This repository has been archived by the owner on Feb 4, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Flam3rboy edited this page Apr 18, 2021
·
4 revisions
- Plugins are executed in their environment to prevent security issues
- Plugins can create their own UI and loaded in a separate view (similar to vscode extensions)
- Plugins can access the component Api and therefore extend the client UI
- Plugins can access the WebSocket Connection/Rest API and intercept/transform events
- Plugins are restricted and can only do actions with the corresponding permission
- Plugins should be accessible through a store that needs to verify the plugins (with dev options to sideload plugins/add other stores)
- Can't access the user's token (token plugins should rather be directly integrated into the client (e.g. account switcher))
- All permissions must meet the purpose of the plugin and must justify why they need the certain permission to be approved
- Shouldn't be able to make any request, except it:
- Requests permission to access the api of the network
- Requests permission to access a specific domain (e.g. plugins backend)
- Requests permission to access all domains
- Shouldn't be able to intercept events, except it:
- Requests permission to a specific event(s)
- Requests permission to all events
- Needs to request permission to be able to extend extend the client's UI