Treestyletab: Describe why the "Access all data in all pages" permission is now required

It is required to run this script https://github.com/piroor/treestyletab/blob/master/webextensions/common/handle-accel-key.js (I forgot to include this to 2.2.5...) to notify "ctrl key is pressed/released" to TST's background page. For more details, see #1531.

Sorry I misunderstood. The message is shown due to the permission cookies. It is required to know the container of each tab (Work, Private, etc.) by TST. Without this permission, TST cannot colorize container tabs.

But my container tabs were colored even with the previous version, before the permission was asked... Are you sure it is really needed?

Basically addon author don't know which permission is reported at the installation dialog, so my descriptions above are possibly wrong. Instead I describe about the actual list of permission listed here:

https://github.com/piroor/treestyletab/blob/387104c8a5a6e67f96c00b601564249224b3fa68/webextensions/manifest.json#L7-L18

• activeTab: This is possibly not required, because this can be covered by other permissions. (This permission seems to be designed for a simple addon working only for the current tab.) I need to do more research about this...
• bookmarks: Required to create bookmarks from tree.
• contextMenus: Required to add context menu for tabs.
• contextualIdentities: Required to provide a feature to create new container tab.
• cookies: Required to detect which container each tab belongs to.
• notifications: Required to show notification messages like "8 tabs are bookmarked."
• sessions: Required to store relations of tabs (tree structure).
• storage: Required to persist configurations of TST itself.
• tabs: Required to see url, title, favicon of each tab.
• theme: Required to fetch theme colors (tab and toolbar) actually applied by other addons.

And, there is another permission for content scripts:

https://github.com/piroor/treestyletab/blob/387104c8a5a6e67f96c00b601564249224b3fa68/webextensions/manifest.json#L54-L63

This is required to detect the Ctrl key is pressed/released on website to start/end switching of tabs via Ctrl-Tab/Ctrl-Shift-Tab. See also #1531.

By the way, legacy addons had much powerful permissions including local file access, thus TST 2.x has definitely less privileges than TST 0.19.x.

And I've researched about the message "Access your data for all websites". It is defined at:
https://dxr.mozilla.org/mozilla-central/source/browser/locales/en-US/chrome/browser/browser.properties#123
And it is used at:
https://dxr.mozilla.org/mozilla-central/rev/fc194660762d1b92e1679d860a8bf41116d0f54f/toolkit/components/extensions/Extension.jsm#832
<all_urls> produces the message, so my first comment is correct and the second is wrong. The message seems appear after the commit 0f74d538591662a51953a599e06081135ae606e2 to implement #1531.

I love TST and I can understand why this change was made. Unfortunately, this permission request will likely violate my company's IT policy. I will be unable to upgrade to any newer version of TST on my work machines unless this permission request is removed.

@piroor Thanks for the explanation... Personally I don't require this colorization if I have to grant this permission. It's not good bang for the buck. Don't know if this feature is all that useful.

I think it would be best to let users chose not to grant certain permissions and still install an add-on. I could very well life without colorized tabs, but am rather unwilling to give such a wide ranging permission to an add-on.

@beatstick I think that's something you have to suggest on Bugzilla, since I think it's outside the scope of TST.
If I had to trust any addon developer it would be @piroor, though.

@piroor Thanks for those explanations.

I'm still confused though, and also quite curious, as to what it is about handle-accel-key.js that requires this permission?

All that file seems to do is register some event listeners, so it doesn't make sense to me why it would need to access "your data for all websites"? I.e. that sounds like it's getting access to localStorage, cookies, etc., but what do those have to do with event listeners?

Reading your comment above, it sounds like it's not that handle-accel-key.js needs that permission, but that the <all_urls> key appears here:

"matches": ["<all_urls>"], 

That seems almost like a bug, as though in order to listen to events on pages, FF has to grant blanket access to scripts to be able to read all data as well.

It just seems like there's got to be a better way, at the very least, the ability to request permissions not upfront but only if certain features are enabled. This is how iOS does it for example. I can use an app without giving it access to my photos, etc.

As commented at https://github.com/piroor/treestyletab/issues/1536#issuecomment-344988739 I think it is serious issue that lately TST is blocked from just one feature by security policy. Thus I've turned the feature optional and now TST won't require <all_urls> permission by default.

Now the permission is not requested by default, so I close this as fixed.