For the past three years I have maintained a browser extension that I publish to both the Firefox and Chrome web stores.

I recently received an automated email from the Chrome web store overlords who had decided I was violating the “Use of permissions” policy by requesting the cookies permission “without using it”.

Here is a snippet from the manifest.json for my extension:

{
  "permissions": [
    "activeTab",
    "contextMenus",
    "notifications",
    "cookies",
    "https://<SPECIFIC_WEBSITE_RUN_BY_ME>/"
  ]
}

I request the cookies permission for https://<SPECIFIC_WEBSITE_RUN_BY_ME>/ so that I can transparently use the cookie set by that website when the user logs in to send authenticated HTTP requests from the extension. Nothing crazy: