Closed ferBonnin closed 4 years ago
google developer's transition guide around permissions: https://developer.chrome.com/extensions/runtime_host_permissions
In order to improve our chances to not get flag with Pending review (which takes 5~7 bussiness days acording to google developer support) we need to change our current permissions. Basically, remove "https://*/*", "http://*/*", "file://*/*"
and add "activeTab"
.
"activeTab"
gives us permission to inject javascript and css to the target page in a tab-by-tab basis and only when the user activate our extension in the context of a tab (thus, we get the permissions for said tab, not all the tabs). The user can activate an extension by at least a couple of means:
"_execute_browser_action"
on the manifest)This permissions are granted for as long the tab lives, and it's not revoked when the tab goes "not active" (meaning, when a different tab gets active), so we can still try to scan a page (from a details view associated with it) when its tab is not active.
The downside of using "activeTab"
permissions is: this breaks our e2e tests. This comes from a couple of details:
"activeTab"
permissions as we are not activating the extension from a tab context.We have a couple of approaches we need to try:
"Shift + Ctrl + K"
) so we can activate the extension from a tab.
'<all_urls>'
permission.
Describe the bug
Our canary releases are "in pending review" by the Chrome web store. Canary is stuck since 10/24, push to insider took 1.5 days and Playground is also not in review.
Let's review Google's guidance and check if there is any permissions we can remove/edit to avoid having a compliance review for each release.
Expected behavior
release should be available as fast as it was before (<1 hour)
Additional context
This is blocking our ability to do fast development