Reputation: 848
How to remove the permission warning "Read and change all your data on the websites you visit"?
I have created a Chrome extension to provide additional functionality on my web site.
While adding my extension a user seed the message that the extension would be able to "Read and change all your data on the websites you visit".
How can I remove this permission?
Currently I haven't finalized the domain of site. Can I use some other mechanism to recognize my site (instead of domain)?
Upvotes: 3
Views: 2993
Answers (2)
Reputation: 3605
Domain names are the only way to specify a specific site. If you don't know the domain yet, then optional permissions are your best bet.
See also https://developer.chrome.com/extensions/permission_warnings#warnings for descriptions of what causes warnings. Per that, it can be caused by any of the following:
- "debugger" permission
- "pageCapture" permission
- "proxy" permission
- A match pattern in the "permissions" field that matches all hosts
- A "content_scripts" field with a "matches" entry that matches all hosts
- "devtools_page"
Usually, it is a wildcard match pattern in permissions, e.g. http://*/*. If you have a browser action or page action, then you can use Active Tab permission to be able to access the page content without requesting permission to the specific site.
Upvotes: 7
Reputation: 349182
Since you are in full control of the website and the extension, you could use externally_connectable to enhance your website. This manifest key allows code on your website to initiate and maintain a communication channel between the website and your extension. Then you can implement the platform-independent parts (e.g. UI with HTML & CSS) in your website, delegate the Chrome-specific parts to the extension, and use the messaging API to communicate between the page and extension.
The warning that users receive will be less scary:
Permissions:
- Communicate with cooperating websites
If your extension doesn't need to run on the website, but only needs to be able to send HTTP requests to your website (e.g. via an API), then you could add CORS headers to the website to allow the extension to make requests.
You could also use optional permissions to support new sites via content scripts. With this method, Chrome doesn't show any warnings upon installation. A disadvantage of this method is that your users have to approve another permission request before they can use your extension on your website.
Upvotes: 5
Related Questions
- Chrome 89.0.4389.114 Extension Permissions (Manifest V3)
- Chrome extension tabs permissions shows "Read your browsing history"
- Chrome Extension - asking for new permissions
- Moving permissions to optional on chrome extension
- Remove chrome extension's "See browsing history" permission request
- Improve permission warning for chrome.webNavigation
- Chrome Extension Permissions
- webRequest permission malformed
- Chrome extension permission (read data in a website)?
- warning when http://*/* is included in manifest