5

I am trying to understand, what is the difference between:

  "permissions": [
    "*.google.com"
  ],

and

"content_scripts": [
    {
      "matches": ["*.google.com"]
    }
  ]
AmazingDayToday
  • 3,724
  • 14
  • 35
  • 67

1 Answers1

7

1. Permissions for domains

Web pages can not make Cross-Origin XMLHttpRequest (AJAX), but extensions can. Adding the domain in permissions will allow you to do ajax requests to the specified domain from your content scripts.

2. Matches

Content scripts work inside loaded pages. With matches you are able to specify inside which pages you want to inject your content scripts.

Example: I want to fetch weather data from openweathermap.org, and present the data only on google.com pages.

"permissions": [
  "http://api.openweathermap.org/*"
],
"content_scripts": [
  {
    "matches": ["https://*.google.com/*"],
    "js": ["js/content.js"]
  }
]
Granga
  • 1,612
  • 1
  • 14
  • 20
  • How would this relate to "activeTab"? I have a button that a user should be able to click, which will then run a script on the current (any) page and send and retrieve info from an API endpoint. I don't want any access to anything without the click. The API endpoint is provided by the user in an options page. Is permissions = "activeTab" and matches = the most restrictive way to do this? – AntonOfTheWoods Apr 13 '21 at 13:20