Remotely hosted code replacement in Manifest V3 - json

I previously had a content script that fetched the code and ran it through eval so that I could update the extension instantly for all users, without waiting for everyone's extensions to update.
From the migration guide:
Externalize logic with a remote service—Consider migrating application logic from the extension to a remote web service that your extension can call. (Essentially a form of message passing.) This provides you the ability to keep code private and change the code on demand while avoiding the extra overhead of resubmitting to the Chrome Web Store.
My question is, how can I do this? What exactly does this mean?

Related

How do I get Google Drive access for a desktop app?

I'm trying to write a Python program that uses Google Drive to do some custom backup and sync work from my Linux desktop.
I started using the PyDrive2 library, and followed its recommendations on how to sign up for Drive API access. When I run my program, it accesses Drive as I'd expect it to, but my authorization expires after a few hours, which is not going to work for a program that runs in cron. I thought this might be because my app is not verified, so I looked into verification, but it's asking for things like a my application's home page. Mine isn't a web-based application, so I don't have one.
Is there a good way to access Google Drive APIs from a non-web application?
if your access is expireing after only a few hours it sounds like you are not requesting offline access and storing the refresh token for later use.
If you followed Quickstart pyton You may have noticed this section. The users credetinals that being the refresh otken and the access token are stored in token.json for future use by your application.
# The file token.json stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
I thought this might be because my app is not verified, so I looked into verification, but it's asking for things like a my application's home page.
Your application only really needs to be verified if you are going to have other uses using it. If your only using it yourself then you really only need to remove it from testing phase and put it into production then your refresh tokens will last longer then seven days.
You could try to use a service account but i don't know of anyone who has gotten service account authorization to work with curl.

Access to Restricted data types and implement in development environment

We are developing application that needs write access to restricted data types. And looks like Google has stopped taking new request for whitelisting apps.
https://developers.google.com/fit/android/data-types#restricted_data_types
Note: Google has temporarily stopped taking new requests to write to restricted data types. We are updating our policy and process for reviewing requests and will update this documentation again when we resume.
Does anyone from Google have any idea when they will resume it?
Also: Is there a way to implement/write restricted data in development environment or debug build without whitelisting, and whitelist app before going to production?
There is no timeline yet for when this will be available.
(Source: I work on Google Fit)

How to request internal API in App Script

I have a project in GCP with some internal APIs (in VMs), Databases, and so on.
Now, I'm trying to create a GAS to obtain data from one of those internal APIs (Druid, in my case) to print some data in a Google Spreadsheet.
My point here is that I link the GAS to my GCP project, expecting to be able to connect to my internal IP (10.1.0.x) which is in a VPC, shared with the default one. So, if I start a new VM attached to the default network, I could be able to ping and connect to it. Seems reasonable.
But, when I execute the GAS function, the following pice of code fails: UrlFetchApp.fetch('http://10.1.0.3:8082/druid/v2/?pretty', options);.
Should I configure something else in the GCP project to be able to connect to internal APIs?
Should I change the way and use another GCP service to do so?
Any help would be more than appreciated!
Thanks
That is not supported in Apps Script. You could request a feature request in the bug tracker. See https://developers.google.com/apps-script/support#missing_features
Internal APIs run client-side and need to be incorporated within JavaScript code.
Within Apps Script you can run JavaScript code, if you deploy your project as a Web App.
You can then either embed the JS code within the HTML file attached to the project, or directly insert it within the <script></script> tags within HtmlService.createHtmlOutput().

Accessing web app developement URL from UrlFetch service

I'm trying to develop a simple web app using google script web app service and access it from another script using the UrlFetch service.
My problem is that in order to try the code on my web app I have to publish a new version every time because trying to access to the dev URL returns returns and HTML file telling me to sign in even though I've set the permissions for the web app to everyone, including anonymous (if I hit the production URL it does work, though).
I'm assuming that Google is limiting the access to the dev URL for security reasons but can someone shed a light on that assumption?
PS: I don't know if this is relevant but my google account is in a Google Apps for Education domain
Edit
I've found a method to avoid publishing the application for each code change: instead of calling it from the UrlFetch service, I've created a function in the web App code that does call the doPost or the doGet method (I've to create the request param, but that's easy) and I've changed the end of the script to log the result insted of returing it to the client. When the application will be ready, I can publish and develop the client using the UrlFetch.
Anyhow, if anyone knows about the limitation of the dev URL that would be great!
your assumption is correct, the dev url ignores your publishing permissions on purpose, only the developer has access to that url.
you could accomplish what you want using libraries. move the code in your called script to a library and add it to that script as "development mode" and publish your script service.
changing library code should also change your service because its on development mode.
Note that this can easily break your app if you save partial code changes, and makes it hard to test your changed code unless you make all changes and tests in a separate script copy. Making several changes at once in multiple apps script editor files is possible with their "Save all" File menu command (after manually pasting all code changes from your tested copy).

Testing Google app script HTML interface without deploying app

I am developing a one of those bulk delete script for gmail. I want to create a front end for the script so I can easily modify my settings on a per-label basis to specify how many emails I want to delete during a trigger event and how old they have to be for a particular label. I want to be able to test the interface similar to testing a script.....just hit the run button. However, google's script engine tells me I need to deploy the script and it's HTML files as a web app to test the interface.
Is there anyway to test the the interface and its interaction with my backend google script without deploying as a web app?
The answer is no, unless you "deploy" your code through a Spreadsheet. In fact, it's fairly well-documented.
See Serve HTML as a Google Docs, Sheets, or Forms user interface on that page for a "workaround" to testing your app without actually deploying it.
However, there is no harm in deploying it as a webapp. And as a matter of fact, you can see changes instantly after refreshing your app that you have deployed (published), using the dev macro you're given when you deploy it. This is the most useful tool for UiApp and HTMLService:
Edit: After you're done testing and you've "finalized" your code, you can disable the webapp, meaning that nobody can accidentally access it, you don't post the macro link to it, etc. It's a one-click process. Again, this is really the only way to test the code in my opinion, as it's most succinct for a real "development process". See image below: