Drop requirement for "Access your data for all websites" permission

Question

Drop requirement for "Access your data for all websites" permission

Opened this issue 7 years ago · 1 comments

The addon required the new permission "Access your data for all websites" to update (in addition to the reasonable "Clipboard access" one). I don't want to grant such a general permission.
Could you clarify why is it needed for RESTClient? Can you drop it or make it optional?

Answer 1 · 2018-02-01T01:19:47.000Z

Access your data for all websites permission is used for OAuth 2.0 authentication. In OAuth 2.0 RESTClient need to intercept the OAuth2 web service redirect endpoint, inject a content script for obtaining the access token. That redirect endpoint could be any website.

I don't know how to request a permission only when you need it (e.g. before you use OAuth 2.0), any pull request are welcome!