Welcome What's new in Chrome extensions Getting started API Reference Samples
Welcome What's new in Chrome extensions Getting started API Reference Samples

Declare permissions

Published on Updated on

To use most chrome.* APIs, your extension or app must declare its intent in the permissions fields of the manifest. Extensions can request three categories of permissions, specified using the respective keys in the manifest:

  • permissions contain items from a list of known strings (such as "geolocation")
  • optional_permissions are like regular permissions, but are granted by the extension's user at runtime, rather than in advance
  • host_permissions contain one or more match patterns that give access to one or more hosts

Permissions help to limit damage if your extension or app is compromised by malware. Some permissions are displayed to users for their consent before installation or at runtime as needed, as detailed in Permission Warnings.

You should use optional permissions wherever the functionality of your extension permits, to provide users with informed control over access to resources and data. See the platform vision to better understand this recommendation.

If an API requires you to declare a permission in the manifest, then its documentation tells you how to do so. For example, the Storage page shows you how to declare the "storage" permission.

Here's an example of the permissions part of a manifest file:

"permissions": [
"tabs",
"bookmarks",
"unlimitedStorage"
],
"optional_permissions": [
"unlimitedStorage"
],
"host_permissions": [
"http://www.blogger.com/",
"http://*.google.com/"
],

The following table lists the currently available permissions:

PermissionDescription
"activeTab"Requests that the extension be granted permissions according to the activeTab specification.
"alarms"Gives your extension access to the chrome.alarms API.
"background"

Makes Chrome start up early and and shut down late, so that apps and extensions can have a longer life.

When any installed hosted app, packaged app, or extension has "background" permission, Chrome runs (invisibly) as soon as the user logs into their computer—before the user launches Chrome. The "background" permission also makes Chrome continue running (even after its last window is closed) until the user explicitly quits Chrome.

Note: Disabled apps and extensions are treated as if they aren't installed.

You typically use the "background" permission with a background page, event page or (for hosted apps) a background window.

"bookmarks"Gives your extension access to the chrome.bookmarks API.
"browsingData"Gives your extension access to the chrome.browsingData API.
"certificateProvider"Gives your extension access to the chrome.certificateProvider API.
"clipboardRead"Required if the extension or app uses document.execCommand('paste').
"clipboardWrite"Indicates the extension or app uses document.execCommand('copy') or document.execCommand('cut'). This permission is required for hosted apps; it's recommended for extensions and packaged apps.
"contentSettings"Gives your extension access to the chrome.contentSettings API.
"contextMenus"Gives your extension access to the chrome.contextMenus API.
"cookies"Gives your extension access to the chrome.cookies API.
"debugger"Gives your extension access to the chrome.debugger API.
"declarativeContent"Gives your extension access to the chrome.declarativeContent API.
"declarativeNetRequest"Gives your extension access to the chrome.declarativeNetRequest API.
"declarativeNetRequestFeedback"Grants the extension access to events and methods within the chrome.declarativeNetRequest API which return information on declarative rules matched.
"declarativeWebRequest"Gives your extension access to the chrome.declarativeWebRequest API.
"desktopCapture"Gives your extension access to the chrome.desktopCapture API.
"documentScan"Gives your extension access to the chrome.documentScan API.
"downloads"Gives your extension access to the chrome.downloads API.
"enterprise.deviceAttributes"Gives your extension access to the chrome.enterprise.deviceAttributes API.
"enterprise.hardwarePlatform"Gives your extension access to the chrome.enterprise.hardwarePlatform API.
"enterprise.networkingAttributes"Gives your extension access to the chrome.enterprise.networkingAttributes API.
"enterprise.platformKeys"Gives your extension access to the chrome.enterprise.platformKeys API.
"experimental"Required if the extension or app uses any chrome.experimental.* APIs.
"fileBrowserHandler"Gives your extension access to the chrome.fileBrowserHandler API.
"fileSystemProvider"Gives your extension access to the chrome.fileSystemProvider API.
"fontSettings"Gives your extension access to the chrome.fontSettings API.
"gcm"Gives your extension access to the chrome.gcm API.
"geolocation"Allows the extension or app to use the geolocation API without prompting the user for permission.
"history"Gives your extension access to the chrome.history API.
"identity"Gives your extension access to the chrome.identity API.
"idle"Gives your extension access to the chrome.idle API.
"loginState"Gives your extension access to the chrome.loginState API.
"management"Gives your extension access to the chrome.management API.
"nativeMessaging"Gives your extension access to the native messaging API.
"notifications"Gives your extension access to the chrome.notifications API.
"pageCapture"Gives your extension access to the chrome.pageCapture API.
"platformKeys"Gives your extension access to the chrome.platformKeys API.
"power"Gives your extension access to the chrome.power API.
"printerProvider"Gives your extension access to the chrome.printerProvider API.
"printing"Gives your extension access to the chrome.printing API.
"printingMetrics"Gives your extension access to the chrome.printingMetrics API.
"privacy"Gives your extension access to the chrome.privacy API.
"processes"Gives your extension access to the chrome.processes API.
"proxy"Gives your extension access to the chrome.proxy API.
"scripting"Gives your extension access to the chrome.scripting API.
"sessions"Gives your extension access to the chrome.sessions API.
"signedInDevices"Gives your extension access to the chrome.signedInDevices API.
"storage"Gives your extension access to the chrome.storage API.
"system.cpu"Gives your extension access to the chrome.system.cpu API.
"system.display"Gives your extension access to the chrome.system.display API.
"system.memory"Gives your extension access to the chrome.system.memory API.
"system.storage"Gives your extension access to the chrome.system.storage API.
"tabCapture"Gives your extension access to the chrome.tabCapture API.
"tabGroups"Gives your extension access to the chrome.tabGroups API.
"tabs"Gives your extension access to privileged fields of the Tab objects used by several APIs including chrome.tabs and chrome.windows. In many circumstances your extension will not need to declare the "tabs" permission to make use of these APIs.
"topSites"Gives your extension access to the chrome.topSites API.
"tts"Gives your extension access to the chrome.tts API.
"ttsEngine"Gives your extension access to the chrome.ttsEngine API.
"unlimitedStorage"Provides an unlimited quota for storing client-side data, such as databases and local storage files. Without this permission, the extension or app is limited to 5 MB of local storage.
Note: This permission applies only to Web SQL Database and application cache (see issue 58985). Also, it doesn't currently work with wildcard subdomains such as http://*.example.com.
"vpnProvider"Gives your extension access to the chrome.vpnProvider API.
"wallpaper"Gives your extension access to the chrome.wallpaper API.
"webNavigation"Gives your extension access to the chrome.webNavigation API.
"webRequest"Gives your extension access to the chrome.webRequest API.
"webRequestBlocking"Required if the extension uses the chrome.webRequest API in a blocking fashion.

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.