Explicitly allow plugins to use 'request'

Use case or problem

I tend to search “request” in repos of new plugins I use to double check what they’re doing phoning out of obsidian. Most don’t, and generally if they do it’s for something sensible. But I’d like peace of mind that if I update a plugin it will continue not to phone out.

Proposed solution

Adding a little button toggle to community plugins (disabled by default) that enables/disables the plugins ability to use the request API.

Potentially the plugin could specify in its manifest if it needs the API, which would enable it by default when downloaded. This way users that don’t understand what it is or why they should care wouldn’t be blind-sided by a plugin not functioning when it should. More technical users can just skim their list and see which plugins have it enabled and disable any that they don’t think should be making requests.

This can’t be done. I suggest to read this discussion https://forum.obsidian.md/t/security-of-the-plugins/7544. If you have security concerns and still want to use plugins, I advise you to run obsidian in a containerized environment.