Upgrade StorageLeast-Privilege Chrome Permissions: Allow "On click" / Per-site access
## Summary
In Chrome, if Zotero Connector "Site access" is set to "On click" (or otherwise not granted on all sites), the Connector shows a "Site Access Permissions Required" prompt. If I choose "Continue anyway", the Connector then fails to communicate with Zotero Desktop and reports that Zotero isn't running (Portuguese UI: "Zotero esta rodando?" / "O Conector Zotero nao conseguiu se comunicar com a aplicacao Zotero desktop"), even though Zotero Desktop is running.
This looks like a permissions model issue: in least-privilege setups, Chrome may withhold host access not only to the current website, but also to the Connector's localhost bridge (`http://127.0.0.1:23119/`). As a result, users trying to reduce broad website access end up breaking desktop connectivity.
## Why This Matters
Many users consider broad "read and change data on all websites" permissions a privacy and security concern. Chrome actively encourages least-privilege extension permissions. It would be valuable if Zotero Connector could support a mode where:
- The Connector does not have access to every website by default.
- When the user clicks the toolbar icon, the Connector can request/activate access for the current site.
- The Connector can still communicate with Zotero Desktop via localhost.
I am not suggesting changing the default permission model for everyone. Some features (for example saving linked PDFs from a context menu, especially on authenticated sites) may require per-site access for cookies/requests, and a least-privilege mode should remain opt-in with clearly documented tradeoffs.
## Environment
- Browser: Chrome (version: TODO)
- OS: Windows (version: TODO)
- Zotero Desktop version: TODO
- Zotero Connector version: TODO
## Steps To Reproduce
1. Install Zotero Connector in Chrome.
2. In `chrome://extensions`, open Zotero Connector -> Details.
3. Change "Site access" to "On click".
4. Ensure Zotero Desktop is running.
5. Browse to any page where the Connector normally detects an item.
6. Click the Zotero Connector toolbar icon.
7. When prompted "Site Access Permissions Required", click "Continue anyway".
## Actual Behavior
- Connector displays "Zotero is running?" / fails to communicate with Zotero Desktop.
## Expected Behavior
One of the following would be acceptable:
- If the current page has been granted access (via "On click"), the Connector should be able to save and communicate with Zotero Desktop.
- If localhost access is missing, the Connector should explicitly prompt to grant localhost access (not just global web access).
## Notes / Suspected Cause
- Connector communicates with Zotero Desktop via `http://127.0.0.1:23119/`.
- With "On click" / per-site permissions, Chrome may block access to `127.0.0.1:23119`, causing the Connector to appear offline.
- The current prompt appears to assume the only valid state is broad `https://*/*` access.
## Suggested Improvement (Incremental, Backwards-Compatible)
Keep the current default behavior for users who want "On all sites", but add better support for least-privilege users.
Proposed minimal fix:
1. Split permission checks into two categories: website access (per-site or global), and localhost bridge access (`http://127.0.0.1:23119/*` and optionally `http://localhost:23119/*`).
2. Update the "Site Access Permissions Required" flow so "Continue anyway" does not proceed into a confusing "Zotero isn't running" state when the real problem is missing localhost permission.
Future enhancement (optional, can be a separate issue if preferred):
1. Add a documented "Least-Privilege / Manual mode": default to minimal host access; on toolbar click, request access for the current origin and then inject/run save logic; always ensure localhost bridge permission is granted so desktop communication works.
In Chrome, if Zotero Connector "Site access" is set to "On click" (or otherwise not granted on all sites), the Connector shows a "Site Access Permissions Required" prompt. If I choose "Continue anyway", the Connector then fails to communicate with Zotero Desktop and reports that Zotero isn't running (Portuguese UI: "Zotero esta rodando?" / "O Conector Zotero nao conseguiu se comunicar com a aplicacao Zotero desktop"), even though Zotero Desktop is running.
This looks like a permissions model issue: in least-privilege setups, Chrome may withhold host access not only to the current website, but also to the Connector's localhost bridge (`http://127.0.0.1:23119/`). As a result, users trying to reduce broad website access end up breaking desktop connectivity.
## Why This Matters
Many users consider broad "read and change data on all websites" permissions a privacy and security concern. Chrome actively encourages least-privilege extension permissions. It would be valuable if Zotero Connector could support a mode where:
- The Connector does not have access to every website by default.
- When the user clicks the toolbar icon, the Connector can request/activate access for the current site.
- The Connector can still communicate with Zotero Desktop via localhost.
I am not suggesting changing the default permission model for everyone. Some features (for example saving linked PDFs from a context menu, especially on authenticated sites) may require per-site access for cookies/requests, and a least-privilege mode should remain opt-in with clearly documented tradeoffs.
## Environment
- Browser: Chrome (version: TODO)
- OS: Windows (version: TODO)
- Zotero Desktop version: TODO
- Zotero Connector version: TODO
## Steps To Reproduce
1. Install Zotero Connector in Chrome.
2. In `chrome://extensions`, open Zotero Connector -> Details.
3. Change "Site access" to "On click".
4. Ensure Zotero Desktop is running.
5. Browse to any page where the Connector normally detects an item.
6. Click the Zotero Connector toolbar icon.
7. When prompted "Site Access Permissions Required", click "Continue anyway".
## Actual Behavior
- Connector displays "Zotero is running?" / fails to communicate with Zotero Desktop.
## Expected Behavior
One of the following would be acceptable:
- If the current page has been granted access (via "On click"), the Connector should be able to save and communicate with Zotero Desktop.
- If localhost access is missing, the Connector should explicitly prompt to grant localhost access (not just global web access).
## Notes / Suspected Cause
- Connector communicates with Zotero Desktop via `http://127.0.0.1:23119/`.
- With "On click" / per-site permissions, Chrome may block access to `127.0.0.1:23119`, causing the Connector to appear offline.
- The current prompt appears to assume the only valid state is broad `https://*/*` access.
## Suggested Improvement (Incremental, Backwards-Compatible)
Keep the current default behavior for users who want "On all sites", but add better support for least-privilege users.
Proposed minimal fix:
1. Split permission checks into two categories: website access (per-site or global), and localhost bridge access (`http://127.0.0.1:23119/*` and optionally `http://localhost:23119/*`).
2. Update the "Site Access Permissions Required" flow so "Continue anyway" does not proceed into a confusing "Zotero isn't running" state when the real problem is missing localhost permission.
Future enhancement (optional, can be a separate issue if preferred):
1. Add a documented "Least-Privilege / Manual mode": default to minimal host access; on toolbar click, request access for the current origin and then inject/run save logic; always ensure localhost bridge permission is granted so desktop communication works.
The Zotero connector does have to run on every pageload to detect whether a page is supported; I don't think that's reasonably changeable or even prefable: the entire translator architecture relies on this. E.g., Zotero looks for DOIs, Embedded Metadata etc. on pages when they load.