“广泛的主机权限”尽管只有一个主机具有权限,但Webstore警告 [英] "Broad host permissions" Webstore warning despite only one host in permissions
问题描述
我正在尝试发布Chrome扩展程序但是,当我尝试时,会显示以下消息:
I'm trying to publish a chrome extension but, when I try, this message appears:
由于以下问题,您的扩展程序可能需要深入审核:
Because of the following issue, your extension may require an in-depth review:
- 广泛的主机权限
请考虑使用activeTab权限,或指定扩展程序需要访问的网站,而不是请求广泛的主机权限。这两个选项都比允许完全访问不确定数量的站点更安全,并且它们可以帮助最小化审核时间。
Instead of requesting broad host permissions, consider using the activeTab permission, or specify the sites that your extension needs access to. Both options are more secure than allowing full access to an indeterminate number of sites, and they may help minimize review times.
activeTab权限允许访问选项卡以响应明确的用户手势。
The activeTab permission allows access to a tab in response to an explicit user gesture.
{
...
"permissions": ["activeTab"]
}
如果您的分机只需要在某些网站上运行,只需在扩展清单:
If your extension only needs to run on certain sites, simply specify those sites in the extension manifest:
{
...
"permissions": ["https://example.com/*"]
}
My manifest具有以下权限:
My manifest has those permissions:
{
"manifest_version":2,
"name": "Online Console",
"version":"1.0",
"description": "Simulador de consola de Online",
"browser_action":{
"default_icon": "icon24.png",
"default_popup": "primero.html"
},
"permissions": [ "activeTab", "https://google.com" ],
"content_scripts": [{
"js": [ "jquery.min.js" ],
"matches": [ "http://*/*", "https://*/*" ]
}]
}
为什么我会收到此警告以及如何解决?
Why am I getting this warning and how to solve it?
推荐答案
在内容脚本中拥有主机匹配会隐式授予您主机权限。
Having a host match in content scripts implicitly grants you host permissions.
因此,您的有效主机权限为*:// * ,这就是你需要解决的问题。
So, your effective host permissions are "*://*", and that's what you need to fix.
如果你有activeTab权限来激活你的用户手势扩展,你需要jQuery,首先以编程方式在代码之前注入。
If you have activeTab permissions to activate your extension on user gesture, and you need jQuery, just inject that first programmatically before your code.
不要只是在需要之前不加选择地将jQuery注入每个页面以防万一。因此,您的 content_scripts 部分需要完全(或限制为https://google.com到匹配显式权限)
Don't just indiscriminately inject jQuery into every page "just in case" before it's needed. So, your content_scripts section needs to go completely (or be restricted to "https://google.com" to match explicit permissions)
这篇关于“广泛的主机权限”尽管只有一个主机具有权限,但Webstore警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
