Are there any restrictions for the chrome unlimitedStorage permission as of now? I am not sure because the official chrome guide (https://developer.chrome.com/docs/extensions/mv3/declare_permissions/) might be outdated considering it is last updated on 2014
Related
For development purposes, I had a especially configured Google Chrome shortcut that allowed us to circumvent the same origin policy. This would in turn set a cookie with the result of the query to that endpoint, Anyway, the configured used to be as follows.
C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-gpu --disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure --disable-web-security --user-data-dir="C:\Users\joao.pereira\Documents\cors_user_data_dir"
However, as of Chrome 91, according to the release notes, the SameSiteDefaultCookies and CookiesWithoutSameSiteMustBeSecure would be dropped come Chrome 94.
Mar 18, 2021: The flags #same-site-by-default-cookies and
#cookies-without-same-site-must-be-secure have been removed from chrome://flags as of Chrome 91, as the behavior is now enabled by
default. In Chrome 94, the command-line flag
--disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure
will be removed.
And that's where we're at as Chrome 94 has arrived. With these dropped, I am currently unable to access the intended resources. Unfortunately, downgrading the Chrome version isn't an option either since the computer is controled by the organization. Setting another browser with a similiar configuration would work so suggestions in that regard are also appreciated.
You may ask your System Admin to disable this feature by updating managed policies on your system (if you don't have control) for your browser as mentioned here. See How To Setup for Windows
You can whitelist all of your domains that you don't want to check for SameSite cookie policy.
Here's the deal. We are trying to install some Chrome extensions (version 47+) via GPO. We're putting the ExtensionInstallForcelist under the user configuration, but it's not working. The registry entry shows up, so the GPO works, but Chrome doesn't seem to be reading it to perform the install.
There is a slight catch. We are running Websense Endpoint agent on our systems, which installs its own Chrome extension by adding a registry entry under the ExtensionInstallForcelist in HKLM.
When I look at the Chrome Policies, I see the ExtensionInstallForcelist enabled only for "Machine".
Does Chrome only accept one install list? Either HKLM or HKCU with HKLM being the preferred? At least that's the behavior that I'm seeing.
Any help or information would be appreciated. All of the information that I've found on Chrome Extensions and GPO only list the Machine policy and don't really cover the User policy.
Thank you.
We had the exact same issue as you, with the Websense Endpoint trumping any GPO User level ExtensionInstallForcelist settings we put in place for a custom Chrome Extension.
This was the party line I found from Chromium project regarding who wins in User vs Machine chrome policies:
"Correct. We do not merge policy values, we just use the value read from the highest-priority source."
(Taken from this person who had the same problem:
https://productforums.google.com/forum/#!msg/chrome/wygwLDak6ZQ/NKurhHpdCgAJ )
Observationally, the Machine level is apparently the higher priority source. As such, we moved all the Chrome extensions settings to the Computer Configuration level of the GPO instead, this worked and installed our custom extension and all settings, however, this in turn prevented the Websense Endpoint from making it's ExtensionInstallForcelist registry entries and stopped it loading correctly.
So we ended up adding the Websense Extension details to the machine level GPO ForceInstallList as well:
mkkjioebiampndpmidmadhpmgffdckhe;C:\Program Files\Websense\Websense Endpoint\dlpext.xml
This is obviously not the best approach, as we now need to manage/keep an eye the Websense endpoint deployments via GPO, but it got things working for the subset of machines we needed to install the Chrome extension on.
We have google chrome extension that needs to be used inside our organization. We have domains there.
Based on enterprise options the easiest approach for us is to host it on some internal web server, and then add address of that internal site as ExtensionInstallSources option to users PC via Group policies, but this does't work for me.
I've tried both registry and local Group Policy changes by adding Google Chrome adm\admx files.
Here is my registry change:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources]
"1"="http://localhost/*"
When i'm checking chrome://policy - it displays that it loaded this settings. But when i open http://localhost/myextension.crx - Chrome still displays an error that extension can't be installed from there...
I'm using 47.0.2526.106 m (64-bit) under Windows 8.1 Enterprise (x64)
What i'm doing wrong here?
I have more complicated option to download chrome source\pdbs, and then try to debug it to get understanding why it's not working but it may take a lot of time, as Chrome can compile for a couple of hours on Windows at first build....
So apparently this registry change just wasn't enough. After debugging chrome source i found why it doesn't work for me. I missed:
The referer MUST be present and it also should be whitelisted. So if i open url for my extension by direct link, then as referer is missing - it won't install it. (Oh Chrome, at least you could say with message about it...). If i have web page that has link to that extension, and it's also whitelisted, then it will work fine.
Second missed point was that extension id MUST be present in ExtensionInstallWhitelist, otherwise Chrome will install it and with 2-3 seconds delay will disable it. But if you have listed it under ExtensionInstallWhitelist, then it will be fine.
So my final registry change for localhost is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources]
"1"="http://localhost/*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]
"1"="fhojekmcngnmkdbcoegjdlojgfngkpak"
I found it after long debugging in ExtensionManagement class - https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/extensions/extension_management.cc&q=ExtensionManagement::IsOffstoreInstallAllowed&sq=package:chromium&type=cs&l=148
It is specifically the checkout that concerns me:
https://checkout.shopify.com/5045549/checkouts/6321b0e319fdc3cab47b8ba2d1e30b46?_ga=1.255397768.1085821832.1430095488
When I'm on the cart page http://store.rockettags.com/cart and click the checkout button I'm taken to https://checkout.shopify.com and get the issue.
Why am I getting the issue and how do I fix it please?
I did a search and only found this info: http://weblogs.asp.net/owscott/identity-not-verified-in-chrome
Is it true that shopify.com is using out dated security settings.
See photo
Chrome is reporting Shopify is using a SHA1 signed certificate as opposed to the new recommended SHA2 certificates.
Newer versions of Chrome now warn against this.
Their Certificate Authority does have SHA2 certificates available. So it may be a matter of Shopify needing to re-deploy their Certificates from DigiCert.
EDIT:
This appears to be a bug in Debian based (Debian, Ubuntu) distributions and this shouldn't happen on Windows. More information here.
Shopify is indeed using the newer SHA-2 certificates which can be verified here.
I want to integrate authentication into my chrome app, but I saw this warning here : https://developer.chrome.com/apps/app_codelab7_useridentification
Warning: Apps with authentication require the experimental permission in the manifest.json and, until they came out of experimental state, they cannot be uploaded to the Chrome Web Store. If you prefer, you can choose to skip this lab.
There seems to be a grammatical error in the warning # "until they came out of experimental state" which made it ambiguous to read.
Does this mean I cannot publish an app with this feature until the feature comes out of experimental state? Or until the app comes out of experimental state?
The Chrome Identity API is no longer experimental. The current page says "Stable since Chrome 29."