I have an extension that injects content scripts into certain sites. I know that asking for
<all_urls> permission is bad so I listed each origin I support one-by-one in my manifest’s
This works fine, but makes for a sketchy install-time popup, asking for permission to read many sites. I thought I would switch to an
optional_permissions model and request the specific origin permission whenever the user manually enables my extension for a tab. However, I have run into multiple roadblocks trying to get this to work.
My first attempt I created a popup to show from my browser_action and placed a button in there. It turns out this doesn’t work, due to some Firefox bug. You receive an error telling you that you can only use
permissions.request API from a user action.
Okay, so popup doesn’t work. I will just make clicking the browser_action itself toggle the extension’s behavior. This ended up working on desktop Firefox. Click the browser_icon, and the permissions dialog appears. When I started testing on Firefox Android however, I again receive the error telling me I can only use
permissions.request API from a user action! Is this another bug?
My question is this:
Is there a stable cross-browser (Firefox, Firefox Android, Chrome) way to work with
permissions.request which is intuitive for users?
I am considering abandoning this attempt at user advocacy and return to asking for all supported origins during installation time. Looking for some sliver of hope to motivate me to keep fighting. Thank you.