[Feature Request] For user privacy only allow access of data to user added Nostr client domains about nos2x-fox HOT 5 CLOSED

I think I may have answered my own question in a way.

Yes, that is the correct way of doing this, not on extension level. Extensions can decide not to load on certain domains, like Blockcore Notes does with an deny-list (stops from loading) and allow-list (shows green validated domain).

from nos2x-fox.

Good discussion! To be honest, I also was not happy with the "Access data from all websites". However I never did much research into it (thank you for doing it).

Given that there is no native way of putting that restriction in place, I don't know if it makes much sense to implement it at the extension level.
The reason I would like to restrict domains, as you mention in your first message, is in case I don't fully trust the extension. So, if the extension is the one handling that, I'm not much better. Let's say the extension has malicious code or is hacked somehow, the extension-level domain restriction won't do any good in preventing the attack.
To be honest, I'm not sure how helpful that could be.

from nos2x-fox.

I think I may have answered my own question in a way.

On Google Chrome you can do this now by going to extensions > extension details > site access > Allow this extension to read and change all your data on websites you visit > Can choose on click or on specific sites and define a list of sites or perform an 'on click' action to self-authorize reading or changing of data.

On FireFox the option is not readily available in the add-ons page. So, I still need to figure out how to do this.

from nos2x-fox.

I think I may have answered my own question in a way.

Yes, that is the correct way of doing this, not on extension level. Extensions can decide not to load on certain domains, like Blockcore Notes does with an deny-list (stops from loading) and allow-list (shows green validated domain).

After some research, I found out that Firefox does not yet support a setting for extensions to restrict 'Allow access to all domains data", unlike Chrome. The idea has been open for discussion for sometime now, but unavailable yet.

However, I think adding probably an options page input field to add domains and then controlling the 'content_scripts' permissions for 'matches' for list of user defined domains would be a nice to have.

from nos2x-fox.

Good discussion! To be honest, I also was not happy with the "Access data from all websites". However I never did much research into it (thank you for doing it).

Given that there is no native way of putting that restriction in place, I don't know if it makes much sense to implement it at the extension level. The reason I would like to restrict domains, as you mention in your first message, is in case I don't fully trust the extension. So, if the extension is the one handling that, I'm not much better. Let's say the extension has malicious code or is hacked somehow, the extension-level domain restriction won't do any good in preventing the attack. To be honest, I'm not sure how helpful that could be.

I agree! For now I have modified the extension to allow only domains I need it to give access to under content_scripts > matches from '<all_urls>' to the Nostr client domains, until Firefox adds this functionality in the browser itself. I was able to get it signed to self use.

I'll probably write a guide for others to maybe do the same or run it unsigned with the browser setting xpinstall.signatures.required as false. I'm not a fan of that change in Firfox configuration since it could lead to potentially having other extensions being installed maliciously, but I guess maybe a separate browser profile or browser could be used for Nostr.

I'll close this for now as I think I can work out with my modified extension's manifest.json. Thanks for the inputs everyone!

from nos2x-fox.