Menu
I'm making a chrome extension, and was looking at my manifest.json file and realized something:
I have permissions for sites like this:
"permissions": [
"*://*.google.com/*",
"*://*.twitter.com/*",
]
If I use <all_urls> for my content script, will it be limited to only Google and Twitter domains? Or will it also inject the script into other websites despite not having permission?
As stated here,
If your content script's code should always be injected, register it in the extension manifest using the content_scripts field. If you want to inject the code only sometimes, use the permissions field instead.
I believe all_urls will override the permissions. After testing this on one of my extensions which uses all_urls, it did in fact work on non-google/twitter domains. I then clicked on the permissions link on my extension in chrome://extensions and it told me that the extension can "read and change all your data on the websites you visit"
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
