ekweible
commented
8 years ago +1 - I just removed the extension because of this change. Seems unnecessary to not limit it to a list of sites.
Open asfaltboy opened 8 years ago
ekweible
commented
8 years ago +1 - I just removed the extension because of this change. Seems unnecessary to not limit it to a list of sites.
stevepeak
commented
8 years ago Thank you for the feedback. The reason for extending the privileges (and I agree in a "scary" manner) is because of customers using Codecov in self-hosted Enterprise mode.
I'll be creating a separate application for enterprise customers and place the privileges back to the minimum as it once was.
Meanwhile, the source code is (and will remain) open source in this repository.
hutson
commented
8 years ago @stevepeak thank you for your transparency on this matter.
I too look forward to those permissions are dialed down to the minimal required for effective use of CodeCov with public code hosting platforms.
AnthonyClark
commented
7 years ago Any chance this will be revisited?
dmnd
commented
6 years ago @stevepeak it's been two years now; do you intend to adjust the permissions back? The extension is extremely useful, but 9/10 times I recommend it to someone they don't install it because of this permissions request.
The current content script domain url matching, shows a "scary" permission required message where all data on all sites is exposed to extension.
I'm sure some people would appreciate that the exposed sites will be github/bitbucket as the extension advertises, is there a reason for this change?.