Limited Runtime Host Permissions for extensions (Tampermonkey)

windows
bug
#1

Description of the issue:
Extension Tampermonkey v4.8 reports “Limited runtime host permissions might break some Tampermonkey features like script update, GM_xmlhttpRequest and others!”. Installed user scripts in Tampermonkey do not work, presumably as a result.

Steps to Reproduce (add as many as necessary): 1. 2. 3.

  1. Install extension Tampermonkey 4.8 from Chrome web store.
  2. Click on the extension - give it a few seconds to initialise.
    Note - It shows up a yellow warning “Limited runtime host permissions might break some Tampermonkey features like script update, GM_xmlhttpRequest and others!”
  3. Ensure extension has permission to read and change site data on all sites.
  4. Choose create a new script.
  5. Paste the contents of the script from https://pastebin.com/Nuh0e51q . This script essentially shows a Javascript alert popup on load of any page
  6. Save the script (Ctrl+S works). Ensure operation completed successfully appears at the top of the page.
  7. Navigate to a web page - say https://google.com - on another tab
  8. No Javascript alert popup appears. :frowning:

Clicking on Tampermonkey extension appears to show that the script was recognised and ran on the page, and yet nothing happened.

Actual Result (gifs and screenshots are welcome!):
Should have displayed a Javascript alert popup on load of the page.

Expected result:
As soon as the page loads, the installed script should have run and displayed a Javascript alert popup. This continues to work on the latest public release version of Google Chrome (Version 72.0.3626.96 (Official Build) (64-bit)) which appears to be on a very similar version of Chromium…

Example from Chrome:

Reproduces how often:
Always

Brave Version(about:brave):
Version 0.59.35 Chromium: 72.0.3626.81 (Official Build) (64-bit)
Version 0.59.34 Chromium: 72.0.3626.81 (Official Build) (64-bit)

Reproducible on current live release (yes/no):
yes

Additional Information:
https://github.com/Tampermonkey/tampermonkey/issues/640 suggests that the message is shown when the “all hosts” permission is not granted to tampermonkey by the browser. Extension is already allowed permission to read and change site data on all sites. Don’t think there is an additional user-configurable option? Yet it still works on Google Chrome running a very similar build of Chromium.

closed #2

This topic was automatically closed after 30 days. New replies are no longer allowed.