About: security

Lately someone ask me why application need to have "Your data on all websites" permission.
According to Chrome Extensions developer guide apps and extensions work like websites - any dynamic content is executing as javascript. Browsers security model does not allow making HTTP request to other domain. If any app/extension need to send on receive data from other domain it need to include requested address in apps/extension manifest. Now, Advanced Rest Client Application need to send requests to any address. It is possible only if app/extension have permission like: http://*/* and https://*/* which means allow access to any internet address starting with http(s).
Extensions with internet address permission can actually read Your data on this websites (have access to cookies and session for this addresses). That's the reason why You have notify about accessing Your data on all website.
Fortunately you can read source code of whole application at http://code.google.com/p/chrome-rest-client/source/browse/ and see that this application do not interfere with any Your data on any website. There is no other way to make it work and do not give this permission (and not to use external server). On the part of application You do not need to worry about Your privacy. As long the source code is public You always can check what this application actually can do.


  1. hey man, i like your application very much, it helps me a lot! Glad to see such brilient programmer like you ;)

    but recently i found it unavailable from chrome web store, this link:https://chrome.google.com/webstore/detail/hgmloofddffdnphfgcellkdfbfbjeloo, it show removed error, what's the problem, was the link uncorrect, or google occur a server problem (if so this will be a great discover..)

  2. The application has been removed from Web Store by Abuse Team [sic!]
    Can't tell now why and when they restore it. More info: http://code.google.com/p/chrome-rest-client/issues/detail?id=23


Post a Comment