Detect if the user has enabled the optional permissions
Closed this issue · 4 comments
@bgins I think we've got a cold start problem if we choose to keep the needed permissions as optional. We should investigate whether we can detect if permissions have been granted from the extension at run time, and advise the user that the extension will not be functional without them enabled.
OR, is it possible to just make all the permissions we need, requested at install time? I feel like for a developer audience this will be fine.
Adding a note that this discussion relates to the Firefox version of the extension. It's worth looking at the Chrome version as well.
Capturing the flow in Firefox. When installing the extension from https://addons.mozilla.org/en-US/firefox/addon/odd-devtools/, I am first prompted for permissions:
If I select "Cancel", the extension is not installed. On selecting "Add", I am prompted a second time:
Running in private windows is optional. @therealjeffg is the running in a private window the optional permission you are referring to?
Adding some more detail. The host permissions are the optional permissions in question. After initial installation, they look like:
A user must allow these permissions manually. We've updated the description of the extension to inform developers of what needs to be done (https://addons.mozilla.org/en-US/firefox/addon/odd-devtools/)
ODD Devtools requires host permissions to access the data sent from the ODD SDK. Open about:addons and open the permissions tab for ODD Devtools. Permission can granted for localhost, 127.0.0.1, or all websites depending on your use case.
We are also planning on adding an error page that detects when the necessary permissions have not been granted.
In the long-term, users may be prompted at install time: https://discourse.mozilla.org/t/how-to-ask-user-to-grant-permissions-for-access-your-data-for-all-websites-through-a-prompt-during-the-installation-process/110637/4
However, host permissions will likely be treated as optional in general. A user will still have the option to decline the permissions and install the extension, which means we will need the error page either way.
We have explored the possibility of requesting permissions at runtime on user interaction, but this doesn't appear to be an option at present because the permissions API is not available in the devtools or panel contexts. We have asked for help on the Mozilla Discourse: https://discourse.mozilla.org/t/requesting-permissions-in-a-devtools-panel-manifest-v3/114117
Lastly, and not in any way an immediate solution, we have proposed that the activeTab permission be invoked when a developer selects the devtools panel: w3c/webextensions#386. This change would let us completely avoid host permissions because we only need them to inject our content script.
Our rough plan is to implement the following:
- The extension displays a "permissions required" view when permissions are missing
- The "permissions required" view explains that ODD Devtools requires permission to access data sent from web pages to the extension
- The "permissions required" has a UI element that the user selects to open the extension's options page
- The options page opens in a new tab at a special extension-specific URL (which indicates this page is not on the web)
- In the options page, the user grants the required permissions to extension. Possibly we explain more in this page.