Post

Replies

Boosts

Views

Activity

Reply to tabs.query only returns tabs with urls to which the user granted access - unlike on Chrome & Firefox
Hi Timothy, thank you very much for your timely and detailed reply. I think you understood my issue, but I am not sure, if I get your answer completely, so let me hit you with a few follow-up questions so I can make sure I understand you correctly. You said that The URL and title of the page is considered sensitive information. Calling tabs.query() should prompt the user for permission to the requested tabs (via a badged toolbar button or sometimes an alert) if permission has not already been granted. Then, my follow-up question is "What's the use of the tabs-permission?". I'll give more context so it's hopefully easier to understand where I am coming from here. On Chrome and FireFox (where my Extension is already running) the user is only asked for her consent (to the "tabs"-permission) once at the time of installing the extension. After that, is does not matter which URLs / websites the user currently has opened in her respective tabs: The user can always open the extension Pop-Up and search through all her tabs (i.e. the tabs.query is called) without being asked for any further permission. So that's where I see the difference. Can you confirm this? Am I getting this correctly? Now you may also understand *why* I added the <all_urls>-permission: Safari is supposed to ask for permission depending on the URLs / websites which are currently open, *as you said*, but I wanted to establish the same behavior I have on Chrome & FireFox. So I suppose the third and final question now is: Will this difference in behavior remain in Safari? If yes, it seems like I need to add the <all_urls>-permission to enable a seamless user experience. I uploaded the XCode project and the "Resources"-folder of the extension on the feedback-ticket, but it's all open-source as well: The tabs.query-call is here: https://github.com/janraasch/tab-ahead/blob/master/app/scripts/popup.coffee#L45 The manifest.json is to be found at: https://github.com/janraasch/tab-ahead/blob/master/app/manifest.json And here is the manifest.json is I played around with to make it work on Safari w/o all the permission-popups: https://github.com/janraasch/tab-ahead/blob/safari/app/manifest.json If you want to checkout how the behavior is on Chrome you can download the extension from https://chrome.google.com/webstore/detail/tab-ahead/naoajjeoiblmpegfelhkapanmmaaghmi For Firefox go to https://addons.mozilla.org/en-US/firefox/addon/tab-ahead-firefox/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search. Let me know, if you need anything else. Kind regards and thank you, Jan
Sep ’20
Reply to tabs.query only returns tabs with urls to which the user granted access - unlike on Chrome & Firefox
Hi Timothy, thank you again for replying so quickly and in such a professional fashion 👍🏻. Now everything is 100% understood. I see why you would think you need to add <all_urls>, since that shows the "Always Allow on Every Website…" button in preferences. Safari should give users that option when just the "tabs" permission is used, since there is an expectation that tab managers like yours need access to all tabs. I will use your feedback request to track changes to Safari in that area. I really appreciate you moving forward with this 💯. Thanks for the info and feedback! Absolutely. Kind regards, Jan
Sep ’20