Does the add-on need to ask to access our data for all websites?

[ZiadJ]

The add-on may apparently also ask to access our data for all websites. Is that really necessary else can it be removed somehow?

I'm asking because I'm concerned about the security risks that this represents, preventing me from using the add-on.

[danhgit]

We don't ask to access data for all websites. You can read about the permissions Octotree needs and why it needs them here.

Can you share a screenshot of the permission request so I could see what caused the concern?

[ZiadJ]

Thanks for the quick response. It's at the bottom of the screenshot on the Firefox add-on page:

[danhgit]

Hi, thanks for the follow up. Octotree only requires permissions for GitHub & Octotree. The optional permission is for GitHub Enterprise users, who might want to enable Octotree on their custom domain (and they'll need to explicitly allow that). The wording in Mozilla could be confusing, but it's like that for other extensions that support GitHub Enterprise too. For example, you can checkout the listing of Refined GitHub.

[ZiadJ]

Hmm...may be a separate version for Github Enterprise would help solve the issue.

[danhgit]

Thanks for your feedback. The custom domain permission is optional. If you don't use GitHub Enterprise, you don't need to enable it at all - Octotree doesn't automatically have that permission unless explicitly granted by users. AFAIK, this is customary among GitHub browser extensions that support GitHub Enterprise.