I have implemented cookie-based authentication in a chrome extension. However, it seems that whenever the extension is autoupdated, my cookie authentication fails and I have to re-log in to the extension. Is this expected behavior? My extension seems to be clearing all of the cookies whenever the extension is updated, forcing a re-login.
Related
Environment:
Ubuntu 18.04.6 Desktop 64-bit
Google Chrome 98.0.4758.80 (Official Build) (64-bit)
FireFox 92.0 (64-bit)
What I did:
Install apache2 (so it starts a default local website that I can access at http://localhost).
Edit /etc/hosts and add the following entries:
127.0.0.1 app
127.0.0.1 app2
127.0.0.1 napp
On Google Chrome, open the following URIs:
http://localhost: Successfully opened the "Apache2 Ubuntu Default Page" as an insecure domain.
http://app: Got redirected to https://app automatically and returned the error "This site can’t be reached"
http://app2: Same as http://localhost.
http://napp: Same as http://localhost.
On FireFox, open the following URIs:
http://localhost: Successfully opened the "Apache2 Ubuntu Default Page" as an insecure domain.
http://app: Same as http://localhost.
http://app2: Same as http://localhost.
http://napp: Same as http://localhost.
I searched on Google and saw posts that talk about the automatic redirect from http to https, such as How to Stop Chrome from Automatically Redirecting to https. I followed the posts by deleting the security policy for the domain app and clearing the browser cache of all the time, but I still got redirected from http://app to https://app. (In fact, I was using a freshly installed OS and Google Chrome and had never opened any websites before doing the test.)
Why does Google Chrome automatically redirect http://app to https://app but doesn't do that to http://app2 or http://napp?
I also learned that Chrome & Firefox now force .dev domains to HTTPS via preloaded HSTS and Google rolls out .app domains with built‑in HTTPS. So it looks like the browsers are using preloaded/builtin HSTS to enforce the use of HTTPS. But does http://app count as a case of .app domain?
I think it should be some browser settings because FireFox didn't do the redirection.
Simply put, Chrome uses a HSTS preload list to automatically redirect certain domains from HTTP to HTTPS. This preload list is "a list of sites that are hardcoded into Chrome as being HTTPS only." app is already included into this preload list, as shown by this link: "Status: app is currently preloaded." Therefore, when http://app is entered, Chrome automatically redirects it to https://app. But app2 and napp are not included, so http://app2 and http://napp are untouched.
I wrote the article Why does Google Chrome automatically redirect http://app to https://app but doesn't do that to http://app2 or http://napp? to explain this with more details and other related links.
I need to clear the cache for one file in Chrome.
I was setting up loading a font from my own CDN, and added the cache-control: public, max-age=31536000, immutable header. However, I did not setup CORS correctly, so I got a CORS error. Now, that CORS error is fixed, but Chrome is still serving the old request because of the cache control header.
Note: I only need to clear the cache this one time. I want the font to be immutable in the future.
Things I've tried
Clear recent browser cache from settings
In Devtools > Network, select "Disable cache"
In Devtools > Network, right-click the network request and select "Clear from cache"
Hard reload with ⌘⇧R (on a Mac)
Long-click the refresh button in the upper left and select "Empty cache and hard reload" (https://stackoverflow.com/a/7000899/11506995)
And I can confirm that the CORS error for two reasons:
Now works in Safari (didn't before)
Running curl -IL -X'GET' -H'Origin: http://localhost:3000' https:example.com/file returns the correct CORS headers
Related posts
Disabling Chrome cache for website development
How to force Chrome browser to reload .css file while debugging in Visual Studio?
Chrome WON'T clear cache... ctrl + F5 doesn't seem to work either
I have a self hosted chrome extension.
It is ready for self update - URL in manifest file and configured GP on PC.
Extension could not be installed automatically or manually.
Tried to run browser with debug chrome.exe --vmodule=extension_updater=2 --enable-logging --extensions-update-frequency=30 but there are no errors related to my extension, it is even not listed in log.
When i try to drug extension in dev mode to browser i have an error that my extension is disabled by admin, but it is whitelisted, blacklist section is missing.
All is ok in chrome://policy
Any ideas ?
JetBrains IntelliJ IDEA sometimes loses its own JetBrains IDE Support plugin in Chrome. Upon debugging in IDEA, Chrome complains that:
hmhgeddbohgjknpmjagkdomcpobmllji is blocked
Requests to the server have been blocked by an extension
and stays on this page:
chrome-extension://hmhgeddbohgjknpmjagkdomcpobmllji/loading.html?__QUERY__
Where hmhgeddbohgjknpmjagkdomcpobmllji is JetBrains' plugin ID.
Instead of redirecting to the target page of the form:
http://localhost:63342/__PROJECT__/__PATH__/index.html
Restarting Google Chrome or disabling-and-enabling IDE Support plugin helps. IDEA "finds" Chrome again and Debug workflow works as intended.
Another possible problem is a failed authorization.
To debug a URL like this:
http://localhost:63342/__PROJECT__/__PATH__/index.html
Open it in the browser before starting to debug. It'll give 404 Not Found. Then switch back to IDEA and it will offer you to Copy authorization URL to clipboard:
http://localhost:63342/__PROJECT__/__PATH__/index.html?_ijt=__KEY__
Open this URL.
After this manual authentication is complete, IntelliJ IDEA should be able to debug index.html in Chrome.
IDEA always opens index.html for debugging in the browser window where the latest authentication happened. E.g., in a Chrome Incognito window, instead of a Chrome "normal" window, if you've just authorized IDEA in Incognito.
Going incognito may require an additional setup:
https://intellij-support.jetbrains.com/hc/en-us/community/posts/206201319-launching-chrome-incognito-in-intellij-12
I have created a Chrome extension and also published it to tester group on Chrome Webstore. When I am trying to load (add) the extension from my site, getting error as
Uncaught Invalid Chrome Web Store item URL.
On method Installer.prototype.install = function(url, onSuccess, onFailure) in webstore javascript file (provide by chrome to install extension on browser).
I have done to install extension by inline installation which is approached by Chrome.
I have verified the "url" on inline installation by browser address space which is properly getting the extension location on chrome web store.
I am not able to find the problem, please help me to come out of this.
Make sure that your URL is of the form https://chrome.google.com/webstore/detail/itemID. The Chrome Web Store recently started to advertise URLs of the form https://chrome.google.com/webstore/detail/*title*/itemID, which are not accepted for inline installation.
For example, for Google Mail Checker, the URL should be https://chrome.google.com/webstore/detail/mihcahmgecmbnbcchbopgniflfhgnkff, not https://chrome.google.com/webstore/detail/google-mail-checker/mihcahmgecmbnbcchbopgniflfhgnkff.