Lets assume we have an extension that simply sets the background color of each page to black. All it needs is the host permission
<all_urls> and a content script/style sheet that gets injected in every page. In MV2 the user will be prompted on install time if he wants to grant the extension the permission to access every page. If the user accepts, the extensions works everywhere as expected right out of the box.
However in MV3 host permissions are optional, this means the user wont be prompted on install time. Instead the extension needs to explicitly ask for the host permission. That’s where the problem arises.
permissions.request() can only be called inside a handler for a user action. This simple add-on doesn’t have any page action, context menu entry or the like. Therefore it cannot call for the necessary permission which makes the extension seem to be completely broken to the user.
Of course the user could go to the add-ons permission page and grant the permission there, but I think everyone agrees that this is not a viable option. Users expect a program to run out of the box with minimal permissions. For some extensions the host permission is the minimal set of required permission.
I don’t understand why the user cannot be asked on install time if he wants to accept the host permission or not. If the user declines the extension could still be installed, but without the host permission. At this point the user actively declined a permission and would therefore expect that something might not work correctly.
The only option I currently see is to add and open an extension page on install which contains a button that the user first needs to press, which then in return prompts if the user wants to grant the requested permission. This seems cumbersome for both, the programmer and the user.
Can someone please explain how such extensions (e.g. mouse gesture extensions) are supposed to work with MV3? Thanks in advance.