With the new manifest v3 came the doom of webRequest and webRequestBlocking, how are we suppose to authenticate a proxy request?
Old way:
chrome.webRequest.onAuthRequired.addListener(function(details, callbackFn) {
callbackFn({
authCredentials: { username: username, password: password }
});
},{urls: ["<all_urls>"]},['asyncBlocking']);
So my question besides the one above is what is the new way of doing this? Docs say that webRequest is replaced by declarativeNetRequest, but they don't provide one single example of how to do this.
Manifest v3 looks like is broken and google developers don't care anymore:
https://bugs.chromium.org/p/chromium/issues/detail?id=1135492.
You need to add in your manifest.json the webRequestAuthProvider permission.
{
"version": "1.0.0",
"manifest_version": 3,
"name": "Chrome Auth Proxy",
"permissions": [
"tabs",
"unlimitedStorage",
"storage",
"webRequest",
"webRequestAuthProvider"
],
"host_permissions": [
"<all_urls>"
],
"background": {
"service_worker": "background.js"
},
"minimum_chrome_version": "22.0.0"
}
Related
Alright I'm making my first chrome extension and I've ran into a bit of a problem:
manifest.json
{
"name": "...",
"description": "...",
"version": "1.0",
"manifest_version": 3,
"background": {
"service_worker": "background.js"
},
"permissions": [
"tabs",
"scripting",
"activeTab"
],
"host_permissions": [
"tabs",
"scripting",
"activeTab"
]
}
background.js
chrome.tabs.onUpdated.addListener(function(tabId, info, tab) {
if (info.status == 'complete') changeTheme(tab);
});
function changeTheme(tab) {
chrome.scripting.insertCSS({
target: {tabId: tab.id},
css: "h1 { color: #212121; }"
})
}
The extension devtool console logs this:
Error: Cannot access contents of url "long ass url". Extension manifest must request permission to access this host.
How would I "Request" permission?
"host_permissions" is for matching urls not for permissions.
Change this:
"host_permissions": [
"tabs",
"scripting",
"activeTab"
]
Into this:
"host_permissions": [
"https://example.org/foo/bar.html"
]
Or any other urls you want the extension to be available on (expect chrome://)
If you want the extension to be available on all sites use:
"host_permissions": [
"<all_urls>"
]
I have followed a few tutorials out there:
https://developer.chrome.com/apps/app_identity
https://github.com/GoogleDeveloperExperts/chrome-extension-google-apis
https://mashe.hawksey.info/2017/05/using-the-google-apps-script-execution-api-in-chrome-extensions/
to get my chrome extension to authenticate with a Google API project but this code:
chrome.identity.getAuthToken({ 'interactive': false }, function (token) {
// Catch chrome error if user is not authorized.
if (chrome.runtime.lastError) {
$("#__sample_support_logarea").text(chrome.runtime.lastError.message);
console.log('No token aquired');
console.log(chrome.runtime.lastError.message);
sampleSupport.log('No token aquired');
sampleSupport.log(chrome.runtime.lastError.message);
} else {
console.log('Token acquired');
console.log(token);
}
});
always returns:
OAuth2 request failed: Invalid credentials (credentials rejected by client).
Here is my manifest.json:
{
"manifest_version": 2,
"name": "Shopify Partners",
"description": "Automate Proposal Creation",
"version": "1.0",
"background": {
"scripts": [
"background.js"
]
},
"content_scripts": [
{
"js": [ "jquery.min.js", "main.js" ],
"matches": [ "http://*/*", "https://*/*" ]
}
],
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"permissions": [
"activeTab",
"identity",
"https://accounts.google.com/*",
"https://www.googleapis.com/*"
],
"oauth2": {
"client_id": "..sr1t2ass4f9a0.apps.googleusercontent.com",
"scopes": [
"https://www.googleapis.com/auth/spreadsheets"
]
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8Cj7TI9toe9nK0Pw8FFk1hOlSCPUwJ/GUmWUgzyO3XBP2KoIFv+ISpOoPO++itYsDaXBgZzjk/EUeFMPUWbmuL6+lfs6orq39mMzQKLZEMV05bRaVVsj7gMtBGrsuOJm83Ugw+2tUVszH/yCzMFYNGqJe+ZaEPyUDVqeOfbZoo+JDleDveu0j+HTKDa6wVdDxndT+N86IEoPKCWfXdzMZ6+22ZTSPKYIvQbaHalqEQ9YAc80eHaL0eQNq/+aEv3oNWm2rbB8fy79koQKkZBuWJqgWmznWe6NzPkEpsiE+ilaUCKzWzFDFpiIC0A5Eq3KpWQdnQYDF1A2gmTh9vgkQIDAQAB",
"content_security_policy": "script-src 'self' https://apis.google.com https://ajax.googleapis.com; object-src 'self'"
}
Please note that I have omitted the complete client id here for security reasons.
The only thing that I suspect might be the reason for this is that I am running an unpacked extension in chrome dev mode which id is something like: gcnonhfkghlloailceiddfmlmdeajlkl
And in the Api Console when creating the credentials for the client I have specified the same:
Therefore I suspect that being an unpackaged extension might be comprising it. But publishing an extension in the Chrome store is a long process and certainly is not what is expected of such a simple task.
I think your extension id has changed. The same thing happened to me.
To fix this, I again created google OAuth 2.0 Client ID and it has been fixed.
I'm having trouble integrating the Dropbox API with a Chrome extension. Upon trying to authenticate the Dropbox, the redirect to the Dropbox confirmation/permission page works just fine, but the redirect back to the Chrome app fails. This is the error in the console:
Denying load of chrome-extension://mlabibnomhfmephibijgghejmmmbigpi/chrome_oauth_receiver.h…sGbCG&token_type=bearer&uid=14169733&state=oas_hquvrf6k_0.ycudjb24vysexw29. Resources must be listed in the web_accessible_resources manifest key in order to be loaded by pages outside the extension.
It seems that Chrome is preventing Dropbox from redirecting back to a page within the extension. Several hours of experimenting with permissions have yielded nothing.
Here's the manifest.json:
{
"name": "MyApp",
"description": "Description",
"version": "1.0",
"icons": {"16":"icon.png",
"48":"icon.png",
"128":"icon.png"},
"manifest_version": 2,
"permissions": [
"http://*/*",
"https://*/*",
"<all_urls>",
"tabs",
"storage",
"background",
"bookmarks",
"clipboardRead",
"clipboardWrite",
"contentSettings",
"contextMenus",
"cookies",
"debugger",
"history",
"idle",
"management",
"notifications",
"pageCapture",
"topSites",
"webNavigation",
"webRequest",
"webRequestBlocking"
],
"background": {
"scripts": ["backgroundcollector.js"]
},
"browser_action": {
"default_icon": "icon.png"
},
"web_accessible_resources": [
"http://*/*",
"https://*/*",
"<all_urls>",
"chrome-extension://mlabibnomhfmephibijgghejmmmbigpi/chrome_oauth_receiver.html&response_type=token&state=oas_hquul1r4_0.1qwu7sh12pqzolxr",
"chrome-extension://*/*"
],
"content_security_policy": "script-src 'self' https://www.dropbox.com; object-src 'self'",
"key": "(included so that the extension gets a persistent extensionID)"
}
(The large number of permissions is the result of a lot of experimenting to get this to work. Obviously they'll be removed later.)
Thanks in advance!
You've got a truckload of trash in your manifest file...
To allow other web pages to redirect to a page within your extension, you have to put this file at "web_accessible_resources", without chrome-extension://.. prefix, like this:
"web_accessible_resources": [
"chrome_oauth_receiver.html"
],
You should request as few permissions as possible, see Declare permissions for a list of descriptions for each permission. I guess that you can get rid of almost every permission after reading that document.
More Info/Update
I packaged and installed google's own sample app showing filesystem access and it also does not show the checkbox!
You can find it here: https://github.com/GoogleChrome/chrome-app-samples/tree/master/filesystem-access
Original Post
I have the permission asking for filesystem.write ability in my manifest but on the chrome://extensions page, the check box doesn't show up. And when I click "permissions" next to my app's icon, it only shows:
"Write to files that you have opened in the application"
What am I doing wrong? (This is a hosted app)
manifest.json
{
"manifest_version": 2,
"name": "Hello World",
"description": "A test application",
"version": "2.0.3.92",
"minimum_chrome_version": "23",
"offline_enabled": true,
"update_url": "http://mywebsite.com/updates/helloworld.xml",
"icons":
{
"16": "icon_16.png",
"128": "icon_128.png"
},
"app":
{
"background":
{
"scripts":
[
"utils.js",
"fs.js",
"main.js"
]
}
},
"permissions":
[
"unlimitedStorage",
"fullscreen",
{
"fileSystem":
[
"write"
]
},
"background",
"http://*/",
"tabs"
]
}
To get this to work you need either:
permissions: [ "<all_urls>" ]
or a scheme starting with file:///.
If you try *://*/* that will not work as it only represents http or https
XMLHttpRequest cannot load http://localhost:4567/save. Origin chrome-extension://cbemaelkkmebiohhjgmlclegalijdbbh is not allowed by Access-Control-Allow-Origin.
Even thought I'm getting this error the extension seems to be calling the URL. The message passing from contentscript.js to background.html took me a few minutes to wire up, but seems ok. I'm confused.
Here is my manifest.
{
"name": "FirstExt",
"version": "1.0",
"description": "My First Extension",
"browser_action": {
"default_icon": "icon.png",
"popup": "popup.html"
},
"content_scripts": [
{
"matches": ["http://*"],
"js": ["jquery.min.js", "contentscript.js"]
}
],
"background_page": "background.html",
"permissions": [ "http://*",
"http://localhost:4567/*" ]
}
Try changing http://* to http://*/ (and removing the localhost entry).
If you're trying to access a https page, you will need that too.
Replace "http://*" with "<all_urls>".