I learned about Chrome disabling an extension when new permissions are added the hard way.
When I add new features to my extension I need to add new sites in the permissions list. Now I know I should have used optional_permissions.
My questions are:
- If I move the site's list from
permissions to optional_permissions does the user need to approve those sites again? or just the ones that I add over time.
Could any of these changes cause the extension to be disabled?:
a. I add sites in the matches section of an entry in content_scripts
b. I add sites in the matches section of an entry in externally_connectable
Is there a way to define externally_connectable in optional_permissions?
Related links: chrome.permissions | Permission Warnings
Update: When Chrome disabled my extension I had added in the manifest one site on content_scripts > matches and externally_connectable with a matches site. The latter shows a new line in the permissions warnings saying "Communicate with cooperating websites". I'm not sure which change caused the disabling, that's why I ask about externally_connectable too.
In order to test when extensions are disabled by Chrome I created a private extension in the Chrome Web Store.
I started with a simple definition for manifest.json and then I added fields and settings one by one. For each test, I:
- uploaded a new version to the store
- waited for Google to publish the extension (this took a lot of time!)
- forced the extension update on a testers' account
- writed down the results
After 13 tests, this is what I've found:
Changes in manifest that DISABLE the extension
- Adding an entry at
"content_scripts" > "matches" [Warning: "Read and change your data on example.com"]
- Adding
"externally_connectable" > {"ids", "matches"} [Warning: "Communicate with cooperating websites"]
Changes in manifest that did NOT disabled the extension (no warnings)
- Adding
"declarativeContent" permission
- Adding
"optional_permissions" > all hosts
- Adding an entry at
"externally_connectable" > "ids" (after externally_connectable was accepted)
- Adding an entry at
"externally_connectable" > "matches" (after externally_connectable was accepted)
- Adding an entry of a host without permissions at
"externally_connectable" > "matches" (after externally_connectable was accepted)
- Adding
"incognito": "split"
- Adding
"content_security_policy" > script-src URL
- Adding
"web_accessible_resources"
Plus, permissions listed at permission_warnings#nowarning docs.
I probably did some silly tests like "web_accessible_resources", but I prefer that than having Chrome disabling my extension again.
Special test
Since I'm moving to optional_permissions, all hosts listed in permissions are removed. So, I wanted to know what would happen with the disabled extension when a new update does not have the problematic permission anymore:
Update 1: a new host is added at "content_scripts" > "matches" => Extension disabled
Update 2: the problematic host is removed from "content_scripts" => Extension ENABLED again
To conclude, if you made a mistake you can release a new version rolling back the changes that caused the extension to be disabled.
If I move the site's list from permissions to optional_permissions does the user need to approve those sites again? or just the ones that I add over time.
The answer is straightforward, no. Chrome stores all permissions given to the extension over time. So, only the new hosts on optional_permissions need to be approved.
- If I move the site's list from permissions to optional_permissions does the user need to approve those sites again? or just the ones that I add over time.
New users: yes, they will need to approve it.
Existing installs that get updated: most likely no.
Consider: even if you completely remove a permission, and then put it back again, it is still considered granted.
The general documentation quote is: "Chrome prompts the user if adding the permissions results in different warning messages than the user has already seen and accepted."
Could any of these changes cause the extension to be disabled?:
a. I add sites in the matches section of an entry in content_scripts
b. I add sites in the matches section of an entry in externally_connectable
a. Adding matches to content_scripts is equivalent to giving full host permissions and will cause your extension to be disabled if it's a new host. If you already had host permissions for that host, it will not be disabled.
b. I don't know. In theory, this does not grant your extension any new permissions, so it shouldn't.
- Is there a way to define externally_connectable in optional_permissions?
As per docs, no. It's not a permission to begin with.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 啃猪蹄的小仙女 的文章《Moving permissions to optional on chrome extension》','https://www.manongdao.com/article-622099.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}