Extensions need permissions to access many of the more powerful WebExtension APIs. They can ask for permissions at install time by including the permissions they need in the permissions
manifest.json key. The main advantages of asking for permissions at install time are:
- the user is only asked once, so it's less disruptive for them and a simpler decision
- the extension can rely on the access to the APIs it needs, because if it's running at all, the permissions have been granted.
There is not yet a simple GUI for users to view permissions of their installed WebExtension Add-ons. Users must use about:debugging, then go to the Add-ons section, then use the "Manifest Url" link for the Add-on. This will show raw json, which includes a "permissions" block that shows the permissions used by the addon.
With the permissions API, an extension can ask for additional permissions at runtime.These permissions need to be listed in the optional_permissions
manifest.json key. Note that some permissions are not allowed in optional_permissions
. The main advantages of this are:
- the extension can run with a smaller set of permissions except when it actually needs them
- the extension can handle permission denial in a graceful manner instead of presenting the user with a global "all or nothing" choice at install time. You can still get a lot out of that map extension without giving it access to your location, for example.
-
the extension may need host permissions, but not know at install time exactly which host permissions it needs. For example, the list of hosts may be a user setting. In this scenario, asking for a more specific range of hosts at runtime can be an alternative to asking for "<all_urls>" at install time.
optional_permissions
. After this, you can request any permissions that were included in optional_permissions
. Requests may only be made in the handler for a user action (for example, a click handler).Types
permissions.Permissions
- Represents a set of permissions.
Methods
permissions.contains()
- Find out whether the extension has the given set of permissions.
permissions.getAll()
- Get all the permissions this extension currently has.
permissions.remove()
- Give up a set of permissions.
permissions.request()
- Ask for a set of permissions.
Event handlers
permissions.onAdded
- Fired when a new permission is granted.
permissions.onRemoved
- Fired when a permission is removed.
Browser compatibility
Chrome | Edge | Firefox | Firefox for Android | Opera | |
---|---|---|---|---|---|
contains | Yes | No | 55 | 55 | Yes |
getAll | Yes | No | 55 | 55 | Yes |
onAdded | Yes | No | No | No | Yes |
onRemoved | Yes | No | No | No | Yes |
Permissions | Yes | No | 55 | 55 | Yes |
remove | Yes | No | 55 | 55 | Yes |
request | Yes | No | 55 * | 55 * | Yes |
Example extensions
This API is based on Chromium's chrome.permissions
API.
Microsoft Edge compatibility data is supplied by Microsoft Corporation and is included here under the Creative Commons Attribution 3.0 United States License.