search

microsoft / accessibility-insights-web

Accessibility Insights for Web
https://accessibilityinsights.io
MIT License
820 stars 146 forks source link

Canary hasn't updated since 10/24 #1591

Closed ferBonnin closed 4 years ago

ferBonnin commented 4 years ago

Describe the bug

Our canary releases are "in pending review" by the Chrome web store. Canary is stuck since 10/24, push to insider took 1.5 days and Playground is also not in review.

Let's review Google's guidance and check if there is any permissions we can remove/edit to avoid having a compliance review for each release.

Expected behavior

release should be available as fast as it was before (<1 hour)

Additional context

This is blocking our ability to do fast development

smoralesd commented 4 years ago

google developer's transition guide around permissions: https://developer.chrome.com/extensions/runtime_host_permissions

smoralesd commented 4 years ago

In order to improve our chances to not get flag with Pending review (which takes 5~7 bussiness days acording to google developer support) we need to change our current permissions. Basically, remove "https://*/*", "http://*/*", "file://*/*" and add "activeTab". "activeTab" gives us permission to inject javascript and css to the target page in a tab-by-tab basis and only when the user activate our extension in the context of a tab (thus, we get the permissions for said tab, not all the tabs). The user can activate an extension by at least a couple of means:

This permissions are granted for as long the tab lives, and it's not revoked when the tab goes "not active" (meaning, when a different tab gets active), so we can still try to scan a page (from a details view associated with it) when its tab is not active.

The downside of using "activeTab" permissions is: this breaks our e2e tests. This comes from a couple of details:

  1. We use puppeteer for our e2e test and as of today, puppeteer does not provides a way to activate the extension icon as mentioned here.
  2. Because of this, we create tabs and navigate to chrome-extension urls for our extension to open the popup, details view and guidance content. Doing this does not grant us "activeTab" permissions as we are not activating the extension from a tab context.

We have a couple of approaches we need to try:

  1. Try to send the extension shortcut ("Shift + Ctrl + K") so we can activate the extension from a tab.
    1. We may try to use puppeteer keyboard api to do so
    2. We may try a different approach where we try to do this at the OS level
  2. We have a different manifest for our extension while running 2e2 tests, where we have access to known urls we are trying to scan during the tests (worst case scenario: we add the '<all_urls>' permission.