For the past three years I have maintained a browser extension that I publish to both the Firefox and Chrome web stores.
I recently received an automated email from the Chrome web store overlords who had decided I was violating
the “Use of permissions” policy by
requesting the cookies
permission “without using it”.
Here is a snippet from the manifest.json
for my extension:
{
"permissions": [
"activeTab",
"contextMenus",
"notifications",
"cookies",
"https://<SPECIFIC_WEBSITE_RUN_BY_ME>/"
]
}
I request the cookies permission for https://<SPECIFIC_WEBSITE_RUN_BY_ME>/
so that I can transparently use the cookie
set by that website when the user logs in to send authenticated HTTP requests from the extension. Nothing crazy: