This behavior caused us to get blanket permissions for an extension I worked on in the past. We’d add a new permitted URL to support a newly integrated site, only to have the extension disable itself for all our customers, most of which wouldn’t even use that new integration.<p>While I understand the reasoning behind such an automated disabling, but it probably could be done better. Like delaying the update (and the disabling part) until the user made a choice.<p>Also very hard to inform users of this issue after it has occurred. Caused us so much trouble. Also a reason we went with the admittedly less safe blanket permission.
<p><pre><code> This was annoying to me - a nerd - and a bad teaching moment for my parents - computer illiterates - that just learned to click "OK" to add new permissions, so that they could use the password manager again, without really knowing "why".
This was the perfect storm of s**t choices by all involved.
The browsers - rather than disabling the extension, should have just kept the old permissions and fail/ask for new permissions for the .5% of people that will be using the native application to enable biometric unlocking.
Bitwarden - knowing that Firefox didn't allow this permission to be optional - should have held back until Firefox did implement it, or simply should have disabled the feature on Firefox.</code></pre>
This update makes it clear the importance of displaying the changelog along with the new permissions request. With FireFox I had to manually go to the extension page and find/read the release notes to understand the new permission.
Noticed this yesterday and opened chrome web store to perhaps read what new functionality new permissions do bring, but found NO information. Disappointed.<p>Ofcourse reading this github issue I only now found that they introduced Biometrics. <a href="https://bitwarden.com/help/article/biometrics/#browser-extensions" rel="nofollow">https://bitwarden.com/help/article/biometrics/#browser-exten...</a>
When this update popped up, I seriously thought something was wrong since the new permission didn't make any sense. Disabled update across everywhere I use extension.
The amount of entitlement ringing through the comments on the issue is crazy. It really makes me frustrated to see as it just adds fire to putting companies off the idea of developing open source software.