May Firefox team to add flag of strict mode for notification about addons that access to permissions?
I am control freak so because it I like Mozilla Firefox. So I need feature (inside about:config) that will
1. Notificate me about every access to every API that generate extensions (history access, bookmarks, webpage content, tabs access etc) 2. Ability to disallow/allow access inside these popups (permanently, session mode) 3. Such permission sandbox only for a list of addons (not all)
Chosen solution
The developers do want to add more user control over extension permissions; those have been on the "to do" list for a while. Those are focused on host permissions, which control the websites scripts can read data from and modify data in. Firefox needs to catch up to other browsers which added this feature in the past couple of years.
What about notification that an extension API was used in the past or is in the process of being called right now? Hmm, I don't know exactly how that would work; pausing a script with a popup probably would break the extension, because extension authors generally would not plan for that and, of course, if access were denied, the extension might stop working correctly. I don't think there is work under way on that. Possibly an idea for the future.
Mozilla's new "ideas" site is here: https://mozilla.crowdicity.com/
Read this answer in context 👍 1All Replies (4)
You can possibly use a policies.json file to restrict access, see:
Chosen Solution
The developers do want to add more user control over extension permissions; those have been on the "to do" list for a while. Those are focused on host permissions, which control the websites scripts can read data from and modify data in. Firefox needs to catch up to other browsers which added this feature in the past couple of years.
What about notification that an extension API was used in the past or is in the process of being called right now? Hmm, I don't know exactly how that would work; pausing a script with a popup probably would break the extension, because extension authors generally would not plan for that and, of course, if access were denied, the extension might stop working correctly. I don't think there is work under way on that. Possibly an idea for the future.
Mozilla's new "ideas" site is here: https://mozilla.crowdicity.com/
jscher2000 said
- pausing a script … break the extension … might stop working correctly
- Mozilla's new "ideas" site is here: https://mozilla.crowdicity.com/
1. Sure, because it I was saying about advanced about:config and session/trained rule mode. I think this feature will be run along a privacy trend (European GDPR, dying of independent browsers from Google, TOR browser is a potential consumer of such options etc) 2. Thank you for a website!
cor-el said
You can possibly use a policies.json file to restrict access, see:
May it control access to another non-active tabs/access to history? As I understood policies based on standard firefox flags, but my googling not shows me examples how I can even disable API for an addons.