New "Access data for all websites" now a required permission :(

[Gitoffthelawn]

Thank you for this wonderful extension.

Up through v1.6.0, it did not require the "Access data for all websites" permission. This was a critical "feature" that is absent in most similar extensions.

When trying to upgrade to v1.7.1 from v1.6.0, Firefox popped up a warning box that the extension now requires the unwanted "Access data for all websites" permission.

Would it be possible to remove that permission or make it optional? At this time, I have decided to continue with v1.6.0 because of this issue.

Thanks again.

[zWolfrost]

Hi, and thank you for your kind words. The reason why i require the "Access your data for all websites" is because some videos which get loaded from a cross-origin source get muted when the extension gets clicked and given permission. You can try this by yourself; go on any website which embeds a youtube video and if you click the extension, it gets muted (or just doesn't work).

Now, this extension implements a patch for this, but it needs to have the data permission for the website & the server url. That's the reason why i made it required, so nobody has to worry about that. U-block origin asks that as well, and similarly to UBO, this extension is free and open-source, so you don't need to worry about it collecting data.

However, i understand your concerns, and if you still desire that i revert this update, i will gladly do that.

[Gitoffthelawn]

Hi, you're welcome, and thanks again for the great extension.

Thanks also for your helpful reply.

Let's say example.com embeds a youtube.com video. To work, does the extension need access to only youtube.com, or also example.com?

If it only needs access to youtube.com (for this contrived example), can it simply use its existing permission that it obtained from the user previously visiting youtube.com and giving the extension permission for that domain?

(Just for the moment, let's ignore the obvious UX issue.)

[zWolfrost]

Yeah, that's the jist of it (it would need both youtube.com & example.com). I think it would be a major annoyance for the average user to manually give permission to both. I hope this can clear any doubts

[Gitoffthelawn]

Yes, I agree that for the average user, giving permission to both could be a hassle.

I can see 2 possible mitigations:

1. If the extension offers to add the permissions for the correct domains (IOW, not requiring the user to determine the domains).
2. If the server domains are most likely to be very limited (for example, youtube.com and a few others). In this case, the extension could come pre-configured with permissions for these domains.

[zWolfrost]

I'm sorry, but i don't think that writing down every domain that requires the permission is a good idea, i was searching for a more elegant approach, but the only one i've found so far is to just alert the user when he clicks the popup and the extension detects a not working video, which tells him to enable the permission. Would you like something like that?

[Gitoffthelawn]

I'm not sure I quite understand your idea. Are you thinking have no permissions to access any sites (by default), but then if the user clicks the extension's popup and the extension detects a non-working video, it will instruct the user to enable a permission to access all sites?

[zWolfrost]

Basically, when a video is located on the same domain as the main website, and doesn't need any permission to be boosted (apart from reading the main website) the extension works as intended, but if the video is stored on another domain, and it gets clicked without the permission, the pop-up prompts the user to enable the permission for all urls

[Gitoffthelawn]

That would be fine for me.

Would it be possible for advanced users to instead manually add permission for a domain (or even better, for a host)?

What I'm thinking: For most users, they would use the extension exactly how you explained above. But for users like myself, I would simply add permissions only for sites I know I need the extension to access.

(BTW, I imagine, personally, only wanting the extension to access 2-4 hosts, although I just started using it recently, so that's just an initial estimate.)

[zWolfrost]

I'll see what i can do. For now, i'll make the permission optional again. Wait for a new update, as i don't think i have much time in the foreseeable future

[zWolfrost]

I will definitely try to make adding new domains or hosts in the permissions as convenient as possible

[Gitoffthelawn]

Thanks so much. No pressure or rush. Have fun with it.

BTW, I parenthetically mentioned "or even better, for a host". Just to clarify, ideally, one could specify a domain or a host. Specifying an entire domain is typically overkill, but occasionally specifying a host can be too narrow if a site does something like employing host001.example.com, host002.example.com ... host999.example.com.

[zWolfrost]

Hi again, i just updated the extension to v1.8.0, where your problem is hopefully addressed. Please close the issue if you think it is :) (also, please report any bug you find! i did not troubleshoot the prompt as much as i would have wanted to...)

[Gitoffthelawn]

Thank you! So far, it is truly excellent!

The only issue I have faced is adding a specific host versus an entire domain. The workaround I've been able to employ is to go to the specific host and manually allow the permission using Firefox's UI. I'm not sure if this will always work, however (for example, if a host cannot be accessed directly from Firefox's urlbar).

I'll leave this open if you would like to reply.

[zWolfrost]

I have added the option to include website subdomains in v1.9.0 (of course, if the website doesn't have a subdomain, it will just prompt with the main domain, so i labeled the option with "when possible"). I will close this issue as it seems that i have fixed your problem :)

[Gitoffthelawn]

Thanks!