I have written a simple Chrome extension and tested it using developer mode to load the unpacked extension. It works as expected this way.
Because the extension uses storage.sync API, I would like to undertake further testing with installations of the extension as published in the Chrome Web Store.
The Developer Dashboard for Chrome Web Store provides an option to publish to trusted users only:
Only trusted testers from your developer dashboard can see it.
You can also include members of a Google Group that you own or manage.
When I publish this way the trusted testers listed for my dashboard can reach the extension and install it from the Chrome Web Store. However, the extension is always disabled upon starting Chrome:
This extension is not listed in the Chrome Web Store and may have been added without your knowledge. Learn more
We, my testers and I, have not been able to find any way to enable an extension disabled by Chrome. Is there one? If not, the entire exercise of an "unlisted" publication mode for testing seems pointless.
The only work around I've found to this situation so far is to set the extension to "unlisted" rather than "published to testers" from the Chrome developer dashboard.
This is not at all satisfying, but did allow some real world testing in an unobtrusive way.
Related
For internal use in my department I wrote a Chrome extension. It works fine in developer mode and I delivered it to my colleagues by e-mail attaching the .crx-file. They opened chrome://extensions and drag-and-drop it there. The message
drop to install extension
appeared, Chrome installed the extension and it works like a charm.
Nevertheless, on the very first restart of Chrome, a message appears that Chrome deactivates an unsupported extension.
A link to the help page Extensions disabled by Chrome is added to the message, and states:
To protect you while you browse, Chrome only lets you use extensions that have been published on the Chrome Web Store.
While I understand the reason, is there any other way a user can explicitly tell Chrome an extension is safe? Some effort is acceptable as publishing the extension to the webstore is not.
I have no administrative access, so no changes to registry nor active directory are possible.
As noted, you need Active Directory level policies to whitelist / auto-install extensions. See Policy List.
Chrome will use many defense mechanisms to detect and fight other trickery. The stance is simple: anything an unprivileged user can do any other software can do to implant malware.
However, you should consider publishing in CWS.
This can be done unlisted; unless someone has the listing link, the extension won't be discoverable.
This approach will present a risk of a leak of the link, but with your current delivery mechanism crx can leak as well; in general, copy-protecting extensions is basically infeasible.
This can be done with enforced control over accounts; you can publish to a Google Group of "trusted testers", who will be the only ones to see the listing.
Won't work if you're not allowed to sign into your Google accounts in Chrome.
This can be published with enforcing access only to your domain's users - if you use GApps for your work.
All of the above might not work if your extension is somehow questionable by CWS policies; if you can't publish for this exact reason, and can't use AD policies, I'm afraid you're SOL.
There isn't a way without domain level management to make this work. You can't just have the user "say" it is safe, since the user "saying" something could very well be the attacker. Any mechanism put in place to get around this would simply be used by attackers and unthoughtful companies to add more junk into your browser.
I am making a chrome extension, and for the purposes of my Chrome Extension, I am wanting users to be able to sign in to their Google account so they can send information to a server. I have been reading about user authentication and whatnot from the Google documents, but this is for apps that are being published into the store, and mine is in development. This is brand new territory for me, and I am lost. I feel like there's something that I must be missing, but I don't know how to get started.
Thanks.
Check this documentation about the quick way of loading up your working directory for testing. Extensions that you download from the Chrome Web Store are packaged up as .crx files, which is great for distribution, but not so great for development.
I have seen other answers here, such as this.
But nowadays, you cannot simply drag an extension to the browser and expect it to work. Google does not allow you to activate it, showing a message "not downloaded from chrome store"
Now, I really don't want to publish anything. It's a personal extension for me and friends! How can I workaround this limitation?
You could publish to testers.
I know you said you didn't want to publish anything but it only shows up to google accounts you have listed at testers.
You really only have two options:
Distribute the crx and have them run in developer mode.
List the extension on the Chrome store.
It sounds like #1 is a problem for you (as it is for most). If you go with option #2, you can list the extension privately, so it isn't listed in the Chrome store.
For context, Google is not doing this to hold people back. Most of the browsers have tightened up these methods to prevent abuse. From Google's perspective, they cannnot differentiate between your friendly use case, and a hacker using an extension to place malware. If it's published through the store, they can scan for malware.
I'm building a Google Apps Chrome App (not extension but app) with gmail, calendar, etc.
I would like to run extensions from regular chrome in my app. For example, rapportive is a fantastic extension for gmail. But it seems that extensions do not run on pages hosted in a webview.
Does anyone have an idea of how enable extensions in chrome apps?
Extensions in Chrome Apps aren't available by design. A webview is meant to facilitate displaying web-based content that you control, in which case you'd have the ability to alter that content at the server, rather than relying on an extension to do so.
Incidentally, you should take note of the applicable terms of service, which won't let you publish the app you've described in the Chrome Web Store: "Do not post an app where the primary functionality is to link to a website not owned by the developer."
I would like to create an extension or app for the Chrome browser which would require access to a user's Google Calender (for creating new appointments).
I am unsure of which technology to better research and use, Chrome extensions or apps. My "app" wouldn't need much of a GUI, so I'm leaning towards extension — but I don't know if this would pose any difficulties for accessing a user's Google Calender to add an event.
Anyone one have any idea which technology is best for this situation, and why? Thanks!
Either, or... Go with an extension if you'd like.
I assume you've looked at the API reference?
https://developers.google.com/google-apps/calendar/
From there, I'd imagine you'd just need OAuth to authenticate the user. Here's the JS library:
https://code.google.com/p/google-api-javascript-client/
There are pros/cons of each types, apps or extensions.
Apps
If you would like to create a client application of Google Calendar which has many rich GUI components, this type will become a better solution.
In addition, Chrome apps can communicate with many hardware devices and other servers. Of course, your Chrome app can become as a server (that is, your app can open a server socket and accept a request from other client apps).
Chrome apps can be executed not depending on your Chrome Web browser. That is, Chrome apps cannot access to a context of your Chrome Web browser.
Probably, you don't want to get the pros above, I guess...
Extensions
If you would like to create a small UI for posting your schedule to Google Calendar, this type will become a better solution.
In addition, Chrome extensions can access to a context of your Chrome Web browser. That is, your extension can get page contents of each tab and inject your CSS and/or JS code. For example, your extension will get a URL of some opened tab and include it in a body of the posted schedule.
Chrome extensions completely depend on your Chrome Web browser. That is, your extension cannot execute independently.
Also, generally, high cost will be needed to develop Chrome apps than Chrome extensions. As the result, you should choose Chrome extensions, I believe.