Chrome Extension: webNavigation while limiting permissions scope
I have a Chrome extension that watches for an extra query parameter in a url on certain sites. I'm adding functionality to a new site and the issue I'm running into is that the site redirects to a different url and strips out my custom query before my content script can load.
It looks like I can get around this by using the webNavigation API in my background script and adding a listener for chrome.webNavigation.onCommitted. The problem is that by adding webNavigation permissions into my manifest, I'm now asking for permission to "Read your browsing history." I've put a lot of time into trying to limit the scope of my extension permissions to certain sites and I really don't want to ask the user for carte blanche permission like this.
I've found two other threads on SO about this issue, but in one, the user found a workaround that I don't think will work in my case (although if someone has a suggested workaround, I'm all ears), and the other suggests that by adding a filter to the listener declaration, it will limit the permissions request. That answer was not accepted as correct and, indeed, I'm not seeing any permissions difference whether or not I have a filter.
Is it simply not possible to achieve what I'd like to do and also limit the scope of the permissions warning? Or am I missing something? Thanks.
My webNavigation listener declaration:
chrome.webNavigation.onCommitted.addListener(function(e)
//Can dig out my query parameter from e
console.log(e);
,
url: [hostContains: "[NAME OF HOST]"]
);
javascript
google-chrome google-chrome-extension asked Nov 11 '18 at 20:01
typingm
495
|
show 1 more comment
I have a Chrome extension that watches for an extra query parameter in a url on certain sites. I'm adding functionality to a new site and the issue I'm running into is that the site redirects to a different url and strips out my custom query before my content script can load.
It looks like I can get around this by using the webNavigation API in my background script and adding a listener for chrome.webNavigation.onCommitted. The problem is that by adding webNavigation permissions into my manifest, I'm now asking for permission to "Read your browsing history." I've put a lot of time into trying to limit the scope of my extension permissions to certain sites and I really don't want to ask the user for carte blanche permission like this.
I've found two other threads on SO about this issue, but in one, the user found a workaround that I don't think will work in my case (although if someone has a suggested workaround, I'm all ears), and the other suggests that by adding a filter to the listener declaration, it will limit the permissions request. That answer was not accepted as correct and, indeed, I'm not seeing any permissions difference whether or not I have a filter.
Is it simply not possible to achieve what I'd like to do and also limit the scope of the permissions warning? Or am I missing something? Thanks.
My webNavigation listener declaration:
chrome.webNavigation.onCommitted.addListener(function(e)
//Can dig out my query parameter from e
console.log(e);
,
url: [hostContains: "[NAME OF HOST]"]
);
javascript
google-chrome google-chrome-extension asked Nov 11 '18 at 20:01
typingm
495
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
1
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions ofpermissions: ['tabs'], origins: ['http://www.google.com/']will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.
– typingm
Nov 12 '18 at 8:21
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22
|
show 1 more comment
I have a Chrome extension that watches for an extra query parameter in a url on certain sites. I'm adding functionality to a new site and the issue I'm running into is that the site redirects to a different url and strips out my custom query before my content script can load.
It looks like I can get around this by using the webNavigation API in my background script and adding a listener for chrome.webNavigation.onCommitted. The problem is that by adding webNavigation permissions into my manifest, I'm now asking for permission to "Read your browsing history." I've put a lot of time into trying to limit the scope of my extension permissions to certain sites and I really don't want to ask the user for carte blanche permission like this.
I've found two other threads on SO about this issue, but in one, the user found a workaround that I don't think will work in my case (although if someone has a suggested workaround, I'm all ears), and the other suggests that by adding a filter to the listener declaration, it will limit the permissions request. That answer was not accepted as correct and, indeed, I'm not seeing any permissions difference whether or not I have a filter.
Is it simply not possible to achieve what I'd like to do and also limit the scope of the permissions warning? Or am I missing something? Thanks.
My webNavigation listener declaration:
chrome.webNavigation.onCommitted.addListener(function(e)
//Can dig out my query parameter from e
console.log(e);
,
url: [hostContains: "[NAME OF HOST]"]
);
javascript
google-chrome google-chrome-extension asked Nov 11 '18 at 20:01
typingm
495
I have a Chrome extension that watches for an extra query parameter in a url on certain sites. I'm adding functionality to a new site and the issue I'm running into is that the site redirects to a different url and strips out my custom query before my content script can load.
It looks like I can get around this by using the webNavigation API in my background script and adding a listener for chrome.webNavigation.onCommitted. The problem is that by adding webNavigation permissions into my manifest, I'm now asking for permission to "Read your browsing history." I've put a lot of time into trying to limit the scope of my extension permissions to certain sites and I really don't want to ask the user for carte blanche permission like this.
I've found two other threads on SO about this issue, but in one, the user found a workaround that I don't think will work in my case (although if someone has a suggested workaround, I'm all ears), and the other suggests that by adding a filter to the listener declaration, it will limit the permissions request. That answer was not accepted as correct and, indeed, I'm not seeing any permissions difference whether or not I have a filter.
Is it simply not possible to achieve what I'd like to do and also limit the scope of the permissions warning? Or am I missing something? Thanks.
My webNavigation listener declaration:
chrome.webNavigation.onCommitted.addListener(function(e)
//Can dig out my query parameter from e
console.log(e);
,
url: [hostContains: "[NAME OF HOST]"]
);
javascript
google-chrome google-chrome-extension javascript
google-chrome google-chrome-extension asked Nov 11 '18 at 20:01
typingm
495
asked Nov 11 '18 at 20:01
typingm
495
edited Nov 11 '18 at 20:08
asked Nov 11 '18 at 20:01
typingm
495
asked Nov 11 '18 at 20:01
typingm
495
asked Nov 11 '18 at 20:01
typingm
495
495
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
1
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions ofpermissions: ['tabs'], origins: ['http://www.google.com/']will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.
– typingm
Nov 12 '18 at 8:21
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22
|
show 1 more comment
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
1
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions ofpermissions: ['tabs'], origins: ['http://www.google.com/']will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.
– typingm
Nov 12 '18 at 8:21
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
1
1
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions of
permissions: ['tabs'], origins: ['http://www.google.com/'] will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.– typingm
Nov 12 '18 at 8:21
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions of
permissions: ['tabs'], origins: ['http://www.google.com/'] will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.– typingm
Nov 12 '18 at 8:21
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22
|
show 1 more comment
1 Answer
1
active
oldest
votes
I was able to figure out a workaround for my situation. I don't think this will work for everyone, but using the webRequest API allowed me to intercept the page load request before the redirect and store my query string for later. The webRequest API also didn't ask for any permissions beyond what I was already asking for via a content-script>matches array in my manifest.json file, which causes Chrome to ask for permission to "Read and change your data on a number of websites" and then lists those websites.
chrome.webRequest.onBeforeRequest.addListener(
function(details)
//details.url contains my query string
var url = details.url;
return;
,
urls: ['*://*.mysite.com/*'],
types: ['main_frame'] //Filters out all the js,css,ajax,etc requests
);
answered Nov 12 '18 at 6:53
typingm
495
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252685%2fchrome-extension-webnavigation-while-limiting-permissions-scope%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I was able to figure out a workaround for my situation. I don't think this will work for everyone, but using the webRequest API allowed me to intercept the page load request before the redirect and store my query string for later. The webRequest API also didn't ask for any permissions beyond what I was already asking for via a content-script>matches array in my manifest.json file, which causes Chrome to ask for permission to "Read and change your data on a number of websites" and then lists those websites.
chrome.webRequest.onBeforeRequest.addListener(
function(details)
//details.url contains my query string
var url = details.url;
return;
,
urls: ['*://*.mysite.com/*'],
types: ['main_frame'] //Filters out all the js,css,ajax,etc requests
);
answered Nov 12 '18 at 6:53
typingm
495
add a comment |
I was able to figure out a workaround for my situation. I don't think this will work for everyone, but using the webRequest API allowed me to intercept the page load request before the redirect and store my query string for later. The webRequest API also didn't ask for any permissions beyond what I was already asking for via a content-script>matches array in my manifest.json file, which causes Chrome to ask for permission to "Read and change your data on a number of websites" and then lists those websites.
chrome.webRequest.onBeforeRequest.addListener(
function(details)
//details.url contains my query string
var url = details.url;
return;
,
urls: ['*://*.mysite.com/*'],
types: ['main_frame'] //Filters out all the js,css,ajax,etc requests
);
answered Nov 12 '18 at 6:53
typingm
495
add a comment |
I was able to figure out a workaround for my situation. I don't think this will work for everyone, but using the webRequest API allowed me to intercept the page load request before the redirect and store my query string for later. The webRequest API also didn't ask for any permissions beyond what I was already asking for via a content-script>matches array in my manifest.json file, which causes Chrome to ask for permission to "Read and change your data on a number of websites" and then lists those websites.
chrome.webRequest.onBeforeRequest.addListener(
function(details)
//details.url contains my query string
var url = details.url;
return;
,
urls: ['*://*.mysite.com/*'],
types: ['main_frame'] //Filters out all the js,css,ajax,etc requests
);
answered Nov 12 '18 at 6:53
typingm
495
I was able to figure out a workaround for my situation. I don't think this will work for everyone, but using the webRequest API allowed me to intercept the page load request before the redirect and store my query string for later. The webRequest API also didn't ask for any permissions beyond what I was already asking for via a content-script>matches array in my manifest.json file, which causes Chrome to ask for permission to "Read and change your data on a number of websites" and then lists those websites.
chrome.webRequest.onBeforeRequest.addListener(
function(details)
//details.url contains my query string
var url = details.url;
return;
,
urls: ['*://*.mysite.com/*'],
types: ['main_frame'] //Filters out all the js,css,ajax,etc requests
);
answered Nov 12 '18 at 6:53
typingm
495
edited Nov 12 '18 at 19:56
answered Nov 12 '18 at 6:53
typingm
495
answered Nov 12 '18 at 6:53
typingm
495
answered Nov 12 '18 at 6:53
typingm
495
495
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252685%2fchrome-extension-webnavigation-while-limiting-permissions-scope%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Use optional permissions.
– wOxxOm
Nov 12 '18 at 4:38
1
Thanks. I don't think this necessarily solves the problem. It just kicks the can down the road for when you're asking for key-to-the-castle permissions. Figured out a workaround, see below, that happened to work in my situation but it won't be universally applicable.
– typingm
Nov 12 '18 at 6:51
I didn't have the webRequest permission before, but in adding it, Chrome requested no additional permissions. Before and after adding webRequest, the permission Chrome asked for was to "Read and change your data on a number of websites." And then it listed several websites, which I had laid out in a content-script>matches array in my manifest.json. I need to run a contentscript on those sites, so that permissions scope makes sense.
– typingm
Nov 12 '18 at 8:16
I figured out the webRequest workaround before I saw your solution, so I haven't played with optional permissions, but looking at the documentation, it seems like optional permissions are still asking for too much, even if you limit their scope. Documentation says that requesting optional permissions of
permissions: ['tabs'], origins: ['http://www.google.com/']will ask the user to "Access your data on www.google.com" and "Access your tabs and browsing activity." Even if you're limiting the scope, it still seems to be asking for everything.– typingm
Nov 12 '18 at 8:21
Sorry for the confusion. I didn't know webRequest doesn't add its own permission notice. Could you add this bit of info to your answer? I think it's crucial. I mean rephrase it so that it's more clear.
– wOxxOm
Nov 12 '18 at 8:22