New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't require permission to access <all_urls>
#14
Comments
<all_urls> is not in the permissions list though, it's just a match pattern for the content scripts, so that they are injected in any URL. Theoretically I could manually inject the scripts and styles one by one when the user changes the active tab, but this would slow the users down, besides AFAIK it's best practices to use content scripts for any script that should be persistent in any website. |
You could remove the content scripts entirely then use |
Also it's not a question, it's a suggestion |
Yeah but if I did that it wouldn't be as responsive (having to load the whole thing every time), plus I feel like content scripts are just expected of Chrome Extensions anyway. I do use the executeScript method on install (since content scripts don't automatically get added on existing tabs), and I did try doing it "on demand" (by checking if the tab had the extension injected or not), it just took longer. |
First, what did you inject? It's quite possible to only inject the HTML, then asyncronously load in the scripts, styles, etc, Also it could be faster if you used some web accessible resources It's already slow, that's a whole separate issue, it wouldn't need to load much, loading in a content script takes a matter of milliseconds, if you're saying that querying tabs and bookmarks would take a long time you can simply poll in background then when the user presses a keyboard shortcut return the cached, then get a fresh copy and update UI. To my knowledge you are querying everything when the shortcut is pressed, so this wouldn't make much of a difference in time. That way the data flow would look like this:
Also, I'm not sure if you're already doing this or not, but a massive performance improvement would be to do the searching in the background, that way you can also show a loading animation in the page and not slow down the main page
Seeing a "this extension can access the contents of all pages you visit, your browsing history, and your bookmarks" makes me hesitate to install, and I'm sure many other users, which may be part of why this repo has +400 stars, but your extension only has 66 users: |
I can look into it again, if it can remove a permission and still perform as well that's definitely worth it for sure. I'll be working on optimizations anyway to make it work faster so it could definitely work. In terms of stats btw, they aren't updating, it always takes a few days to show the actual user count. From the dashboard I can see there's over 1000 installs, so I don't know if this permission is really causing users to hesitate. That said it is true that some permissions really do put people off. Like I've had concerns especially regarding the "history" permission for example. But maybe it's more a matter of messaging, with my Screenity extension I made it very clear that no data was being stored and I reassured users more. |
Also what do you think about using optional permissions, e.g. just require the tabs permission at first (by default tabs and actions), then if a user tries to use something else request an optional permission, also maybe some occasional toasts to nudge users in the right direction. If I'm installing an extension and it wants to read my browsing history, all urls, etc, that's sort of scary. But if I install it then when I turn on a feature it asks for a permission like that, I'll be much more likely to grant it.
Oh, that's fair lol, happens to me too
I think optional permissions are a huge plus here, that's pretty much what they're meant for, if you show a toast 1/3 random times if the user doesn't have history or bookmarks permissions granted yet, then a big enable button, chances are, they'll grant it. |
It's totally possible to make this extension respond to a command or user action rather than request permission to all_urls. This is an unnessecary permission, only
activeTab
is needed.The text was updated successfully, but these errors were encountered: