google-chromegoogle-chrome-extensionxmlhttprequestaccesscontrolexception

Chrome extension losing requested permissions after browser restart


I developed a chrome extension which communicates with IP phones.

The communication is done in a event page which is sending POST requests via the XMLHttpRequest object.

Because the hostname or IP address of the phone is configured in the options page I added optional_permissions to the manifest file and request them from the user after saving the options with chrome.permissions.request.

Cross-Origin XHR works now without any problems until I restart chrome...

After restarting chrome it seems like the requested permission is lost and I get the typical is not allowed by Access-Control-Allow-Origin error.

When I click on the extensions permissions I can also see that my requested permission is no longer listed.

Because the chrome.permissions.request is only working for a user gesture I can't request it during the load of my extension or on the fly. If I request the permission again in my options page I don't get asked again whether I want to allow it or not put the permission is granted and everything works again as usual.

Is there a way to get this permission granted persistent after requesting it? I only want the extension to have access to the endpoints it needs.

Thank you very much.


Solution

  • For me the following reported issue answered my question: Issue 158004: chrome.permissions.request support for user-supplied URL.

    To make it clear: It is not possible to request a subset of the permissions defined in optional_permissions. If you define http://*/* then you need to request exactly this string! A subset like http://example.org/* wont work!

    Here is a quote from a comment in the issue description which makes that clear: "There's no wildcard handling, just plain string comparison between the URLPatterns"

    The Issue has been fixed in Revision 182287

    The only thing left is to cross your fingers that this fix gets included in a upcomming chrome release soon. We'll have to use the bloody Access your data on all websites permission in the meanwhile.