Project

General

Profile

Feature #73

Feature #72: Facilitate creation of "meta-sites"

Feature #71: Make it possible for injected scripts to bypass CORS

Implement a permissions system

Added by jahoti 4 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Start date:
08/02/2021
Due date:
% Done:

0%

Estimated time:

Description

This seems to be a common component of several security- and feature-related powers now. It probably deserves a standardized interface in order to reduce the burden of adding or removing various permissions in the future.

Please share your thoughts.

History

#1

Updated by jahoti about 2 months ago

Could potentially draw from or just use https://jshelter.org/ alongside Haketilo (still experimental).

#2

Updated by koszko about 2 months ago

If JSHelter turns out to be able to also work properly on sites modified by Hachette, running it in parallel would be the least problematic approach.

As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I personally don't consider this1 a priority as long as the scripts we're providing are somewhat trusted


  1. By "this" I mean security mechanisms like those in JSHelter. Permissions for CORS bypassing are still needed 

#3

Updated by jahoti about 2 months ago

As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I personally don't consider this1 a priority as long as the scripts we're providing are somewhat trusted

It definitely isn't at this stage, or possibly even into the future; I just wanted to make sure I didn't forget the idea.

Ideally there won't be any interference between the two and, as you note, we can have many of the benefits for no work!

Also available in: Atom PDF