One thing I tend to be responsible for at Thycotic is extension development for browsers. These extensions augment our own web applications that customers can optionally install. While working on a Chrome extension, I was greeted by a very surprising message while testing installation:
Extensions, apps, and user scripts can only be added from the Chrome Web Store.
Typically, Chrome extensions are distributed as a CRX file, or a Chrome Extension file. They are basically signed zipped files (more details on them here), and developers could either host them in the Chrome Web Store, which is great if you don’t want to host the extension yourself (or don’t have a server to do so), or you could host the extension yourself on your own server, and just point Chrome to that.
Starting in the Chrome 21 Dev Channel, it appears that Chrome is taking away the option of hosting the extension yourself and it must be hosted in the Chrome Web Store.
This has a big impact on us.
Hosting an extension on the Chrome Web Store is simple. All it really means is you upload your extension as a ZIP instead of distributing an CRX.
Regardless, this still irks me for a couple of reasons.
First, Chrome charges for Developers to upload an extension. It’s only a measly $5 one time fee, but I can’t help but get the feeling like Google is trying to nickel-and-dime me, and all other developers. It seems like Chrome is latching on to the “App Store” idea, and extensions are going to be a part of that initiative. Their explanation is, “it offers better security because it allows us to remove malicious extensions”.
Part of me buys that. Safari does the same thing. If you want to release a Safari extension, you need a developer account, you need a digital certificate to sign it. Apple can revoke the certificate via a CRL at any time. The difference is, Apple does it for free.
Secondly, Chrome doesn’t offer a clear migration path from self hosted extensions to the Web Store. I managed to find a Google Group Discussion with unofficial documentation on how to achieve this.
Thirdly, working around this isn’t very friendly. Chrome 21 can still install extensions from self hosted URLs, but it basically boils down to the user downloading the CRX file, opening the Extensions configuration page in Chrome, and dragging it onto that page. Other options, like whitelisting the extension URL, using an installer (like an MSI), aren’t a great alternative either.
Now that isn’t to say any of this could change before Chrome 21 hits general availability, it is on the Dev Channel (unsure about beta) – but it is clear that they intend to make this move given this page.
Google, please reconsider.