New issue
Advanced search Search tips

Issue 913870 link

Starred by 2 users

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Extension Permissions are showed as allowed "On All Sites" even after restricting to our Domain

Reported by mohan.ka...@motorolasolutions.com, Dec 11

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36

Steps to reproduce the problem:
1. Create an Chrome Extension 
2. Update the manifest file content_scripts.matches = "*://example.com/*"
3. Host the extension
4. Install the extension
5. right click on the extension icon on right top
6. Menu item "This can read and change data" shown "example.com" as selected, this is expected
7. Go to Right click manage extension -> permission section. it shows "Allow this extension to read and change all your data on websites you visit" it show "On All Sites" in combo box

What is the expected behavior?
Once we hard code to particular Domain, then manage extension also should show "On Specific Sites" as default selection and "example.com" 

What went wrong?
Looks to be confusing since one place it shows allowed for a particular domain and in other place chrome shows "On All Sites" 

This was working previously before Chrome 71 upgrade 
Our customers are worried of extension can access their secured information.

Did this work before? N/A 

Chrome version: 71.0.3578.80  Channel: stable
OS Version: 6.3
Flash Version: 

We need to know whether we have any other specific setting, which can be problematically restrict to only from our domain address.
 
ExtnPermission.png
9.5 KB View Download
This UI item does not depend on your manifest.json. It's a command that forces the selected choice over the one provided by the extension. Apparently, it's confusing and misleading, and needs to be either rephrased or reworked to reflect the actual state of permissions.

This issue can be regarded as a feature request for UI>Browser>ExtensionsManagement component, not Platform>DevTools.
If someone needs a repro, use https://developer.chrome.com/extensions/examples/extensions/constant_context.zip
Expected: "developer.chrome.com" is shown in the extension details permissions
Observed: "On all sites" is shown
Labels: Needs-Triage-M71
Components: -Platform>DevTools Platform>Extensions
Cc: phanindra.mandapaka@chromium.org
Components: -Platform>Extensions UI>Browser>ExtensionsManagement
Labels: -Type-Bug Target-73 M-73 FoundIn-71 FoundIn-73 FoundIn-72 Type-Feature
Status: Untriaged (was: Unconfirmed)
Thanks for filing the issue...

As per comment#1, it seems to be a feature request hence marking it as untraiged and requesting someone from the dev team to provide further inputs on it. Adding appropriate labels to it. Adding UI>Browser>ExtensionsManagement component to it.

Sign in to add a comment