permission_warnings.html revision 3f50c38dc070f4bb515c1b64450dae14f316474e 
1<div id="pageData-name" class="pageData">Permission Warnings</div>
2<div id="pageData-showTOC" class="pageData">true</div>
3
4<!--
5NOTE: When this doc is updated, the online help should also be updated:
6http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=186213
7
8We should periodically look at 
9http://src.chromium.org/viewvc/chrome/trunk/src/chrome/app/generated_resources.grd?view=markup
10to make sure that we're covering all messages. Search for
11IDS_EXTENSION_PROMPT_WARNING
12(e.g. IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY).
13-->
14
15<p>
16To use most chrome.* APIs and extension capabilities,
17your extension must declare its intent in the
18<a href="manifest.html">manifest</a>,
19often in the "permissions" field.
20Some of these declarations
21result in a warning when
22a user installs your extension.
23</p>
24
25<p>
26When you autoupdate your extension,
27the user might see another warning
28if the extension requests new permissions.
29These new permissions might be new APIs that your extension uses,
30or they might be new websites
31that your extension needs access to.
32</p>
33
34
35<h2 id="examples"> Examples of permission warnings </h2>
36
37<p>
38Here's a typical dialog
39that a user might see when installing an extension:
40</p>
41
42<img src="images/perms-hw1.png"
43  width="410" height="193"
44  alt="Permission warning: 'It can access: Your data on api.flickr.com'"
45  />
46
47<p>
48The warning about access to data on api.flickr.com
49is caused by the following lines
50in the extension's manifest:
51</p>
52
53<pre>
54"permissions": [
55  <b>"http://api.flickr.com/"</b>
56],
57</pre>
58
59<p class="note">
60<b>Note:</b>
61You don't see permission warnings when
62you load an unpacked extension.
63You get permission warnings only when you install an extension
64from a <code>.crx</code> file.
65</p>
66
67<p>
68If you add a permission to the extension when you autoupdate it,
69the user might see a new permission warning.
70For example,
71assume you add a new site and the "tabs" permission 
72to the previous example:
73</p>
74
75<pre>
76"permissions": [
77  "http://api.flickr.com/",
78  <b>"http://*.flickr.com/",
79  "tabs"</b>
80],
81</pre>
82
83<p>
84When the extension autoupdates,
85the increased permissions
86cause the extension to be disabled
87until the user re-enables it.
88Here's the warning the user sees:
89</p>
90
91<img src="images/perms-hw2-disabled.png"
92  width="814" height="30"
93  alt="Warning text: 'The newest version of the extension Hello World requires more permissions, so it has been disabled. [Re-enable].'"
94  />
95
96<p>
97Clicking the Re-enable button
98brings up the following warning:
99</p>
100
101<img src="images/perms-hw2.png"
102  width="412" height="220"
103  alt="Permission warning: 'It can access: Your data on api.flickr.com and flickr.com; Your browsing history'"
104  />
105
106
107<h2 id="warnings"> Warnings and their triggers </h2>
108
109<p>
110It can be surprising when adding a permission such as "tabs"
111results in the seemingly unrelated warning
112that the extension can access your browsing history.
113The reason for the warning is that
114although the <code>chrome.tabs</code> API
115might be used only to open new tabs,
116it can also be used to see the URL that's associated
117with every newly opened tab
118(using their <a href="tabs.html#type-Tab">Tab</a> objects).
119</p>
120
121<p class="note">
122<b>Note:</b>
123As of Google Chrome 7,
124you no longer need to specify the "tabs" permission
125just to call <code>chrome.tabs.create()</code>
126or <code>chrome.tabs.update()</code>.
127</p>
128
129<p>
130The following table lists the warning messages
131that users can see,
132along with the manifest entries
133that trigger them.
134</p>
135
136<p>
137<table>
138<tr>
139  <th>Warning&nbsp;message</th> <th>Manifest&nbsp;entry&nbsp;that&nbsp;causes&nbsp;it</th> <th>Notes</th>
140</tr>
141
142<tr>
143  <td style="font-weight:bold">
144    <!-- IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS -->
145    All data on your computer and the websites you visit
146  </td>
147  <td>
148    "plugins"
149  </td>
150  <td>
151    The "plugins" permission is required by
152    <a href="npapi.html">NPAPI plugins</a>.
153  </td>
154</tr>
155
156<tr>
157  <td style="font-weight:bold">
158    <!-- IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS -->
159    Your bookmarks
160  </td>
161  <td>
162    "bookmarks" permission
163  </td>
164  <td>
165    The "bookmarks" permission is required by the
166    <a href="bookmarks.html"><code>chrome.bookmarks</code></a> module.
167  </td>
168</tr>
169
170<tr>
171  <td style="font-weight:bold">
172    <!-- IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY -->
173    Your browsing history
174  </td>
175  <td>
176    <!-- HasEffectiveBrowsingHistoryPermission -->
177     "history" or "tabs" permission
178  </td>
179  <td>
180    <p>
181      The "tabs" permission is required by the
182      <a href="tabs.html"><code>chrome.tabs</code></a> and 
183      <a href="windows.html"><code>chrome.windows</code></a> modules.
184    </p>
185    <p>
186      The "history" permission is required by
187      <a href="history.html"><code>chrome.history</code></a>.
188    </p>
189    <p>
190      Adding "tabs" to an existing extension
191      that already has "history", or vice versa,
192      doesn't cause a warning when the extension is autoupdated.
193    </p>
194  </td>
195</tr>
196
197<tr>
198  <td style="font-weight:bold">
199    <!-- IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS -->
200    Your data on all websites
201  </td>
202  <td>
203    <!-- HasEffectiveAccessToAllHosts() -->
204    Any of the following:
205    <ul>
206      <li> "proxy" permission (experimental) </li>
207      <li> A match pattern in the "permissions" field
208        that matches all hosts </li>
209      <li> A&nbsp;"content_scripts" field with a "matches" entry
210        that matches all hosts </li>
211    </ul>
212  </td>
213  <td>
214    <p>
215      The "proxy" permission is required by the
216      <a href="http://code.google.com/chrome/extensions/dev/experimental.proxy.html">experimental proxy</a> module.
217    </p>
218
219    <p>
220      Any of the following URLs match all hosts:
221    </p>
222    <ul>
223      <li> <code>http://*/*</code> </li>
224      <li> <code>https://*/*</code> </li>
225      <li> <code>*://*/*</code> </li>
226      <li> <code>&lt;all_urls&gt;</code> </li>
227    </ul>
228  </td>
229</tr>
230<tr>
231  <td style="font-weight:bold">
232    <!-- IDS_EXTENSION_PROMPT_WARNING_?_HOST -->
233    <!-- IDS_EXTENSION_PROMPT_WARNING_4_OR_MORE_HOSTS -->
234    Your data on <em>{list of websites}</em>
235  </td>
236  <td>
237    A match pattern in the "permissions" field
238    that specifies one or more hosts,
239    but not all hosts
240  </td>
241  <td>
242    <p>
243    Up to 3 sites are listed by name.
244    Subdomains aren't treated specially.
245    For example, <code>a.com</code> and <code>b.a.com</code>
246    are listed as different sites.
247    </p>
248
249    <p>
250    On autoupdate,
251    the user sees a permission warning
252    if the extension adds or changes sites.
253    For example, going from <code>a.com,b.com</code>
254    to <code>a.com,b.com,c.com</code>
255    triggers a warning.
256    Going from <code>b.a.com</code>
257    to <code>a.com</code>,
258    or vice versa,
259    also triggers a warning.
260    </p>
261  </td>
262</tr>
263
264<tr>
265  <td style="font-weight:bold">
266    <!-- IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT -->
267    Your list of installed apps, extensions, and themes
268    <br />
269    <span style="font-weight:normal; font-style:italic">or</span>
270    <br />
271    Manage themes, extensions, and apps
272
273    <!-- PENDING: remove "Manage...apps" alternative message
274    once the fix is out on stable channel -->
275    <!-- See http://crbug.com/67859 -->
276  </td>
277  <td>
278    "management" permission
279  </td>
280  <td>
281    The "management" permission is required by the
282    <a href="management.html"><code>chrome.management</code></a> module.
283  </td>
284</tr>
285
286<tr>
287  <td style="font-weight:bold">
288    <!-- IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION -->
289    Your physical location
290  </td>
291  <td>
292    "geolocation" permission
293  </td>
294  <td>
295    Allows the extension to use the proposed HTML5
296    <a href="http://dev.w3.org/geo/api/spec-source.html">geolocation API</a>
297    without prompting the user for permission.
298  </td>
299</tr>
300</table>
301</p>
302
303
304<h2 id="nowarning"> Permissions that don't cause warnings </h2>
305
306<p>
307The following permissions don't result in a warning:
308</p>
309
310<ul>
311  <li>"chrome://favicon/"</li>
312  <li>"contextMenus"</li>
313  <li>"cookies"</li>
314  <li>"experimental"</li>
315  <li>"idle"</li>
316  <li>"notifications"</li>
317  <li>"unlimitedStorage"</li>
318</ul>
319
320<h2 id="test"> Testing permission warnings </h2>
321
322<p>
323If you'd like to see exactly which warnings your users will get,
324<a href="packaging.html">package your extension</a>
325into a <code>.crx</code> file,
326and install it.
327</p>
328
329<p>
330To see the warnings users will get when your extension is autoupdated,
331you can go to a little more trouble
332and set up an autoupdate server.
333To do this, first create an update manifest
334and point to it from your extension,
335using the "update_url" key
336(see <a href="autoupdate.html">Autoupdating</a>).
337Next, <a href="packaging.html">package the extension</a>
338into a new <code>.crx</code> file,
339and install the app from this <code>.crx</code> file.
340Now, change the extension's manifest to contain the new permissions,
341and <a href="packaging.html#update">repackage the extension</a>.
342Finally, update the extension
343(and all other extensions that have outstanding updates)
344by clicking the <b>chrome://extensions</b> page's
345<b>Update extensions now</b> button.
346</p>
347