4
5 Comments

Painful lesson: get the permissions right in your manifest.

I wonder if I've set myself up for failure by trying to ask the for the minimal set of permissions in my manifest.

Currently the only permission I ask for is "storage" and then I list the small number of websites where the extension should inject our content script.

But with v1.0.0 I added a new site to the list and now Chrome is showing a scary warning about changing permissions and disabling the extension after automatically updating it. Forcing the user to accept the new permissions like I've just trojaned my software...

Maybe the better path is simply be less privacy sensitive, and ask for "tabs" permission and watch everything out of the gate. Would this prevent new users from having to decide if this update can be trusted?

And with that strategy also include all future possible permissions that may be needed in the product roadmap: "notifications", "contex tMenus", "tabs", etc.

Be wary and get your permissions correct before you decide you want to change them.

  1. 2

    Yep, go broad because the stores punish you otherwise. There is little way to control it post-fact / post-release other then pitiful optional permissions.

    Catch this early, because its by far more painful later on.

  2. 1

    I wish Chrome made it clear that it was going to automatically disable your extension if you add certain permissions. I had this happen to my weather extension early on when I had around 5,000 users :(. I wrote a post covering updating permissions. I usually recommended adding new permissions as optional_permissions.

    1. 1

      Thanks Tim! Bookmarked your post to review when I change the permissions again.

      1. 1

        Hopefully, it will save you from making the mistake I made :(

  3. 1

    This warning message and browser getting uninstalled only shows up on enhanced privacy more, right? Also, the warning and disabling happens only when adding websites, right? And not with permission. So that means that for normal users it should be ok. The warning message happening on your system is happening since your Chrome browser is on enhanced privacy mode.

    For one of the newer I tried to follow the strategy you mentioned about asking for extra permissions, but it gave me a warning message when I submitted it.

    Ya, I hope the Chrome store was a little more organized.

Trending on Indie Hackers
How I grew a side project to 100k Unique Visitors in 7 days with 0 audience 49 comments Competing with Product Hunt: a month later 33 comments Why do you hate marketing? 29 comments My Top 20 Free Tools That I Use Everyday as an Indie Hacker 15 comments $15k revenues in <4 months as a solopreneur 14 comments Use Your Product 13 comments