“Broad host permissions” Webstore warning despite only one host in permissions

问题:

I'm trying to publish a chrome extension but, when I try, this message appears:

Because of the following issue, your extension may require an in-depth review:

• Broad host permissions

Instead of requesting broad host permissions, consider using the activeTab permission, or specify the sites that your extension needs access to. Both options are more secure than allowing full access to an indeterminate number of sites, and they may help minimize review times.

The activeTab permission allows access to a tab in response to an explicit user gesture.

{   ...   "permissions": ["activeTab"] } 

If your extension only needs to run on certain sites, simply specify those sites in the extension manifest:

{   ...   "permissions": ["https://example.com/*"] } 

My manifest has those permissions:

{  "manifest_version":2,  "name": "Online Console",  "version":"1.0",   "description": "Simulador de consola de Online",  "browser_action":{   "default_icon": "icon24.png",   "default_popup": "primero.html"  },  "permissions": [ "activeTab", "https://google.com" ],    "content_scripts": [{     "js": [ "jquery.min.js" ],     "matches": [ "http://*/*", "https://*/*" ]  }] } 

Why am I getting this warning and how to solve it?

回答1:

Having a host match in content scripts implicitly grants you host permissions.

So, your effective host permissions are "*://*", and that's what you need to fix.

If you have activeTab permissions to activate your extension on user gesture, and you need jQuery, just inject that first programmatically before your code.

Don't just indiscriminately inject jQuery into every page "just in case" before it's needed. So, your content_scripts section needs to go completely (or be restricted to "https://google.com" to match explicit permissions)

文章来源: “Broad host permissions” Webstore warning despite only one host in permissions