Multi-account-containers: Option to not prompt for "Open this site in your assigned container?"

@groovecoder I think we discussed this at one point right?

The rationale here is basically that it prevents the user from being sent to: https://bank.com/pay/account?user=bad&amount=100000

Without this a website could potentially XSS you again and also craft a clever redirection link to break through the containers advantages also.

Given this, if we were to do this I would like the global allow to be more educational than just a tick box. I also think it should be container specific still.

The rationale here is basically that it prevents the user from being sent to: https://bank.com/pay/account?user=bad&amount=100000

Without this a website could potentially XSS you again and also craft a clever redirection link to break through the containers advantages also.

Okay, so the concern is that a site in your dodgy sites container can redirect you to a site in your banking container, where you might be already logged in and thus be exposed? I guess that makes sense as a concern (although that sounds like it might be more an issue with the banking website).

Given this, if we were to do this I would like the global allow to be more educational than just a tick box. I also think it should be container specific still.

Fine by me, doing it containers.length times is a lot better than doing it for every site. FWIW I don't use containers for the security reasons, I just like to have different sessions for work/personal/coding (with the neat hide all tabs from this container option etc.). So I'm not too bothered by the security issues.

I think doing it on a per-container basis _should_ resolve some of those security issues (you'd leave it unchecked for your banking container).

(although that sounds like it might be more an issue with the banking website).

It is, however until same site cookies become popular and well used this is still a high risk that we are preventing with containers.

I think doing it on a per-container basis should resolve some of those security issues (you'd leave it unchecked for your banking container).

Agreed, I just would like some nice tutorial that you have to click through that explains the risks. (users don't read often nor are the privacy/security risks obvious)

Is there any progress on this? I would love that feature!

They still like the prompt page...why o WHY?

Operator: Unplugs computer from wall.
Computer: Are you sure?
:rofl:

I would love to see this feature implemented as well. I understand the concern raised by @jonathanKingston and it's a valid concern however most people are simply accepting the "Open this site in your assigned container?" with the "Remember my decision for this site" checked and now they're exposed if a vulnerability exists and the extra dialog is just a nuisance the first time. If you allow that "Remember my decision for this site" option then why not in the "Multi-Account Containers" settings page add an "Auto Open This Site in" which assumes your consent for "Remember my decision for this site" and gives you one warning the first time you ever use that functionality and that's it.

So for anything sensitive use "Always Open This Site in" and that continues to work the way it did before (possibly take away the "Remember my decision for this site" option and the "Auto Open This Site In" can assume consent.

I just want to reiterate that I really love Multi-Account Containers and thank you for creating and working on it. I myself am surprised at how annoying it is to achieve the "Auto Open This Site in" functionality with the current options. It comes up frequently and especially for sites that require a login it results in you having to login 2 times and can be frustrating.