内容表

Host permissions
API permissions
activeTab permission
Clipboard access
Unlimited storage
范例
浏览器兼容性

permissions

类型	`数组`
Mandatory	No
范例	`"permissions": [ "://developer.mozilla.org/", "webRequest" ]`

使用 permissions key to request special powers for your extension. This key is an array of strings, and each string is a request for a permission.

If you request permissions using this key, then the browser may inform the user at install time that the extension is requesting certain privileges, and ask them to confirm that they are happy to grant these privileges. The browser may also allow the user to inspect an extension's privileges after installation. As the request to grant privileges may impact on users' willingness to install your extension, requesting privileges is worth careful consideration. For example, you want to avoid requesting unnecessary permissions and may want to provide information about why you are requesting permissions in your extension's store description. More information on the issues you should consider is provided in the article Request the right permissions .

For information on how to test and preview permission requests, see Test permission requests on the Extension Workshop site.

The key can contain three kinds of permissions:

host permissions
API permissions
the activeTab permission

Host permissions

Host permissions are specified as match patterns , and each pattern identifies a group of URLs for which the extension is requesting extra privileges. For example, a host permission could be "*://developer.mozilla.org/*" .

The extra privileges include:

XMLHttpRequest and fetch access to those origins without cross-origin restrictions (even for requests made from content scripts)
the ability to read tab-specific metadata without the "tabs" permission, such as the url , title ，和 favIconUrl properties of tabs.Tab 对象
the ability to inject scripts programmatically (using tabs.executeScript() ) into pages served from those origins
the ability to receive events from the webrequest API for these hosts
the ability to access cookies for that host using the Cookie API, as long as the "cookies" API permission is also included.
bypassing tracking protection for extension pages where a host is specified as a full domain or with wildcards. Content scripts, however, can only bypass tracking protection for hosts specified with a full domain.

In Firefox, from version 56 onwards, extensions automatically get host permissions for their own origin, which is of the form:

moz-extension://60a20a9b-1ad4-af49-9b6c-c64c98c37920/

where 60a20a9b-1ad4-af49-9b6c-c64c98c37920 is the extension's internal ID. The extension can get this URL programmatically by calling extension.getURL() :

browser.extension.getURL("");
// moz-extension://60a20a9b-1ad4-af49-9b6c-c64c98c37920/

API permissions

API permissions are specified as keywords, and each keyword names a WebExtension API that the extension would like to use.

The following keywords are currently available:

activeTab
alarms
background
bookmarks
browserSettings
browsingData
captivePortal
clipboardRead
clipboardWrite
contentSettings
contextMenus
contextualIdentities
Cookie
debugger
dns
downloads
downloads.open
find
geolocation
history
identity
idle
management
menus
menus.overrideContext
nativeMessaging
notifications
pageCapture
pkcs11
privacy
proxy
search
sessions
storage
tabHide
tabs
theme
topSites
unlimitedStorage
webNavigation
webRequest
webRequestBlocking

In most cases the permission just grants access to the API, with the following exceptions:

tabs gives you access to privileged parts of the tabs API without the need for host permissions : Tab.url , Tab.title ，和 Tab.faviconUrl .
- In Firefox 85 and earlier, you also need tabs if you want to include url 在 queryInfo 参数用于 tabs.query() . The rest of the tabs API can be used without requesting any permission.
- As of Firefox 86 and Chrome 50, matching host permissions can also be used instead of the "tabs" permission.
webRequestBlocking enables you to use the "blocking" argument, so you can modify and cancel requests .
downloads.open lets you use the downloads.open() API。
tabHide lets you use the tabs.hide() API。

activeTab permission

This permission is specified as "activeTab" . If an extension has the activeTab permission, then when the user interacts with the extension, the extension is granted extra privileges for the active tab only.

"User interaction" includes:

the user clicks the extension's browser action or page action
the user selects its context menu item
the user activates a keyboard shortcut defined by the extension

The extra privileges are:

The ability to inject JavaScript or CSS into the tab programmatically, using browser.tabs.executeScript() and browser.tabs.insertCSS()
Access to the privileged parts of the tabs API for the current tab: Tab.url , Tab.title ，和 Tab.faviconUrl .

The intention of this permission is to enable extensions to fulfill a common use case, without having to give them very powerful permissions. Many extensions want to "do something to the current page when the user asks".

For example, consider an extension that wants to run a script in the current page when the user clicks a browser action. If the activeTab permission did not exist, the extension would need to ask for the host permission <all_urls> . But this gives the extension more power than it needs: it could now execute scripts in any tab , any time it likes, instead of just the active tab and only in response to a user action.

注意： You can only get access to the tab/data that was there, when the user interaction occurred (e.g. the click). When the active tab navigates away (e.g., due to finishing loading or some other event), the permission does not grant you access to the tab anymore.

Usually the tab that's granted activeTab is just the currently active tab, except in one case. The menus API enables an extension to create a menu item which is shown if the user context-clicks on a tab (that is, on the element in the tabstrip that enables the user to switch from one tab to another).

If the user clicks such an item, then the activeTab permission is granted for the tab the user clicked, even if it's not the currently active tab (as of Firefox 63, bug 1446956 ).

Clipboard access

There are two permissions which enables the extension to interact with the clipboard:

clipboardWrite
clipboardRead

见 Interact with the clipboard 了解更多细节。

Unlimited storage

unlimitedStorage permission:

Enables extensions to exceed any quota imposed by the storage.local API
In Firefox, enables extensions to create a "persistent" IndexedDB database without the browser prompting the user for permission at the time the database is created.

范例

 "permissions": ["*://developer.mozilla.org/*"]

Request privileged access to pages under developer.mozilla.org .

  "permissions": ["tabs"]

Request access to the privileged pieces of the tabs API。

  "permissions": ["*://developer.mozilla.org/*", "tabs"]

Request both of the above permissions.

浏览器兼容性

BCD tables only load in the browser

Found a problem with this page?

Edit on GitHub
Source on GitHub
Report a problem with this content on GitHub
Want to fix the problem yourself? See our Contribution guide .

最后修改： Jan 22, 2022 , 由 MDN 贡献者

浏览器扩展名
快速入门
概念
用户界面
如何
Firefox differentiators
JavaScript API
1. Browser support for JavaScript APIs
2. alarms
3. bookmarks
4. browserAction
5. browserSettings
6. browsingData
7. captivePortal
8. clipboard
9. 命令
10. contentScripts
11. contextualIdentities
12. Cookie
13. devtools
14. dns
15. downloads
16. events
17. extension
18. extensionTypes
19. find
20. history
21. i18n
22. identity
23. idle
24. management
25. menus
26. notifications
27. omnibox
28. pageAction
29. permissions
30. pkcs11
31. privacy
32. proxy
33. runtime
34. search
35. sessions
36. sidebarAction
37. storage
38. tabs
39. theme
40. topSites
41. 类型
42. userScripts
43. webNavigation
44. webRequest
45. windows
Manifest keys
1. 介绍
Extension Workshop
1. Develop
2. Publish
3. Manage
4. Enterprise
Contact us
Channels

内容表