I'm trying to publish my chrome extension but it's appears and i don't use permissions for active tab
Because of the following issue, your extension may require an in-depth
review:
- Broad host permissions Instead of requesting broad host permissions, consider using the activeTab permission, or specify the sites that
your extension needs access to. Both options are more secure than
allowing full access to an indeterminate number of sites, and they may
help minimize review times.
The activeTab permission allows access to a tab in response to an
explicit user gesture.
{ ... "permissions": ["activeTab"] } If your extension only needs to
run on certain sites, simply specify those sites in the extension
manifest: { ... "permissions": ["https://example.com/*"] }
My Manifest litterally don't have activeTab permissions
{
"name" : "AZSolusindo VPN",
"description" : "VPN Solusindo",
"permissions" : [
"proxy",
"tabs",
"unlimitedStorage",
"storage",
"<all_urls>",
"webRequest",
"webRequestBlocking",
"http://azsolusindo.info/*",
"http://127.0.0.1/*"
],
"background" : {
"scripts" : [
"background.js"
]
},
"browser_action" : {
"default_icon": {
"16" : "images/vpnoff.png",
"32" : "images/vpn32.png",
"48" : "images/vpn48.png",
"128" : "images/vpn128.png"
},
"default_title": "AZ VPN",
"default_popup": "popup.html"
},
"commands": {
"_execute_browser_action": {
"suggested_key": {
"default": "Alt+Shift+O",
"mac": "Alt+Shift+O",
"chromeos": "Alt+Shift+O",
"linux": "Alt+Shift+O"
},
"description": "Open Pop Up."
}
},
"content_scripts": [
{
"matches": [
"http://azsolusindo.info/vpn/index.php/template",
"http://127.0.0.1/AzVPN/public/template"
],
"js": ["JS/content.js"],
"run_at": "document_end"
}
],
"version" : "0.9.5.1",
"manifest_version" : 2
}
Is there anything i need to change ?
What’s getting flagged is your <all_urls> permissions entry. The message is saying that requesting such broad permissions is going to require a more in-depth review for your extension.
If you only need host permissions in a few places, then declare the specific hosts in your permissions array. As the message suggests, you can also use the activeTab permission if all you need is tab-related information and lifecycle events (such as tab id, URL, etc.).
If you do in fact potentially need full permissions on any given webpage, then there’s not much you can do here - your extension will need to go through the extended review.
Related
I want to navigate SharePoint in Teams tab app by clicking button as below, but it doesn't work properly only in MS Teams Mobile app(works with desktop), it shows the loading screen.
var url= https://${DOMAIN_URL}/_layouts/15/teamslogon.aspx?spfx=true&dest=/${SITE_URL};
window.location.replace( url );
is there any reason for that ?
manifest similar to this
"staticTabs": [
{
"entityId": "16f1325347cb",
"name": "Portals7",
"contentUrl": "https://my-site-url.io/Tab?loginHint={loginHint}&userObjectId={userObjectId}&userPrincipalName={userPrincipalName}&tenantId={tid}&locale={locale}&theme={theme}&userPrincipalName={userPrincipalName}",
"websiteUrl": "https://my-site-url.io/Tab",
"scopes": ["personal"],
"supportedPlatform" : ["desktop"]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"my-site-url.io",
"*.login.microsoftonline.com",
"*.sharepoint.com",
"*.sharepoint-df.com",
"spoppe-a.akamaihd.net",
"spoprod-a.akamaihd.net",
"resourceseng.blob.core.windows.net",
"msft.spoppe.com"
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://{teamSiteDomain}"
}
}
It seems to be a manifest error, we need to provide all supported platforms.
"supportedPlatform": [ "desktop","mobile","teamsMeetingDevices" ]
I've been trying to migrate one of my Chrome extensions to manifest v3, and I'm having trouble with the page_action. In manifest v3, the page_action and browser_action are merged into action, which is all good, but it's not clear to me how I can get the behavior I had previously with the new APIs.
A bit of background; the extension in question is only supposed to run on one host (let's say https://example.com). As such, I want to grey out the icon on pages with a different host. It has a popup with some settings but the main functionality is inserted via a content script (this works).
The old extension using manifest v2 used
{
"manifest_version": 2,
"name": "...",
"description": "...",
"version": "...",
"permissions": ["declarativeContent", "storage", "https://example.com/", "tabs"],
"page_action": {
"default_icon": { ... },
"default_popup": "popup.html"
},
"background": {
"scripts": ["background.js"],
"persistent": false
},
"icons": { ... },
"content_scripts": [{
"js": ["content.js"],
"matches": ["https://example.com/*", "https://www.example.com/*"]
}]
}
and in background.js I used
chrome.runtime.onInstalled.addListener(function(){
const pageUrl = {hostEquals: 'www.example.com'};
const {
onPageChanged,
PageStateMatcher,
ShowPageAction
} = chrome.declarativeContent;
onPageChanged.removeRules(undefined, function(){
onPageChanged.addRules([{
conditions: [new PageStateMatcher({pageUrl})],
actions: [new ShowPageAction()]
}]);
});
});
this works fine and the icon gets greyed out except on https://example.com. When migrating, the manifest looks like
{
"manifest_version": 3,
"name": ...,
"description": ...,
"version": ...,
"permissions": ["storage", "tabs", "declarativeContent", "activeTab"],
"background": {"service_worker": "service-worker.js"},
"action": {
"default_icon": { ... },
"default_popup": "popup/index.html"
},
"icons": { ... },
"content_scripts": [{
"matches": ["*://*.example.com/*"],
"js": ["content/detect-theme.js"]
}]
}
I cannot seem to get this to work properly. I've tried adding host_permissions, removing the declarativeContent-related code (as it doesn't seem to affect the icon whatsoever) but the extension stays available on all hosts. I know I can use the chrome.action.enable and chrome.action.disable methods to simulate this behavior but it seems overkill for such a simple use-case.
Actually, the action being available even on other pages is not breaking by any means, but I would like to make it more clear to my users that the extension only does things on https://example.com and nowhere else. Perhaps this is not even the right approach; if it isn't, I accept that as an answer as well.
TLDR; how do I only enable the (page-)action on a specific host with manifest v3?
Had the same issue myself, and I just solved it!
I fixed it by disabling the extension in the handler before adding the activation rule. I've removed the actual handler for brevity.
chrome.runtime.onInstalled.addListener(() => {
chrome.action.disable(); // The important line!
// actual handler...
});
I would guess that ShowPageAction doesn't disable the extension by default anymore.
I'm just publishing a Google Chrome extension and I run into the error message: "Because of the following issue, your extension may require an in-depth review:
- Broad host permissions"
And whilst I know why this is (see snippet of manifest code) I wonder what the best way to fix it is?
I know this is to do with the wildcards I'm using and I have now published the extension with specific websites to test it works as intended (it does). But for the extension to be truly effective I want it to work more universally.
"content_scripts" : [{
"matches" : [ "http://*/*","https://*/*" ],
"exclude_globs" : [ "*.jpg","*.jpeg","*.gif","*.png","*.bmp","*.webp",
"*.css","*.swf","*.js","*.zip","*.rar","*.tar","*.tar.gz","*.tgz","*.tar.bz2","*.tbz2",
"*.doc","*.docx","*.ppt","*.pptx","*.xls","*.xlsx","*.pdf","*.xml","*.txt",
"*.mpg","*.mpeg","*.qt","*.mp4","*.m4v","*.m4a","*.mp3","*.ogv","*.ogm","*.ogg","*.oga","*.webm","*.wav",
"*.","*." ],
"css" : [ "css/inject.css" ],
"js" : [ "js/jquery.js" , "js/inject.js" ],
"run_at" : "document_start"
}],
"web_accessible_resources" : [
"html/iframe/*",
"src/options/options.html"
],
"permissions" : [
"tabs"
"activeTab",
"webRequest",
"http://*/*",
"https://*/*",
"storage"
]
}
I thought this would be a regularly asked question, but I can not find the answer for it.
Is there a way for a chrome extension to have it's browser action popup available only on content_scripts matching pages?
Eg: I make an extension for a site. I want the popup to only be available when browsing the site (on the current tab). How do I do?
For me the browser action is always enabled by default, whatever page I'm browsing, and page action never enabled.
Thanks for your help
EDIT: Here is part of the manifest, I changed with pageAction with No success. I want my icon to activate only on tabs browsing LDLC.
{
"content_scripts": [
{
"js": [ "jquery.min.js", "scrooge.js" ],
"matches": [ "*://www.ldlc.com/fiche/*", "*://ldlc.com/fiche/*" ]
}],
"manifest_version": 2,
"permissions": [ "storage", "activeTab","*://ldlc.com/*", "*://scroogealpha.esy.es/*" ],
"page_action": {
"default_title": "Worth buying?", // optional; shown in tooltip
"default_popup": "popup.html" // optional
},
"web_accessible_resources": [
],
"background":{
"scripts" : ["eventPage.js"],
"persistent": false
}
}
Use a page action and in your background script listen for tab changes. When a tab url changes, check if you want to show the page action.
In your background script do something like this:
let matches = ["://www.ldlc.com/fiche/", "://ldlc.com/fiche/" ]
chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
for (let i in matches) {
if (tab.url.includes(matches[i])) {
chrome.pageAction.show(tabId)
break
}
}
})
Also add the tabs permission in your manifest.
i am facing an odd problem when i try to publish my chrome extension via the web store. Every time i upload the zip file i get this error:
An error has occurred: Can not contain the access permissions to the file.
I even tried to upload a zip file that contains only the manifest file but i am still having the same error.
Any idea ?
Thanks
Manifest file :
{
"name": "__MSG_plugin_name__",
"version": "0.0.0.1",
"manifest_version": 2,
"description": "__MSG_plugin_description__",
"browser_action": {
"default_icon": "images/ST_19.png",
"default_title": "__MSG_plugin_title__",
"default_popup": "popup.html"
},
"icons":{
"16": "images/ST_16.png",
"48": "images/ST_48_1.png",
"128": "images/ST_128.png"
},
"default_locale": "en",
"permissions": [
"contextMenus",
"tabs", "http://*/*", "file:///*","https://*/*", "ftp://*/*"
],
"background": {
"persistent": false,
"scripts": ["scripts/jquery.min.js","scripts/utils.js", "scripts/menus.js","scripts/logic.js"]
}
}
So i isolated the thing: ""file:///*"" was wrong and since i want the extension to run on any opened url, i used "" as a permission.
Change in the manifest file is :
"permissions": [
"contextMenus",
"tabs", "<all_urls>"
]
Thanks everybody
Yes, ndongo is correct and Chrome is complaining that it does not have a domain or path (just like the other protocols).
The way you must write your URLs must be protocol://domain/path (note you can use * or ?)
So you can replace "file:///*" with "file:///*/*" or use "<all_urls>"