I am trying to publish an chrome extension with following manifest file.
Every time I publish my app it is getting rejected.
Updated
{
"manifest_version": 2,
"name": "Aiwozo",
"description": "AI Work Zone Web Automation Extension is an component developed for browser interaction to implement automation on web applications.",
"version": "1.1",
"icons": {
"16":"static/activate_icons/Aiwozo16.png",
"32":"static/activate_icons/Aiwozo32.png",
"64": "static/activate_icons/Aiwozo64.png",
"128":"static/activate_icons/Aiwozo128.png"
},
"background":{
"scripts":["background.js"]
},
"browser_action": {
"default_icon": {
"16":"static/activate_icons/Aiwozo16.png",
"32":"static/activate_icons/Aiwozo32.png",
"64": "static/activate_icons/Aiwozo64.png",
"128":"static/activate_icons/Aiwozo128.png"
},
"default_title": "Artificial Intelligence Work Zone"
},
"permissions": ["nativeMessaging", "<all_urls>"],
"web_accessible_resources": [ "css/general.css", "static/activate_icons/AIwozo16.png", "static/activate_icons/AIwozo32.png", "static/activate_icons/AIwozo64.png", "static/activate_icons/AIwozo128.png", "static/deactivate_icons/AIwozo16.png", "static/deactivate_icons/AIwozo32.png", "static/deactivate_icons/AIwozo64.png", "static/deactivate_icons/AIwozo128.png"]
}
It seems that Google now requires you, the developer, to provide an explanation of what your extension does (according to Single Purpose Policy) and an explanation of why specific permissions are needed.
This is on the Privacy tab of the "new" Developer Dashboard's listing:
Until those fields are filled out, Web Store blocks publishing of new extensions and updated versions of existing extensions.
On the plus side: it doesn't mean you have failed a review yet. So with good explanations you may be able to get this published. In your particualr case though, those are broad permissions + arbitrary code execution. It will be tough.
Try with
"version": "1.0",
Instead of
"version": "0.01",
Related
Apparently resolving CORS problems is frustrating for everyone. I'm writing a Chrome extension for mturk and everything I found on resolving CORS has failed. Most of the solutions I found are server side to which I obviously don't have access. From what I've found there are about 1000 ways suggested using "content_security_policy" in my manifest none of which work. Is there someone out there that has knowledge of mturk extensions and how to resolve the CORS problem? TIA.
FWIW, this is the manifest without any CORS resolutions:
edited manifest
{
"manifest_version": 3,
"name": "Auto_Select",
"description": "This extension auto selects Mturk HITs",
"version": "1.0",
"action": {
"default_icon": "auto_select.png",
"type": "module",
"default_popup": "auto_select.html"
},
"permissions": [
"activeTab",
],
"host_permissions": [
"<all_urls>"
]
}
I am trying to publish the extension to chrome app store. I tried many times but getting rejected every time,
the menifest file is:-
{
"name": "App name",
"description": "Blank!",
"version": "0.0.0.1",
"manifest_version": 2,
"icons": {
"128": "icon.png"
},
"background": {
"page": "background.html",
"persistent": false
},
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html",
"default_title": "Name"
},
"content_scripts": [
{
"all_frames": true,
"css": ["css/main.css"],
"js": [
"js/jquery-3.1.0.min.js",
"js/popup.js",
"main.js",
"js/dashboard.js"
],
"matches": [
"*://*.facebook.com/*/*/requests/",
"*://*.facebook.com/*/*/requests",
"*://*.facebook.com/*"
],
"run_at": "document_end"
}
],
"content_security_policy": "script-src 'self' https://apis.google.com 'unsafe-eval'; object-src 'self'",
"update_url": "https://clients2.google.com/service/update2/crx",
"oauth2": {
"client_id": "xxxxxx-xxxxxxxxxx.apps.googleusercontent.com",
"scopes": [
"https://www.googleapis.com/auth/spreadsheets"
]
},
"permissions": [
"tabs",
"storage",
"notifications",
"identity",
"*://*.herokuapp.com/*"
],
"web_accessible_resources": ["*.png"]
}
THe answers that I am submitting is like so-
Permission justification
Error Due to the Host Permission, your extension may require an in-depth review which will delay publishing.
tabs- to get the current tab url or location.
storage - to store the user token for authentication and user specific data.
notifications - to show the messages to the user when they logged in or logged out.
identity - to authorize user using google
Host permission -
https://.facebook.com/ = to get the facebook page URL and get the facebook group Id from the url
https://.facebook.com//*/requests/ = to get the request page inside the facebook and hence to activate the extension feature related to that group
https://.herokuapp.com/ = to access the apis from the backend server and to manage all the basic functionality.
Remote code - Yes, I am using remote code - I have called the google api module (https://apis.google.com) for adding the data to the user's given google sheet.
I have tried more than 5 time in a row, still gets rejects with the same error.
Let me know where I am making mistake.
Nobody knows how Chrome performs their reviews but at a minimum you should carefully go over the permissions, remove the ones you don't need and restrict the ones you have. I don't know how your extension works but it looks like there's a ton you can do here:
"tabs - to get the current tab url or location" - You shouldn't need this permission to get the current tab URL, only for more invasive queries.
"https://.herokuapp.com/" - This should be limited to the host you need to communicate to. Why would you need to communicate to any Heroku app at all?
"storage - to store the user token for authentication and user specific data." - Are you sure you need this? Test without it.
"script-src ... 'unsafe-eval'" - This is a massive security risk. You'd be best to change your implementation to not need this.
"object-src 'self'" - Why do you need this? You probably don't.
For the content_security_policy, you'd be better adding "default-src 'none';" to remove all permissions, then only add in only the ones you need.
"Remote code - Yes, I am using remote code - I have called the google api module" - Why do you need remote code for this? You should be able to implement this with JavaScript contained within your app + HTTP requests.
Hope that helps. The opaque Chrome review process is horrible.
For me, I was getting that message not because it was failing the review, but because I had not yet filled out the box "Host permission justification". You need to fill out this in order to be able to submit, otherwise it fails the form validation as it's a mandatory field.
In my case host permission was required because I was using a regex for a content script in the manifest file.
After completing the host permission justification field, I was able to submit. As the message suggests, requiring this permission could mean the review takes longer than if it is not required.
I have found that it's necessary to submit the privacy policy and terms of services links to the chrome store account section.
Hope it worked for you also.
I have an existing chrome extension in chrome web store with a similar manifest.json given below.
{
"manifest_version": 2,
"name": "Extension Name",
"short_name": "Short Name",
"description": "Some description",
"version": "1.0.83",
"icons" : {
"16": "something.png",
"32": "something.png",
"48": "something.png",
"96": "something.png",
"128": "something.png",
"512": "something.png"
},
"permissions": [ "tabs", "https://*/*", "http://*/*", "storage", "gcm" ],
"optional_permissions": [ "notifications", "webRequest", "webRequestBlocking" ],
"page_action": {
"default_icon": "styles/images/icon.png",
"default_title": "Name",
"default_popup": "popup.html"
},
"update_url": "https://clients2.google.com/service/update2/crx",
"content_security_policy": "script-src 'self' https://www.google-analytics.com https://d2xwmjc4uy2hr5.cloudfront.net; object-src 'self'",
"background": {
"scripts": ["scripts/jquery-2.1.1.min.js", "scripts/background.js"],
"persistent": true
},
"web_accessible_resources" : ["logo.png"],
"content_scripts": [
{
"js": ["scripts/jquery-2.1.1.min.js", "scripts/bigstuff.js"],
"run_at": "document_end",
"matches" : ["<all_urls>"]
}
]
}
Now I would like to customize the new tab page for the user, which requires me to modify the manifest and add the following details.
chrome_url_overrides": {
"newtab": "newtab.html"
}
Will adding this disable the extension for the existing users?
Your extension won't be disabled by Chrome (but see the end of this answer!). An updated extension is only disabled if the update introduces new permission warnings (warning: this list is incomplete).
To see what permission warnings are generated by the old and new extension, see the answer to What message is generated by the chrome “permissions” property in an extension manifest?
The following comment is an excerpt from Chromium's source code, near the logic that checks whether an extension update can be applied without user interaction:
// We keep track of all permissions the user has granted each extension.
// This allows extensions to gracefully support backwards compatibility
// by including unknown permissions in their manifests. When the user
// installs the extension, only the recognized permissions are recorded.
// When the unknown permissions become recognized (e.g., through browser
// upgrade), we can prompt the user to accept these new permissions.
// Extensions can also silently upgrade to less permissions, and then
// silently upgrade to a version that adds these permissions back.
//
// For example, pretend that Chrome 10 includes a permission "omnibox"
// for an API that adds suggestions to the omnibox. An extension can
// maintain backwards compatibility while still having "omnibox" in the
// manifest. If a user installs the extension on Chrome 9, the browser
// will record the permissions it recognized, not including "omnibox."
// When upgrading to Chrome 10, "omnibox" will be recognized and Chrome
// will disable the extension and prompt the user to approve the increase
// in privileges. The extension could then release a new version that
// removes the "omnibox" permission. When the user upgrades, Chrome will
// still remember that "omnibox" had been granted, so that if the
// extension once again includes "omnibox" in an upgrade, the extension
// can upgrade without requiring this user's approval.
The chrome_url_overrides permission.
When I follow the above steps with the following manifest.json,
{
"name": "Permission test",
"version": "1",
"manifest_version": 2,
"chrome_url_overrides": { "newtab": "manifest.json" }
}
Then I get a permission dialog without any warnings ("This extension requires no special permissions."). So Chrome (tested with 54 and earlier) will not disable your extension if you add this manifest key in an update.
That does not mean that you can now publish the extension without losing users. The New Tab page is frequently viewed by users, if you change it without their consent, then the users may remove your extension if they want to regain control over their New Tab page.
And carefully review the Single Purpose Policy of the Chrome Web Store: If you, for example, start replacing the NTP with an advert-laden page that is not related to your extension's functionality, the Chrome Web Store listing may be taken down by the store curators.
I'm trying to install a packaged application in Firefox OS simulator.
The installation succeeds only partially, since a link for the app is created, but without the proper icon. When I try to execute it, asks to download the app, which fails with a simple "download failed", and the application doesn't start.
I found the cause trigger of the failure, but I don't understand it. By mangling with the manifest I found that the problem lies in the declaration of locales in the manifest.
{
"version": "1.0",
"name": "xxx",
"description": "xxx",
"launch_path": "/app.html",
"icons": {
"16": "/icon_0016px.png",
"32": "/icon_0032px.png",
"48": "/icon_0048px.png",
"60": "/icon_0060px.png",
"64": "/icon_0064px.png",
"128": "/icon_0128px.png",
"256": "/icon_0256px.png",
"512": "/icon_0512px.png"
},
"developer": {
"name": "xxx",
"url": "http://xxx"
},
"fullscreen": "true",
"default_locale": "es",
"locales": {
"it": {
"name": "L'Open Web",
"description": "Eccitante azione di sviluppo web open!"
},
"de": {
"name": "Der Open Web",
"description": "Spannende offene Web-Entwicklung-Action!"
}
}
}
If I remove the locales block (and the preceeding comma of course), the application installs correctly, and that block is copypasted from the Mozilla example. The default_locale is not overriden either. So, I have no idea.
EDIT----------------
It works if I install it from the WebIde or the Application Manager. However, if I try a install from a webpage using navigator.mozApps.installPackage it fails.
I have tried different versions of Firefox (Firefox 30-34, Firefox OS 1.3-2.2) in different platforms (Win, Linux) and with different locales, and a Firefox OS phone (FOS 1.0), with similar results.
The manifest validator always says it's ok.
I've tried the same locales block on an app of mine, and it works. I successfully installed the app on the Firefox OS 1.1 simulator and on my phone, running Firefox OS 1.4. Maybe you are experiencing a bug in your simulator.
You can also try the app validator at https://marketplace.firefox.com/developers/validator.
I'm trying to use text-to-speech in a Chrome app, but I'm getting an error when trying to load the app.
My manifest.json looks like this:
{
"name": "APPNAME",
"description": "DESCRIPTION",
"version": "3",
"app": {
"urls": ["APPURL"],
"launch": {"web_url": "APPURL"}
},
"icons": {"24": "icon24.png", "128": "icon128.png"},
"permissions": ["tts"]
}
The error I'm getting reads "Could not load extension from <PATH>. Access to permission 'tts' denied."
Removing the "app" part of the manifest seems to allow it to load without problems. That would make me think that TTS is limited to Chrome extensions, but the docs suggest otherwise. Changing the "tts" permission to the "cookies" permission results in the same error, but changing it to "clipboardRead" does not.
I'm attempting to load the app via: Tools > Extensions > Load unpacked extension, and I'm using Chrome 16 on Ubuntu 11.10.
Can anyone tell me what I'm doing wrong?
It turned out that some permissions are only available for extensions and packaged apps. I was trying to use tts with a webapp, which is unfortunately not available.
That said, the Web Speech API is now available, along with Speech Synthesis.