Fenix: need more site permissions settings

See also #3457 for fonts, pictures and JavaScript.

cc @vesta0

As I wrote in #3457, I will mock permissions for fonts, pictures and JS here.

Under Settings → Site permissions, we could have three new line items. In alphabetical order, they are:

• Images
• JavaScript
• Web fonts

Unlike camera or microphone, the value for all three settings should default to _Allow_.

One exception is JavaScript, where the _Blocked_ line item could have a caption like “Will cause websites to break”. Here, I’m reusing the copy of desktop Enhanced Tracking Protection → Cookies → All cookies. We should rethink and possibly rewrite it.

These permissions are managed like all other permissions:

• By default, they’re set to _Allow_, not _Ask to allow_. This means that Fenix won’t show any notification while you browse.
• They’re managed on a per-site basis. Simply go to any website and tap the Site information panel. You can block or allow images manually from there.

@brampitoyo
Is it possible to separate audio and video auto play block?
Also is it possible to add few more permissions?

Popups and redirects
Clipboard
Cookies

@sheikh-azharuddin

Pop-ups and redirects are usually malicious, and should be blocked by default. Therefore:

• Our default policy is “Block”
• We don’t expose it as an alterable permission in Site permissions. Allowing them will hurt user experience.

I think you’re asking for us to expose this permission, so you can manually alter it. Can you think of a use case in mind for allowing pop-ups and redirects on all sites?

Is it for testing purposes, or the principle that users should be able to fully customise the browser, or something else?

For this, and for other permissions that are potentially harmful if allowed or blocked (for example: JavaScript), I’d be very comfortable putting them under Developer options.

If we do put them under Site permission settings, caveat texts should be included:

• JavaScript
  Block
  Will cause websites to break
• Pop-ups and redirects
  Allow
  Websites could unexpectedly navigate to new pages that contain security risk

(Both of the above are example strings – not final).

Clipboard permissions sounds sensible.

And Cookies permissions are already covered under Enhanced Tracking Protection → Custom

@brampitoyo thanks for your consideration. Yes please include popup under site permissions with default set to "block". If user need he can allow it. The desktop version and other chromium browsers also has it . So it will allow consistency. Besides for few rare sites pop ups are required. Example reward portal of banking site which opens in a new tab, web training links of company portal etc. You can include the caveat string which sounds more logical. Else ignore this request. No issue 😊

Cookies: this is present in other chromium browser apart from etp. In firefox too we already have the settings but under preference which only advance user will know example blocking 3rd party cookies. You can easily bring it to the UI. 😊

Please check below screenshot for reference-

Under Settings → Site permissions, we could have three new line items. In alphabetical order, they are:

* Images

* JavaScript

* Web fonts

Unlike camera or microphone, the value for all three settings should default to _Allow_.

One exception is JavaScript, where the _Blocked_ line item could have a caption like “Will cause websites to break”. Here, I’m reusing the copy of desktop Enhanced Tracking Protection → Cookies → All cookies. We should rethink and possibly rewrite it.

These permissions are managed like all other permissions:

* By default, they’re set to _Allow_, not _Ask to allow_. This means that Fenix won’t show any notification while you browse.

* They’re managed on a per-site basis. Simply go to any website and tap the Site information panel. You can block or allow images manually from there.

@brampitoyo Image blocking/allowing is a feature that we want for next quarter? I think we had a similar feature in FF desktop and we removed it, right now we don't have GeckoView support for it.

Right just double checked - we have the existing GV settings exposed for javascript and web fonts

@Amejia481 @ekager I don’t consider these site permissions as important as the ones we already have today, because Enhanced Tracking Protection does blocking in a much smarter way, and with less chance of breaking sites (although I acknowledge the fact that some users want granular-level choice over every feature of the browser, we have to balance it against the burden of shipping and supporting too many features all at once).

I support shipping only the permissions that can be exposed via GV, for now. This means that images permission will wait for GV support one day – that’s fine.

@betsymi could you give copy feedback on web fonts and javascript settings from this comment? https://github.com/mozilla-mobile/fenix/issues/11460#issuecomment-648556996

How do you access the settings of the site you're currently on? The page info sheet has no buttons in it. :/