fix: adjust extension permissions #1613
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Using
"activeTab"
permissions instead of wide-matching patterns ("https://*/*", "http://*/*", "file://*/*"
) in order to avoid getting flagged with in pending review status when updating the extension on google web store.We have filed issue #1591 to track cannary not being properly update since 10/24 but this affect all of our extensions. This is related to chrome extension permissions and an effort to prevent malisious extension on the web store. Chrome developer website has a transition guide.
While changing the permissions seems to be working fine on the extension itself(we have a pending general-pass validation session from the team), the change has broke end to end test where we need to inject js/css to the target page (e.g, there is a test for the ad hoc panel where we enable each and every toggle that breaks with a permissions denied-kind of error).
This is due to how the
"activeTab"
permission works. Simply put, our extension gets permissions to inject js/css when the user activates our extension. There are basically 2 ways this happen:We're using
Puppeteer
for our end-to-end tests and there is currently no API to efectivle use 1. as mentioned here.I tried option 2. by using
Puppeteer
's Keyboard api to no success. I also looked at a couple of npm packages that send keyboard strokes at the OS level (most notably: kbm-robot, node-key-sender) but they relay onJava
, which seems a medium to mayor size/impact decission for our infrastructure. After that, I didn't want to invest more time with this approach as we need to unblock ourselves as fast as we can, finding a balance between time spend, robustness and correctness on the approach we choose.The choosen approach was based on @dbjorge suggestion to follow this chrome ligthouse PR where they decided to modified the
manifest.json
, adding a permission to facilitated e2e testing.Pull request checklist
yarn fastpass
yarn test
)<rootDir>/test-results/unit/coverage
fix:
,chore:
,feat(feature-name):
,refactor:
). Check workflow guide at:<rootDir>/docs/workflow.md