How to test optional permissions in a Chrome extension? - google-chrome

I'm thinking of moving some of the permissions in an unpublished Chrome extension to being optional instead of required in the manifest, and wanted to test the user flow.
Calling chrome.permissions.request() in an unpacked extension seems to just succeed silently. The browser dialog that the user should see isn't displayed.
This Chrome developer page suggests you can test the normal user flow using a packaged .crx file:
If you'd like to see exactly which warnings your users will get, package your extension into a .crx file, and install it.
However, Chrome no longer seems to let you install an arbitrary .crx file outside of the Chrome Webstore. Dragging and dropping the file on the Extensions page lists it, but the Enabled checkbox is disabled. This SO comment indicates that testing permissions in this way is likely no longer possible, but I haven't seen any official documentation about it.
I was actually able to install and enable a non-Webstore .crx file by adding it to the extension whitelist in the Windows registry, using these instructions, but that extension didn't trigger the permission request dialogs either.
So my questions are:
Is there a way to test the permission request flow other than publishing an extension to the Chrome Webstore?
What's the best way to remove the optional permissions once you've accepted them, in order to test the flow again? Delete the extension? Call chrome.permissions.remove()?

Turns out I confused myself by requesting the "sessions" permission when the extension already had a required "tabs" permission. Apparently, requesting "sessions" when you already have "tabs" doesn't trigger the permissions dialog.
However, calling something like chrome.permissions.request({ permissions: ["bookmarks"] }) does, in fact, show the permissions dialog, even in an unpacked extension.
So the answers are:
There's no need to publish an extension to the Chrome Webstore. Just request an optional permission with your local unpacked extension to see the dialog.
It looks like the only way to trigger the permissions dialog again is to delete the extension completely and reinstall it. Calling chrome.permissions.remove() does remove it as far as the APIs go, but the permission is silently re-added if it's requested again.

Related

How to test local changes to Chrome Extension

I am trying to fix a bug in a Chrome extension. I installed the extension from the web store. I found the error. I opened the installed files and made changes that may or may not fix the problem locally. I saved the changes. Now Chrome complains and says "This extension may have been corrupted."
I have no idea if the change will work. I do not want to go through the build process and upload the modified extension to the web store just to test a three line change.
How do I get Chrome to just use the modified extension? Or can I just ignore the "This extension may have been corrupted" error?
I think I figured it out. I was seeing the "This extension may have been corrupted" error because I made the changes in place, meaning directly in "${LOCALAPPDATA}\Google\Chrome\User Data\Default\Extensions${extension_dir}". When I instead made the changes to my Perforce workspace directory and used the "Load Unpacked" feature to install the extension from there it worked.

Distribution of a Chrome extension through an application - is a "backup" OK?

My company distributes a Chrome extension along with our Windows apps. I have read the Google guidelines on doing so, here, and see that the recommended method of doing so is to publish the extension in the Chrome Web Store, which we have done. Then, during installation, we should place a key in the Windows registry, which will direct Chrome to download the extension from the store the next time it starts up. This all makes sense, and we are planning to use this method.
However, I am told by some of our developers that they are worried about certain scenarios (specifically in countries where access to Google servers may be blocked) where it may not be possible to install the extension this way. Therefore, they have proposed both using this method, and including the .crx file in our installation package. My question is: Will this cause any issues? For users with a normal connection to Google's servers, will they be able to receive the extension as normal?
Will this cause any issues?
As long as "it's useless, because it can't be installed" isn't an issue, then no, no issues including it. /sarcasm
You cannot install CRX files from third-party sources, even manually (and not at all automatically), with the possible exception of enterprise deployment via domain policies.
The only way to install a non-Store extension is as unpacked. This requires manually switching on the Developer mode, selecting the folder, and enduring the scary warning on every Chrome launch.
I'm afraid you'll need to consider excluding such scenarios from your potential market.
How to local install ALL Chrome CRX without any problem:
Chrome saves ALL information in %LocalAppData%\Google.
Install Chrome
Install Chrome .CRX you are needing
Back up %LocalAppData%\Google
Create WinRar to unpack saved profile to: %LocalAppData%
This bypasses the mandatory Chrome store installation.
What are the downsides of this method?
Using this method could overwrite existing user profile data/bookmarks.
Overwriting user saved bookmarks/passwords may cause data loss for user.
What is a possible workaround?
Firefox can use alternate profile, if set to do so via txt in user profile.
If Chrome profile can load alternate profile, locate the string/text responsible for this & edit it to use the new user profile path, then create a WinRar SFX to install to this new location.
This will then enable Chrome SFX installer (Via WinRar SFX) to install a chrome profile with the .CRX extensions desired already installed & not have to mess with pre-existing user data.
What are the downsides to this method?
Users may wonder how to get their old bookmarks/settings to work.
While users will get the new .CRX, it will be starting with essentially a blank profile.
How you can help:
We know we can install any unpacked CRX via SFX install.
We know we can potentially cause Chrome to use alternate profile to avoid corrupting or messing with user data.
We need someone with an idea how to install unpacked CRX without causing a problem in the old user profile.
Things tried so far:
Tried to locate the file(s) responsible for saving installed .CRX settings.
(Make unpacked CRX load & work properly)
Discovered a key file that contained bookmarks/user data also was the same one responsible for ID the CRX & making it load.
This presented a problem, because how is it possible to import this key file in a WinRar SFX installer, without also overwriting the user bookmarks/saved data?
If anyone can figure this part out, we can then use WinRar SFX to unpack CRX into Chrome profile directory, without overwriting/destroying user data.
Alternate method may be to re-route Chrome to use new profile with desired .CRX files already loaded, then cmd-line import the old profile settings/bookmarks/saved passwords.
If this is possible...
Congrats to all who are seeking solutions!
Working together, we can succeed!

Programmatically installing a chrome extension to the default profile [duplicate]

I've written an extension for Google Chrome that will be released with the next version of our product. I want to understand what properties, paths for extraction, registry entries, etc. should I provide the installer of my product so that the end user doesn't have to install the extension on their own manually, and the installer does the complete job of installing the extension, and also notifies the user that the extension has been installed. As of now, the code that I have written is placed in a folder, and I use the "Load Unpackaged Extension" to load the extension. What should I do to achieve the aforementioned task?
Google's current policy on installing extensions via the registry (for Windows machines) is this:
Only extensions from the Google Extension Gallery (or Chrome Web Store - CWS) can be installed via the registry.
See this link - https://developer.chrome.com/extensions/external_extensions - for information on how this can be done. Keep in mind the following:
-This technique will still pop-up a msgbox to the user. its not completely silent.
-When using this technique, if the user subsequently removes the extension from her Chrome, the extension gets "blacklisted" on that chrome and will not re-auto-install until the user re-install it
manually. refer to Auto-installing a google chrome extension won't work ! for details.
Chrome has a couple ways of installing extensions programmatically:
http://www.chromium.org/administrators/pre-installed-extensions
Edit: yes, this policy has changed by now, as FuzzyAmi points out.
If you're using GNU/Linux, this is how you pre-install an extension from the chrome web store for all users:
/etc/chromium/policies/managed/yourextension_policy.json
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
{
"ExtensionInstallForcelist": [
"yourextensionuniqueidentifiersup;https://clients2.google.com/service/update2/crx",
"yourextensionuniqueidentifiersup"
]
}
Reference
metamask-chrome - AUR

Chrome extension is not installed again through registry if it was deleted

I have extension in chrome store.
At first I added programmatically chrome extension through registry.
Next I removed by hands this extension in Chrome. And added programmatically folder in registry again. But it didn't install in browser.
Also when I removed extension, the folder with extension_id in registry didn't remove, so it even didn't change when I install it again...
How can I solve it? (without solution through chrome store "Add plugin")
This is intentional. If the user decides to delete an automatically installed extension, it is blacklisted on that profile and will not be installed automatically again. There's nothing you can (automatically) do.
From the docs:
What if the user uninstalls the extension?
If the user uninstalls the extension through the UI, it will no longer be installed or updated on each startup. In other words, the external extension is blacklisted.
A user, however, can clear the blacklist by going to the Web Store and installing from there:
How do I get off the blacklist?
If the user uninstalls your extension, you should respect that decision. However, if you (the developer) accidentally uninstalled your extension through the UI, you can remove the blacklist tag by installing the extension normally through the UI, and then uninstalling it.

How to install a Chrome extension programmatically?

I've written an extension for Google Chrome that will be released with the next version of our product. I want to understand what properties, paths for extraction, registry entries, etc. should I provide the installer of my product so that the end user doesn't have to install the extension on their own manually, and the installer does the complete job of installing the extension, and also notifies the user that the extension has been installed. As of now, the code that I have written is placed in a folder, and I use the "Load Unpackaged Extension" to load the extension. What should I do to achieve the aforementioned task?
Google's current policy on installing extensions via the registry (for Windows machines) is this:
Only extensions from the Google Extension Gallery (or Chrome Web Store - CWS) can be installed via the registry.
See this link - https://developer.chrome.com/extensions/external_extensions - for information on how this can be done. Keep in mind the following:
-This technique will still pop-up a msgbox to the user. its not completely silent.
-When using this technique, if the user subsequently removes the extension from her Chrome, the extension gets "blacklisted" on that chrome and will not re-auto-install until the user re-install it
manually. refer to Auto-installing a google chrome extension won't work ! for details.
Chrome has a couple ways of installing extensions programmatically:
http://www.chromium.org/administrators/pre-installed-extensions
Edit: yes, this policy has changed by now, as FuzzyAmi points out.
If you're using GNU/Linux, this is how you pre-install an extension from the chrome web store for all users:
/etc/chromium/policies/managed/yourextension_policy.json
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
{
"ExtensionInstallForcelist": [
"yourextensionuniqueidentifiersup;https://clients2.google.com/service/update2/crx",
"yourextensionuniqueidentifiersup"
]
}
Reference
metamask-chrome - AUR