ChroPath extension (xpath plugin) has been taken down reason "Your Product violates the “Use of Permissions” section of the policy". Please help.

[Dev]

ChroPath extension (xpath plugin) has been taken down which is there in the store from last 2years and more than 100K developers using it.

I got below mail for rejection. I tried updating the user policy in dashboard and all the description why it is used but it got rejected. 

Dear Developer, 

 

Upon review of your Product, [ChroPath], with ID: [ljngjbnaijcbncmcnjfhigebomdlkcjo], we find that it does not comply with the Chrome Web Store’s User Data Policy, and it has been removed from the store.

 

Your Product violates the “Use of Permissions” section of the policy, which requires that you:

 

Request access to the narrowest permissions necessary to implement your Product’s features or services. If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality.

 

Don't attempt to "future proof" your Product by requesting a permission that might benefit services or features that have not yet been implemented.

 

To reinstate your Product, please ensure that your Product requests and uses only those permissions that are necessary to deliver the currently stated product’s features. 

 

If you’d like to re-submit your Product, please modify your Product so that it complies with the Chrome Web Store’s Developer Program Policies, then re-publish it in your Developer Dashboard. 

I have used only one permission "activeTab" and this is required to generate and verify xpath with current DOM.

Simeon and Team, my humble request please help me here. I am not getting any idea what's wrong I am doing here. 

Request to all, please if anyone get any idea here, please please help me.  It's very useful tool for all the developers and testers. All are facing a lot of issues. :( :( 

 "background": {

        "scripts": ["extension/background.js"],

        "persistent": false

    },

    "content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'",

    "permissions": [

        "activeTab"

    ],

    "content_scripts": [{

        "matches": ["<all_urls>"],

        "all_frames": true,

        "css": ["content-script/contentScript.css"],

        "js": ["content-script/contentScript.js"]

    }],

    "devtools_page": "devtools-panel/devtools.html"

    

}

[Dev]

Is it something wrong I have given here in the description?

[PhistucK]

Do you really need the content script? I guess you can evaluate code on the inspected page instead from the panel instead, right?

Also, the content security policy you listed in your manifest implies (to me) that you may be loading and running remote scripts, which is also forbidden, is this (still?) the case? If not, removing it might do the trick.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b2f311aa-7ae5-456d-9ba7-1565e8862ff0%40chromium.org.

[Dev]

Thank you for the quick response and help.

We need to execute ContentScript from the panel to generate selector so I believe this is fine.

You are very correct about security policy. We are not using any remote script. Let me delete this and resubmit it. 

Really appreciate your support and thank you again for the information.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

[Dev]

I have removed the Content security policy but still it got rejected with the same reason.

Here is the manifest file. I am not sure what is wrong here in permission and policy.

Please help me. Really appreciate your support.

{

    "manifest_version": 2,

    "name": "ChroPath",

    "description": "AutonomIQ offers a developers platform ChroPath to generate and validate unique selectors like relative xpath with iframe support",

    "version": "5.1.2",

    "browser_action": {

        "default_icon": "icon.png",

        "default_popup": "extension/popup.html"

    },

    "icons": {                   

        "48": "icon.png"

    },

    "background": {

        "scripts": ["extension/background.js"],

        "persistent": false

    },

    "permissions": [

        "activeTab"

    ],

    "content_scripts": [{

        "matches": ["<all_urls>"],

[PhistucK]

I still wonder whether you must have the all-URL matching content script, because that is a very broad permission (it effectively also lets you initiate HTTP requests to all URLs, which is not something that is encouraged).

You can use chrome.tabs.executeScript when the Developer Tools are open (using message passing). For the popup, if needed, also, use chrome.tabs.executeScript.

☆PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b2f311aa-7ae5-456d-9ba7-1565e8862ff0%40chromium.org.

--

You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/c03b3dae-7a6b-4fe5-a6e3-5bd215ec7c13%40chromium.org.

[Dev]

Thank you PhistucK for the input. 

Yes we have the all-URL matching content script and it was working fine from more than 2years. 

Here we need <all_urls> permission to execute content script on any website because this extension can be used for any url to generate and verify xpath.

I just suspected that I have added ChroPath for Firefox and ChroPath for Edge addons link in this extension html code. Can that be an issue?

Though I have removed them and again submitted it for review. Hope it will work. :(

Please correct me if I am saying anything wrong or doing wrong. Any help is much appreciated.

It is just an idea, can it be possible at Chrome Review side that wherever they found the issue and due to which the rejection happens-

"Just include the screenshot of that wrong part in rejection mail.". 

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b2f311aa-7ae5-456d-9ba7-1565e8862ff0%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

[Dev]

My extension still getting rejecting after complete code refactoring and clean up.

Using only <all_urls> permission which is required for this tool because it has to inject the script content script. And this plugin works for all the website as well as offline so need this.

I am not sure what wrong happened here, same code was working from more than 2years and now its getting rejected. 

Simeon and Team, my humble request please help me here. :( Really appreciate your support.

{

    "manifest_version": 2,

    "name": "ChroPath",

    "description": "AutonomIQ offers a developers platform ChroPath to generate and validate unique selectors like relative xpath with iframe support",

    "version": "5.1.4",

    "browser_action": {

        "default_icon": "icon.png",

        "default_popup": "extension/popup.html"

    },

    "icons": {                   

        "48": "icon.png"

    },

    "background": {

        "scripts": ["extension/background.js"],

        "persistent": false

    },

    "permissions": [

        "activeTab"

    ],

    "content_scripts": [{

        "matches": ["<all_urls>"],

        "all_frames": false,

[PhistucK]

It does not matter how many years you had the extension in the web store using the same permissions. The new web store policy discourages <all_urls> and similarly broad permissions unless absolutely necessary if I am not mistaken.

Since it seems like your use cases can be implemented without it (due to activeTab and Developer Tools panes), I am assuming this is why they reject it, so my suggestion still stands.

This is the final time I will mention this as I am sounding like a broken record at this point. :P

Everyone agrees, including the Simeon (a Googler that is a developer advocate for Chrome extensions), that reviewers could and should make it much easier to understand the exact problem for which they reject, but this is the situation at the moment, unfortunately.

☆PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b2f311aa-7ae5-456d-9ba7-1565e8862ff0%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/c03b3dae-7a6b-4fe5-a6e3-5bd215ec7c13%40chromium.org.

--

You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/97b128ad-fa7b-43f6-9849-c083f50f9210%40chromium.org.

[Dev]

Thank you PhistucK for your help and input.

I guess you are right. I am trying to implement the functionality as per your instructions and avoiding using all_urls. 

I will update the solution here if it will work. That will help many. Thank you.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b2f311aa-7ae5-456d-9ba7-1565e8862ff0%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/c03b3dae-7a6b-4fe5-a6e3-5bd215ec7c13%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.