Support new content script registration `optional` · wxt-dev/wxt#2239

(5 comments) (0 reactions) (0 assignees)TypeScript (9,861 stars) (511 forks)user submission

contribution welcomegood first issue

Description

Feature Request

Add a new registration: 'optional' option for content scripts that moves their matches into optional_host_permissions instead of host_permissions, and registers them dynamically via browser.scripting.registerContentScripts() at runtime.

Currently, registration: 'runtime' moves matches to host_permissions, which still triggers Chrome's permission escalation dialog when new hosts are added on extension update (disabling the extension until the user re-accepts). Extensions that want to support new hosts without disabling need to use optional_host_permissions instead.

Proposed API:

export default defineContentScript({
    matches: ['https://my-app.com/*'],
    registration: 'optional',
    // ...
});

Behavior:

Strip the content script's matches from manifest.json content_scripts
Add them to optional_host_permissions instead of host_permissions
- Would be nice if this was deduped if user already had urls in optional_host_permissions. example if I had *.app.com in optional_host_permissions theres no need to put auth.app.com because its covered by the existing one
Nice to have: Register dynamically via browser.scripting.registerContentScripts() in the background script
Scripts run only after the user grants the optional host permission

Is your feature request related to a bug?

N/A — though this addresses a common pain point where adding new content_scripts.matches entries causes Chrome to disable the extension on update due to permission escalation, even when the hosts are already covered by optional_host_permissions.

What are the alternatives?

We built a custom WXT module that:

Hooks into entrypoints:resolved to identify content scripts targeting optional hosts
Generates a virtual module with the optional content script data via prepare:types
Strips them from the manifest in build:manifestGenerated
Registers them dynamically in the background script using browser.scripting.registerContentScripts()

This works but requires significant custom infrastructure that could be a first-class WXT feature. The registration: 'runtime' codepath already handles most of this — the main difference is the target permission type (optional_host_permissions vs host_permissions).

Additional context

Chrome treats any new entry in content_scripts.matches as a permission escalation, regardless of whether the host is already in optional_host_permissions
optional_host_permissions changes alone do not trigger the escalation dialog
browser.scripting.registerContentScripts() registrations persist across service worker restarts and extension updates, so they only need to be set up once
This is a common pattern for extensions that progressively support new domains without disrupting existing users

Contributor guide

Tech stack: typescript
Domain: frontend
Issue type: feature
Difficulty: 3
Estimated time: 1-2 days
Activity status: fresh
Clarity: clear
Prerequisites: TypeScriptWXT framework basicsChrome extension APIs
Newbie friendliness: 50
Research direction: The issue proposes adding a new `registration: 'optional'` option for content scripts. To implement this, one should examine the existing `registration: 'runtime'` implementation in the WXT codebase, particularly how it handles manifest generation and dynamic registration. The key differences are moving matches to `optional host permissions` instead of `host permissions`, and using `browser.scripting.registerContentScripts()` to conditionally register based on user granted permissions. The custom module mentioned by the author hooks into `entrypoints:resolved` and `build:manifestGenerated` events; these are the likely integration points. Additionally, ensure deduplication of hosts in `optional host permissions` if already covered by broader patterns.