Home
Docs
Blog
Articles
Home
Docs
Blog
Articles
Extensions
Welcome What's new in Chrome extensions Get help with Chrome extensions
Welcome Extensions 101 Development basics Run scripts on every page Inject scripts into the active tab Manage tabs Handle events with service workers
Welcome to Manifest V3 Extensions platform vision Overview of Manifest V3
What are themes? Frequently asked questions Extensions quality guidelines FAQ
Migrate to Manifest V3 Manifest V3 migration checklist Update the manifest Migrate to a service worker Update your code Replace blocking web request listeners Improve extension security Manifest V2 support timeline Known issues when migrating to Manifest V3
API reference Samples
Extension development overview Manifest file format Architecture overview Declare permissions About extension service workers Design the user interface Debugging extensions Samples
About extension service workers Extension service worker basics The extension service worker lifecycle Events in service workers
Message passing Content scripts Match patterns Using promises Cross-origin isolation
Cross-origin Network Requests Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools Fetching favicons OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API Native messaging Audio recording and screen capture
Protect user privacy Permission warning guidelines Stay secure Accessibility (a11y) Localization message formats Give users options
Extension hosting Alternative extension installation methods Installing extensions on Linux Tutorial: Google analytics
About Manifest V2 Getting started
What are extensions? What are themes? Frequently asked questions
Extension development overview Manifest file format Architecture overview Declare permissions Design the user interface Debugging extensions Samples
Message passing Content scripts Manage events with background scripts Match patterns Cross-origin isolation
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
Chrome Web Store Alternative extension distribution options Installing extensions on Linux Tutorial: Google analytics
Extensions
Welcome What's new in Chrome extensions Get help with Chrome extensions
Welcome Extensions 101 Development basics Run scripts on every page Inject scripts into the active tab Manage tabs Handle events with service workers
Welcome to Manifest V3 Extensions platform vision Overview of Manifest V3
What are themes? Frequently asked questions Extensions quality guidelines FAQ
Migrate to Manifest V3 Manifest V3 migration checklist Update the manifest Migrate to a service worker Update your code Replace blocking web request listeners Improve extension security Manifest V2 support timeline Known issues when migrating to Manifest V3
API reference Samples
Extension development overview Manifest file format Architecture overview Declare permissions About extension service workers Design the user interface Debugging extensions Samples
About extension service workers Extension service worker basics The extension service worker lifecycle Events in service workers
Message passing Content scripts Match patterns Using promises Cross-origin isolation
Cross-origin Network Requests Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools Fetching favicons OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API Native messaging Audio recording and screen capture
Protect user privacy Permission warning guidelines Stay secure Accessibility (a11y) Localization message formats Give users options
Extension hosting Alternative extension installation methods Installing extensions on Linux Tutorial: Google analytics
About Manifest V2 Getting started
What are extensions? What are themes? Frequently asked questions
Extension development overview Manifest file format Architecture overview Declare permissions Design the user interface Debugging extensions Samples
Message passing Content scripts Manage events with background scripts Match patterns Cross-origin isolation
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
Chrome Web Store Alternative extension distribution options Installing extensions on Linux Tutorial: Google analytics

Match patterns

Published on Updated on

Host permissions and content script matching are based on a set of URLs defined by match patterns. A match pattern is essentially a URL that begins with a permitted scheme (http, https, file, or ftp, and that can contain '*' characters. The special pattern <all_urls> matches any URL that starts with a permitted scheme. Each match pattern has 3 parts:

  • scheme—for example, http or file or *

    Access to file URLs isn't automatic. The user must visit the extensions management page and opt in to file access for each extension that requests it.

  • host—for example, www.google.com or *.google.com or *; if the scheme is file, there is no host part

  • path—for example, /*, /foo*, or /foo/bar. The path must be present in a host permission, but is always treated as /*.

Here's the basic syntax:

<url-pattern> := <scheme>://<host><path>
<scheme> := '*' | 'http' | 'https' | 'file' | 'ftp' | 'urn'
<host> := '*' | '*.' <any char except '/' and '*'>+
<path> := '/' <any chars>

The meaning of '*' depends on whether it's in the scheme, host, or path part. If the scheme is *, then it matches either http or https, and not file, ftp, or urn. If the host is just *, then it matches any host. If the host is *._hostname_, then it matches the specified host or any of its subdomains. In the path section, each '*' matches 0 or more characters. The following table shows some valid patterns.

Note: urn scheme is available since Chrome 91.

PatternWhat it doesExamples of matching URLs
https://*/*Matches any URL that uses the https schemehttps://www.google.com/
https://example.org/foo/bar.html
https://*/foo*Matches any URL that uses the https scheme, on any host, as long as the path starts with /foohttps://example.com/foo/bar.html
https://www.google.com/foo
https://*.google.com/foo*barMatches any URL that uses the https scheme, is on a google.com host (such as www.google.com, docs.google.com, or google.com), as long as the path starts with /foo and ends with barhttps://www.google.com/foo/baz/bar
https://docs.google.com/foobar
https://example.org/foo/bar.htmlMatches the specified URLhttps://example.org/foo/bar.html
file:///foo*Matches any local file whose path starts with /foofile:///foo/bar.html
file:///foo
http://127.0.0.1/*Matches any URL that uses the http scheme and is on the host 127.0.0.1http://127.0.0.1/
http://127.0.0.1/foo/bar.html
*://mail.google.com/*Matches any URL that starts with http://mail.google.com or https://mail.google.com.http://mail.google.com/foo/baz/bar
https://mail.google.com/foobar
urn:*Matches any URL that starts with urn:.urn:uuid:54723bea-c94e-480e-80c8-a69846c3f582
urn:uuid:cfa40aff-07df-45b2-9f95-e023bcf4a6da
<all_urls>Matches any URL that uses a permitted scheme. (See the beginning of this section for the list of permitted schemes.)http://example.org/foo/bar.html
file:///bar/baz.html

Here are some examples of invalid pattern matches:

Bad patternWhy it's bad
https://www.google.comNo path
https://*foo/bar'*' in the host can be followed only by a '.' or '/'
https://foo.*.bar/baz If '*' is in the host, it must be the first character
http:/barMissing scheme separator ("/" should be "//")
foo://*Invalid scheme

Some schemes are not supported in all contexts.

Updated on Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.