Feature: Privacy Notice Consent popup for Firefox #99
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Something I forgot to mention, the consent popup explicitly only shows up for Firefox and not for any other fork or Chromium based Browser. The extension will just work as it has previously, except for Firefox. |
| let consent_refused = document.getElementById('consent-refused'); | ||
| let consent_given = document.getElementById('consent-given'); | ||
| consent_refused.addEventListener("click", (obj) => { | ||
| window.close() |
There was a problem hiding this comment.
I think this should prompt the user to uninstall/disable the extension, if we can, as per Mozilla guidelines: https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/
|
Very nice! Thank you for this @Morpheus0x ❤️ Can we prompt the user to uninstall the extension if they do not consent? |
Happy to help 😃 I don't think that's possible. After quite a bit of googling, I didn't find anything, even though it is referenced twice on the page you linked (also at the very bottom image). That is why I implemented an additional safeguard if the user closes the popup and then tries to enable the watcher. Edit: I will ask on the Mozilla Discourse what should be done according to these docs |
Co-authored-by: Erik Bjäreholt <[email protected]>
|
Got a very quick response from discourse and implemented remove extension. My safeguard is still valid, since the popup could just be closed, which doesn't remove the extension. |
|
This should be my last commit for this feature. I forgot to add support to skip the consent window by setting the enterprise policy, see Adding policy support to your extension for info. I have added the needed enterprise policy to the readme. Edit: I tested this again with latest Firefox and Chromium |
|
Any timeline for merging this PR? I would like to start working on #82 and don't want to get into any merge conflicts |
|
I'm on vacation, but can merge it straight away in the meantime so you can keep working :) |
|
Thanks again for working on this @Morpheus0x ❤️ |
Awesome, thanks, have a relaxing time.
Sure, no problem 😉 |
|
Is the extension going to re-appear in the extension store soon then? Can I do anything to help with this? |
* created consent page with style and js * implemented ask consent popup * renamed refuse button, since an extension can't uninstall itself * implemented extra consent button, if first popup was denied * extra script for installed listener needed to execute in time * implemented button actions * various bug fixes and made compatible with chrome * cleanup * added explicit semicolon Co-authored-by: Erik Bjäreholt <[email protected]> * implemented remove extension on consent refused * implemented giving consent using enterprise policy * added firefox enterprise policy example * fixed typo Co-authored-by: Erik Bjäreholt <[email protected]>
This pull request addresses the issue raised here. This should satisfy the Mozilla addon review team. I have written a small Privacy Notice in
static/consent.html, no idea if this is enough and if it can be used as a privacy policy for the whole addon...I have added a saveguard to the normal addon popup page. If the user dismisses the privacy notice, the enable checkbox is disabled and a button is shown that shows the consent popup again.
I tested this with latest Firefox and Chromium.