Did anything change recently with left hand side handling ?


  • Administrator

    It will be fixed soon, we did some changes around plugins in a cooperation with @rittels. We missed this issue. Thanks for reporting.


  • Paraglider

    Thanks for all your replies and @marekd for taking care of this. You are awesome !


  • Code contributor

    @vicb @Yves70 @marekd @ivo

    Hi. My fault, sorry. I know what I did wrong and it will be fixed with the next release.

    You should notice a few changes in the gallery. The plugin cards can be rearranged, by dragging them up and down. You can preselect an approved plugin: www.windy.com/plugins/windy-plugin-sounding. Data from the querystring will be passed to the plugin with the next release.

    Please play with it and let me know if there are any other bugs.


  • Paraglider

    Thanks @rittels.

    I saw a few changes recently and no worries for the small glitch I reported. The only way to not make mistakes is when you do nothing :)

    Do you have plans to auto-load plugins (without confirmation) ?
    Do you have plans to make plugin available from the mobile app / mobile browser (without having to type the direct URL) ?

    Thanks for all the updates.


  • Code contributor

    @vicb

    No, the proviso for autoloading and passing the querystring is that the user be warned that they are loading an experimental plugin, and have the opportunity to return to Windy.

    Mobile app: Security risk with loading an external script into the app.

    However, I do not want to speak for the Windy developers.


  • Administrator

    @rittels is right, in a mobile application you can access almost any user data, even list of installed apps etc... so external plugins will not be allowed for applications yet. Maybe at some point, but currently we have no security mechanism to allow it.

    And similarly for auto-loading. User must approve running 3rd-party code, we have no responsibility for that.


  • Meteorologist

    @marekd
    I agree with you but once we decide to load a plugin (computer, tablette,...) and we open it to use it, why do we still have to reopen it each time we open Windy ?


  • Administrator

    @Yves70 The problem is there is no version controlling. Once someone approve any plugin, we do not check version. That is why it is approved only for the current session. It would be possible to allow loading plugin without any confirmation for the exact version which was approved by the user. But it is not supported at the moment. Also, we would need to check every changes with every new version of every each plugin, as Google or Apple does it, but we have no capacity for that. I do not say it remains like that forever, but we do not want to change it in the nearest future.


  • Meteorologist

    @marekd
    Ok, now I fully understand, thank you !


  • Paraglider

    @marekd said in Did anything change recently with left hand side handling ?:

    in a mobile application you can access almost any user data, even list of installed apps etc...

    Could you really do that from Javascript ?

    I do understand your point of not allowing auto-loading and I think it is reasonable. I am only asking that question out of curiosity as I never thought JS would allow that.

    It would be really great to find a way to sandbox the plugins as asking user for confirmation is only a way to push to responsibility to the user but does not solve this problem otherwise. Have you already thought about or explore some solutions ?

    I need to think more about it but would running the plugin in an iframe be a solution ? It could use messages to communicate with windy and then only have whatever public subset of the API exposed.


  • Administrator

    @vicb Creating plugin API and plugin sandboxing would solve this, but it is quite complex project with unsure result. Yes, javascript has an access to Cordova and Cordova has an access via its plugins to many native functions. iOS is quite safe, because user has to confirm (face id, password) any try to access his/her private data. Android, especially in some older versions, is totaly unsecured.


Log in to reply
 

Windyty, S.E. - all rights reserved. Powered by excellent NodeBB
NodeBB & contributors, OSM & contributors, HERE maps
Terms and Conditions     Privacy Policy