Hi Simeon - thanks for the clarification. I’ll do some digging, but - based on exploration I’ve done so far - I don’t think my “save all page images” will work with just activeTab in its current state.
I take your point re “the extension can do what the page does with injected content scripts”, but for the image-saving case, the extension needs more capability than what the page itself can do. Specifically for images, a page can load images from third party origins and display them, _but_ it cannot access the image content as it’s considered “tainted”. So an extension content script runs into exactly the same problem - you can fetch the image, but you can’t do anything with the image data, so you can’t save it (unless you add the Access-Control-Allow-Origin=* header on the image response).
I was hoping I could fall into the “pit of success” here - a phrase I’ve heard re manifest v3 - but it seems I’m bumping into a wall. I’ve a use case that doesn’t fit into activeTab alone and will require broad host permissions that I don’t really want.
I wonder if there’s a feature request that can be made from this use case, like being more nuanced on extension access to origins accessed in rendering web pages - are all origins alike?
I take the point that current activeTab capability is erring on the side of protecting users, but it kind-of isn’t if it leads me (and other developers?) to request far broader host permissions than necessary.
Cheers
Greg