for only new users so that new users don't need to opt in to a permission again when there is a permission update in the extension.
Right now when you update the permissions, it updates it for all users - disabling the extension and making it impossible to expand the feature set without using optional permissions.
The text was updated successfully, but these errors were encountered: