Description
Ideally, Fraidycat should aim for the minimum permissions needed. (In fact, in my Beaker Browser prototype, it asks for permission on every new domain that I hit.)
Right now the permissions requested look like this in Chrome:
And like this in Firefox:
So, let's go through the actual list in the manifest, because I want to see what I can eliminate.
"http://*/" and "https://*/"
This allows me to make requests to the sites that we're grabbing feeds from. However, this also grants me access to browser history and data for all websites!
This is one I'd really like to fix!! I don't need browser history or personal credentials - I just need fetch to work for any URL. (The credentials options set to omit would be fine!)
So - this is the biggest question. Can I just get vanilla HTTP(S) access?
"storage" and "unlimitedStorage"
The first is definitely needed. I'm storing a lot of data locally. This is what allows me to run this without a server.
I also add unlimitedStorage because I actually ran out of space in Vivaldi! It caps out at 5 MB. (If you have 1,000 follows, that's 5k per follow - which is tight.)
I think I can do better here by supplying usage information and getting better about cleaning out history.
"tabs"
This is one I think I can somehow get rid of. Right now I only use this to launch Fraidycat using this line:
browser.browserAction.onClicked.addListener(tab => {
browser.tabs.create({url: "index.html"})
})
That's it! So perhaps I can accomplish this some other way.