Closed chris-mosley closed 6 months ago
barrymun
commented
11 months ago @chris-mosley in engines/chromium/manifest.json the permissions are activeTab and storage, whereas we have a lot more for engines/gecko/manifest.json - do we need webRequest, scripting and tabs for firefox addons?
chris-mosley
commented
11 months ago I actually removed activetab from the chrome one and it continued to work. but forgot to slim down the gecko manifest :|
I'm checking on that now.
chris-mosley
commented
11 months ago so i did the same for firefox, removed all but storage and the addon continued to work. Though I do wonder if my environment is screwed up from all the past testing. I've pushed it for now.
barrymun
commented
10 months ago @chris-mosley i think it might be better to preserve the activeTab permission, as we may want to be able to interact with the user's page in different ways in the future (like injecting styles, other scripts, etc.), and it avoids having to use host permissions, specifically this. we definitely don't need any of the others, however, but let me know what you think
the changes to the "matches" pattern is also better for permissions. we can now remove the include_globs key as well so i'll make a pr for this (i previously thought this would mean not specifying a matches pattern but it's too generous). i'll also clean up the patterns so that we only have to define them once.
when testing i fully uninstalled the addon/extension and then re-installed and it was working
chris-mosley
commented
10 months ago @barrymun I added activeTab back in specifically to grab the url and see if we're on *.amazon.*
If we find any other uses for it then it's ready to go.
We might be asking for more permissions than we need.
I will be experimenting with removing more and more permissions from app to see how far we can go without affecting functionality.