Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to optional permissions for less frequently used features #3

Closed
trockerapp opened this issue Mar 27, 2019 · 1 comment
Closed

Switch to optional permissions for less frequently used features #3

trockerapp opened this issue Mar 27, 2019 · 1 comment
Assignees
@trockerapp
Labels
enhancement

Comments

@trockerapp
Copy link
Owner

There are some features that may not be used by many people but are forcing us to ask for too much permission from everyone.

To start, the main reason we need "<all_urls>" is to be able to run the "Trocker.js" content script on non-famous webmails: code. It should be able to switch to an optional permission that is requested the first time this line is called.
@trockerapp trockerapp self-assigned this Mar 27, 2019
@trockerapp trockerapp changed the title Switch to optional permissions for less frequently used features () Switch to optional permissions for less frequently used features Mar 27, 2019
@trockerapp
Copy link
Owner Author

Progress report:
In version 2.5.0:

  • Removed "alarms" and "webNavigation" permissions which apparently were not needed (were remnants of very old tests).
  • Made the "tabs" permission optional.

However, could not make "<all_urls>" optional because some of the core functionality of Trocker will be impaired. Without the <all_urls> permission, apparently the webRequests api only refers the requests to urls which are explicitly listed in the manifest to the extension making the following core feature impossible:

  • Heuristic blocking of trackers (based on image size and not image url). Without <all_urls>, heuristic blocking of images will only be possible in webmails that serve images via a fixed proxy server (e.g. gmail which serves images via googleusercontent.com) because that proxy server could be added to the manifest. This means that without the <all_urls> permission, Trocker won't be able to heuristically block trackers in other webmails such as outlook.com. But heuristic blocking is essential since there are countless tracking urls with new ones cropping up by with each passing day and it will be a losing battle to try to manually find and list them all.

Without the <all_urls> permission, the following feature will perhaps be implementable but needs more work:

  • Blocking of tracked links. When links are clicked, again the webRequest api only refers clicks on the links that are explicitly listed on the manifest to the extension. This means that to keep providing this feature, we will need to rework how tracked urls are listed in the extension (currently they are listed in lists.js). Given that the above core feature already needs the <all_urls> permission, it doesn't seems reasonable to go through this change just so that this feature will not rely on the <all_urls> permission.

Will close the issue until a solution is found for heuristic blocking in other webmails (e.g. outlook.com).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trockerapp trockerapp

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trockerapp