jorgenbuilder
commented
1 year ago Thanks for the report Paul (and for bringing it to my attention on the dev call today!) I'll have a look at how to add this feature.
Closed paulyoung closed 1 year ago
jorgenbuilder
commented
1 year ago Thanks for the report Paul (and for bringing it to my attention on the dev call today!) I'll have a look at how to add this feature.
jorgenbuilder
commented
1 year ago So, extension permissions are... weird. This extension has never requested any explicit permissions, as you can see in the manifest file's empty permissions array.
I've identified that I can achieve the interface in your screenshot by adding the <all_urls> host permission to the manifest, but it doesn't seem to affect the functioning of the extension in any way, even if it is apparently being restricted:
Notice that no access has been granted to the extension, but it's capturing messages in devtools.
My interpretation here is that ic inspector has no access to your data whatsoever, until you open up it's specific tab in devtools. Here's a screenshot using the current production permissions, where we can see the extension never gets access to the active tab:
I might be missing something here, since I don't have a lot of experience with extensions. As far as I can tell though, I have the most restrictive permissions possible (i.e. no permissions at all) and so it's frustrating that this is what people see when they check which permissions the extension requires:
jorgenbuilder
commented
1 year ago Closing for now. This seems like mostly a problem with how chrome displays permissions.
paulyoung
commented
1 year ago Thanks for looking into it!
All of the extension I use support the following option, but ic-inspector doesn't provide it.
I like this feature because it allows me to opt-in to when an extension can access pages I'm browsing to. The alternative is to enable and disable the extension, which is less convenient.