CODEWITHSUNDEEP
google-chrome-extensiongoogle-chrome-app
Jon
Jon

Reputation: 492

"Broad host permissions" error, despite me having narrow host permissions

When I publish Chrome extension, I get the below warning. I'm not requesting broad host permissions, just permissions on 8 specific domains:

Because of the following issue, your extension may require an in-depth review: - Broad host permissions Instead of requesting broad host permissions, consider using the activeTab permission, or specify the sites that your extension needs access to. Both options are more secure than allowing full access to an indeterminate number of sites, and they may help minimize review times.

The activeTab permission allows access to a tab in response to an explicit user gesture.

{   
    "manifest_version": 2,
    "name": "My Amazing Extension", 
    "version": "1.3",
    "description": "It's great", 
    "icons": {
        "16": "img/icon16.png",
        "32": "img/icon32.png",
        "48": "img/icon48.png",
        "128": "img/icon128.png"
    },
    "browser_action": {
        "default_title": "My Amazing Extensions"
    },
    "background": {
        "scripts": ["background.js"]
    },
    "content_scripts": [
    {
        "run_at": "document_start",
        "matches": ["*://www.domain.com/*", "*://www.domain.co.uk/*", "*://www.domain.ca/*", "*://www.domain.de/*", "*://www.domain.fr/*", "*://www.domain.es/*", "*://www.domain.it/*", "*://www.domain.in/*"],
        "js": ["content0.js"]
    }],
    "web_accessible_resources": [
        "font.css",
        "AZSDstyle.css",
        "font.woff2",
        "img/*"
    ],
    "permissions": [
        "activeTab",
        "storage",
        "*://www.domain.com/*",
        "*://www.domain.co.uk/*",
        "*://www.domain.ca/*",
        "*://www.domain.de/*",
        "*://www.domain.fr/*",
        "*://www.domain.es/*",
        "*://www.domain.it/*",
        "*://www.domain.in/*"
    ],
    "content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'"
}

Upvotes: 2

Views: 1204

Answers (1)

Jon
Jon

Reputation: 492

As @wOxxOm mentions in his comment, it was likely being rejected because the detector is a bit buggy, potentially because of * in the scheme.

In my case the extension was approved within 30 mins which is unusually quick if there had been actual 'broad permissions' issues which in past experience have taken a week or more to be approved.

Replacing *:// with http:// and https:// on separate lines would likely have avoided this error in the first place.

Upvotes: 2

Related Questions