Reputation: 1737
Use captureVisibleTab without manifest permissions
Is there a way to use captureVisibleTab without setting the "http://*/*" and "https://*/*" , "*://*/*" permissions.
Upvotes: 0
Views: 498
Answers (2)
Reputation: 77523
If you are using activeTab permission, then an explicit user gesture grants you the necessary (temporary) permissions for the current tab.
User gestures that qualify:
- Executing a browser action
- Executing a page action
- Executing a context menu item
- Executing a keyboard shortcut from the
commandsAPI- Accepting a suggestion from the
omniboxAPI
Basically, the user has to manually "call" your extension from one of the visible user interfaces or through a keyboard shortcut.
This gives you the necessary permissions for tabs API for the currently active page, until it's closed or user navigates away from the page.
Upvotes: 0
Reputation: 4236
No, there isn't a way to do this. As of Chrome 11, captureVisibleTab requires host permission in order to capture the contents of a URL. Otherwise an extension could (for example) capture the contents of http://www.example.com/action-token, OCR the contents and use it for XSRF attacks, all without the user realizing that the extension has access to that private data.
Upvotes: 1
Related Questions
- activeTab permissions not working as expected - Chrome Extension
- Chrome's captureVisibleTab without extension
- activeTab permission issue for Chrome extension
- captureVisibleTab returning undefined
- Using both activeTab and serial permissions
- Chrome captureVisibleTab in content script
- Chrome Tabs.CaptureVisibleTab is Undefined
- How to captureVisibleTab and save it to png file on server side?
- Google Chrome Extension: captureVisibleTab problem
- captureVisibleTab of non-visible tab