Search code examples
google-chrome-extensionstore

How to use activeTab to avoid extension publishing delays in the Chrome Web Store

I have a chrome extension built for scraping a few particular pages, and then generating docs with that data on screens built into the extension. It requires regular updates. I keep getting the "Publishing will be delayed warning" below when I go to publish in the Chrome Web Store. The message suggests that I use active tab and narrower host permissions even though my manifest contains the following:

"permissions": ["storage",
                "declarativeContent",
                "activeTab",
                "downloads"],
"background": {
  "scripts": ["background.js"],
  "persistent": false
},

In the background.js, I have a chrome.declarativeContent.onPageChanged.addRules statement with the following chrome.declarativeContent.PageStateMatcher conditions:

      pageUrl: {hostContains: ''}
      pageUrl: {hostContains: 'secure.vermont.gov'}
      pageUrl: {urlContains: 'chrome-extension://'}

I replaced first one (intended for local files) with codeforbtv.org so there was no wildcard. Nonetheless, I got the same warning in the store.

The only tabs function I use is in the following code:

chrome.tabs.executeScript(null, { file: 'payload.js' });

Payload.js is two lines of code which grabs a large html block and sends it via chrome.runtime.sendMessage.

The relevant codebase can be found here in the extensionDirectory folder: https://github.com/codeforbtv/expunge-vt.

The extension can work on the sample HTML files in the sampleDocketHTML folder.

Notice of Publishing Delay

Solution

    1. hostContains: '' matches every URL because '' is present in every string so it's a broad host permission.

      To match local files you can probably use schemes: ['file'] but that will be still a broad host permission so I guess you'll have to forget about files.

    2. urlContains: 'chrome-extension://' from the point of view of the web store's automatic detector is also a broad host permission because evidently the script doesn't analyze the pattern so it's considered just a substring match.

      An extension can't work on other extension's pages anyway normally so you probably don't need this.

    3. hostContains: 'secure.vermont.gov' is also a broad host permission because this pattern is not anchored to the TLD (top-level domain) so it may occur anywhere and thus match totally irrelevant hosts.

      Either use hostSuffix: '.secure.vermont.gov' which will also match the dot-less version and any subdomain or hostEquals.