Are you sure that's current? I made an extension (just for myself) a few months back and I could restrict the domains via the permissions array in the manifest.json
This then in turn populates the list of sites in the extension settings where you can choose to deny access to the aforementioned websites listed in the manifest
Oh sorry, yes I am mistaken (been a while for me). I guess a lot of developers just use permissions "host": " * " because it's easier...
What extension did you make? I made [1] an extension a while ago, and spent more time than I'd care to admit. Now that I think about it, I used "host": " * " too! (even though it's necessary for that particular extension)...
Hey neat! See your extension would obviously need access to all sites to check against reddit/HN so that makes sense.
My extension wasn't published, it was targeted to a specific site (so could narrow the scope of the permissions) and was just set up to allow downloading of images individually (via an overlayed button) and an album as a zip. Pretty legal grey area hence me not publishing it.
https://developer.chrome.com/apps/declare_permissions (see reference to "match pattern")
This then in turn populates the list of sites in the extension settings where you can choose to deny access to the aforementioned websites listed in the manifest