Not able to access storage in Content Scripts in Chrome Extension Manifest V3

About

Asked 13/11, 2022 at 21:1 Answered 13/11, 2022 at 23:2

google-chrome-extension chrome-extension-manifest-v3

I tried to access information stored in chrome.storage.session in my content script, but the browser keeps informing me that "Access to storage is not allowed from this context" even though I enabled "storage" in manifest.json

After fetching some data in my background script, I store the received

chrome.storage.session.set({"data": data});

However, when I try to access it in my content script by running the following line:

chrome.storage.session.get(["data"],function(data){console.log(data)})

I got the following error:

Uncaught TypeError: Cannot read properties of undefined (reading 'session')

However, when I run the exact same command in my background script, I was able to retrieve the data.

I also made sure I enabled "storage" permission in my manifest.json. Why is this happening?

Thanks so much in advance!

Strikebreaker answered 13/11, 2022 at 21:1 Comment(1)

I think you have to set access level. See this post on google groups link – Gilletta 13/11, 2022 at 21:30

Access to storage is not allowed from this context

As the documentation says session is only for trusted contexts by default.

To enable it in the content scripts call setAccessLevel from such a trusted context i.e. in the background script or in an extension page like the action popup or options.

chrome.storage.session.setAccessLevel({ accessLevel: 'TRUSTED_AND_UNTRUSTED_CONTEXTS' });

Cannot read properties of undefined (reading 'session')

This error says that the parent of session is undefined i.e. chrome.storage is undefined, which can only happen in these cases:

you didn't reload the extension after editing manifest.json
an orphaned content script tried to access storage after you reloaded or updated the extension
your code is not a content script, but just a page script e.g. you ran it in a script element or injected with world: 'MAIN'.

Katherinakatherine answered 13/11, 2022 at 23:2 Comment(5)

Do you have any reference where I could understand what UNTRUSTED context actually is? Including why. – Narial 25/1 at 8:7

A trusted context means chrome-extension://ID (origin of the extension). An untrusted means anything outside of it, including the content script that run in a web page. – Katherinakatherine 25/1 at 8:50

Wow, thanks for making it explicit. I mean it's pretty obvious yet - to my surprise - nowhere to be found on Chrome docs. Would it be correct to assume that untrusted context would be a website I inject the Context Script too that could steal my data? I would like to understand the technical aspect of it because to my understanding unless it's my own CS, no one else has access to it. – Narial 25/1 at 13:19

It can happen theoretically if a web page (or another extension's content script in the web page) finds a way to perform a side channel attack like Meltdown or Spectre. – Katherinakatherine 25/1 at 13:48

So, in my perception, unless my extension is dealing with big crypto wallets (big stakes), the UNTRUSTED is just as safe to use. Let me know if that's wrong. – Narial 12/3 at 19:22

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags