No, the extension could define host_permissions specifically for the supported sites.
If these apps have on prem, or some other technique for customizing the domain, the extension could request optional permissions programmatically in response to engaging with the extension icon.
I think they'd be good additions. <all_urls> permission leads to extra review scrutiny when submitting a build to the Chrome Web Store. And if you get popular enough there will be gentleman callers that want to buy your extension (and your users (to run custom js of unknown motive on all their websites)).
Thanks for this—this is instructive! Definitely going to change this on the next version submission. You’re right; if I want to support additional websites, then I should explicitly add them to host_permissions.
If these apps have on prem, or some other technique for customizing the domain, the extension could request optional permissions programmatically in response to engaging with the extension icon.
I think they'd be good additions. <all_urls> permission leads to extra review scrutiny when submitting a build to the Chrome Web Store. And if you get popular enough there will be gentleman callers that want to buy your extension (and your users (to run custom js of unknown motive on all their websites)).