I have a custom chrome extension that has a SSO login enabled, so, for use the extension, the user has to login with the corporate accout.
The SSO login is an external URL (Microsoft login), so, for the login, when the extension start:
I check the login.
If the user if not logged, I redirect to the SSO.
When the SSO is loged,it callback the extension URL.
When the extension is supposed to reload, i receive the error "crbug/1173575, non-JS module files deprecated" and the extensio not load, see the error images:
After this, if I close the extension and open it another time, the extension works with no problem because the user is properly logged.
to get rid of this error (crbug/1173575, non-JS module files deprecated.) I have to change the Cross-Origin-Embedder-Policy in .htaccess file , found in Apache server's web folder, from "require-corp" to "cross-origin":
- Header set Cross-Origin-Embedder-Policy "require-corp"
+ Header set Cross-Origin-Embedder-Policy "cross-origin"
Related
I published my extension on following link https://chrome.google.com/webstore/detail/poenibgdeeoelggbbbhdddojjjglhdjm/publish-accepted?authuser=0&hl=en.
When the extension runs the nativemessaging host and native messaging host sends a message it shows following error This extension may have been corrupted., and stops working.
The extension works fine in developer mode.
This extension may have been corrupted.
This is a message that Chrome shows if any of the files inside the extension folder change. When an extension is published, Web Store adds a Google-signed list of file hashes to the extension (in the _metadata folder), and any detected change is interpreted as a hijack attempt and leads to the extension being disabled.
You don't run into this in development mode, because Chrome does not consider file changes as abnormal (it is, after all, in active development).
If this is what your native component does (e.g. adds files to the extension or changes them), you can't use this technique. In particular, this does not allow you to change the extension's code externally.
Use other methods of storage of variable information in an extension, e.g. the storage API or IndexedDB, and other methods of communication, e.g. the native host communication protocol or a local webserver in the native component (but think about security if you're doing that).
On a former project I was working on there was a manifest.json file while allowed the app to be a progressive web application.
However even now on different projects I can see that my browser is requesting the service-worker.js file from the backend ie:
GET /service-worker.js 404 557.926 ms
How can I turn this off within my browser so I don't see these errant logs come through my app?
You need to unregister the service worker like such:
https://www.codementor.io/#himank/how-to-unregister-service-workers-n8mzf5jce
In case the link should stop working, these are the steps for Chrome.
open the dev console
click "Application" tab
click "Service Workers"
click "Unregister"
I have created manifest.json to a site to enable to save the web app icon on a desktop.
My developer website is over http - Which doesn't work when I click on add to home screen from application tab.
I am getting console error:
Site cannot be installed: the page is not served from a secure origin
The same code works over https.
How can I simply bypass this issue in http
Note : I have followed the following step in chrome browser, it didnt resolve my issue.
Stackoverflow previously Question
Any help will be greatly appreciated.
chrome://flags/#unsafely-treat-insecure-origin-as-secure
enabled and add site origin
The problem was service workers will only register and install on the secure origin. So followed following steps:
1) Go to chrome.exe path in the program files create shortcut of the chrome on the desktop
2) right click on the shortcut - Go to properties - update the target with the below changes
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --unsafely-treat-insecure-origin-as-secure=http://wzy.xyz.com,http://x.xyz.com --user-data-dir=/anydirectory/
Note: Make sure that you google chrome executable file is present in the above mentioned location.
Also this is only to test in the local environment.
I am using hublin. the camera and microphone was working fine locally but when i uploaded to server. camera permission pop does not appear, it just silently fails and at console there is error of
easyrtc.js:2100 invoking error callback PermissionDeniedError
easyrtc.js:2085 getusermedia failed
The problem is both with chrome and chromium however asking permission at firefox.
Also i tried to give permission manually but there is no cam-cross icon in rightcorner. In chrome settings>advanced settings>content-settings>camera>manage-exceptions there is no way to manually add specific url for allowing permission as in firefox.
Using of HTTPS for WebRTC applications is mandatory in Chrome. So, it just doesn't show permission dialog when working on a plain HTTP.
Hence, you should configure secure HTTP (HTTPS) on the web server (you can use certificates from LetsEncrypt - work like a charm). Or you can try to use some tricks/workarounds described in this article: https://webrtchacks.com/chrome-secure-origin-https/
BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?
Obtaining the certificate:
When chrome is configured to use Burp as a proxy, go to http://burp/cert and the DER encoded certificate will be downloaded automatically.
Download the certificate in BurpSuite under the Proxy->Options tab under Import / export CA certificate. Export the certificate in DER format.
Install the certificate:
Either by double clicking on it in your file browser (Nautilus in my case) or by importing it into Chrome.
Another way of installing it is by importing directly into Chrome.
Go to settings->Show advance settings... (at the bottom)->HTTPS/SSL:Manage certificates->Authorities(tab)->Import
In the file selector you must set the file filter to 'DER-encoded binary..' or 'all files' to make your certificate file visible. The default file selector setting is base-64 encoded ASCII and our file is DER encoded.
Now, for the step I was missing in other explanations, in the chrome certificate manager in the tab Authorities (where you just imported the certificate), find the newly imported certificate. In my case it looked like this:
Notice the "Untrusted", in my case this meant that it I still got the SSL warnings and the red padlock. Click on "untrusted PortSwigger CA" and click Edit...
Check "Trust this certificate for identifying websites." and click "OK". In my case the text "untrusted" didn't disappear directly but after restarting Chrome, the PortSwigger CA was trusted and SSL proxying works.
If this is a duplicate please tell me, but I haven't found a similar explanation.
For Mac: Configuring BurpSuite Proxy with HTTPS and fixing the your connection is not private message
1. Configure Chrome to use Burp as a Proxy
You can view detailed instructions of this step here
https://support.portswigger.net/customer/portal/articles/1783070-configuring-safari-to-work-with-burp
Make sure you hit OK and Apply
2. Download and Install the Burp Certificate
http://burp/cert
You need to have the proxy enabled to do this. Once it's downloaded, double click on it to install it. Save to login keychain.
3. Modify certificate permissions
Open Keychain Access and search for "portswigger" to find the certificate. Right click and hit "Get Info".
Select "Always Trust".
The red Your connection is not private message should be gone now.
In Kali linux with Chromium browser this work for me
Start BurpSuite
Open Chrome (Chromium web Browser) and type in url "127.0.0.1:8080"
Click on "CA Certificate" to Download the Certificate of Burp Suite.
View Image
Save file "Cacert.der" is the certifcate.
Note: when i try import directly to chromium with "der" extension the web browser did not recognized the file So the solution was next:
Open Firefox and click in settings or Preferences.
search certificates. View Image
view Certificates. View Image
Click on Import button and search cert.der previosly downloaded.
Then export (Firefox automatically export file with another extension "PortSwiggerCA.crt").
Now we can import the certificate in chromium web browser (The file "PortSwiggerCA.crt"). To import is the same steps for firefox:
Settings -> Search "certificates" -> view certificates -> authorities -> import