I built a chrome extension, available in the Chrome Web Store, that has an options/settings page. In the settings, people can add additional webpages to a blacklist (the blacklist is already populated with some websites when the extension is initially installed).
I am now about to release a v2 to the chrome extension (mostly css improvements and an additional feature) and wanted to know, if people have added a bunch of new webpages to their blacklist via settings when using v1, will pushing an update to google cause their settings to be reset (e.g., back to the original blacklist)? The blacklist is held in localStorage.
Thanks
No, it will not reset your settings after an update, localStorage and chrome.storage will be kept.
Btw, you can test updating process by building a crx file. There are plenty of tools which can help you to make build; (oncletom/crx is the good one).
Related
I have written a simple Chrome extension and tested it using developer mode to load the unpacked extension. It works as expected this way.
Because the extension uses storage.sync API, I would like to undertake further testing with installations of the extension as published in the Chrome Web Store.
The Developer Dashboard for Chrome Web Store provides an option to publish to trusted users only:
Only trusted testers from your developer dashboard can see it.
You can also include members of a Google Group that you own or manage.
When I publish this way the trusted testers listed for my dashboard can reach the extension and install it from the Chrome Web Store. However, the extension is always disabled upon starting Chrome:
This extension is not listed in the Chrome Web Store and may have been added without your knowledge. Learn more
We, my testers and I, have not been able to find any way to enable an extension disabled by Chrome. Is there one? If not, the entire exercise of an "unlisted" publication mode for testing seems pointless.
The only work around I've found to this situation so far is to set the extension to "unlisted" rather than "published to testers" from the Chrome developer dashboard.
This is not at all satisfying, but did allow some real world testing in an unobtrusive way.
For internal use in my department I wrote a Chrome extension. It works fine in developer mode and I delivered it to my colleagues by e-mail attaching the .crx-file. They opened chrome://extensions and drag-and-drop it there. The message
drop to install extension
appeared, Chrome installed the extension and it works like a charm.
Nevertheless, on the very first restart of Chrome, a message appears that Chrome deactivates an unsupported extension.
A link to the help page Extensions disabled by Chrome is added to the message, and states:
To protect you while you browse, Chrome only lets you use extensions that have been published on the Chrome Web Store.
While I understand the reason, is there any other way a user can explicitly tell Chrome an extension is safe? Some effort is acceptable as publishing the extension to the webstore is not.
I have no administrative access, so no changes to registry nor active directory are possible.
As noted, you need Active Directory level policies to whitelist / auto-install extensions. See Policy List.
Chrome will use many defense mechanisms to detect and fight other trickery. The stance is simple: anything an unprivileged user can do any other software can do to implant malware.
However, you should consider publishing in CWS.
This can be done unlisted; unless someone has the listing link, the extension won't be discoverable.
This approach will present a risk of a leak of the link, but with your current delivery mechanism crx can leak as well; in general, copy-protecting extensions is basically infeasible.
This can be done with enforced control over accounts; you can publish to a Google Group of "trusted testers", who will be the only ones to see the listing.
Won't work if you're not allowed to sign into your Google accounts in Chrome.
This can be published with enforcing access only to your domain's users - if you use GApps for your work.
All of the above might not work if your extension is somehow questionable by CWS policies; if you can't publish for this exact reason, and can't use AD policies, I'm afraid you're SOL.
There isn't a way without domain level management to make this work. You can't just have the user "say" it is safe, since the user "saying" something could very well be the attacker. Any mechanism put in place to get around this would simply be used by attackers and unthoughtful companies to add more junk into your browser.
number of websites i'm using changed their domain name, and chrome auto-fill suggests links to the URL with the old domain. how can I update all links in chrome's auto-fill / cache?
There is no way to edit existing history items, so your only solution would be removing offending URLs from history.
Sadly, there is currently a nasty bug preventing this from reliably working with extension API if Chrome Sync is used.
In case you happen not to use Chrome Sync, you can write a simple extension to invoke chrome.history.deleteUrl. Otherwise, you'll have to do it manually.
I have seen other answers here, such as this.
But nowadays, you cannot simply drag an extension to the browser and expect it to work. Google does not allow you to activate it, showing a message "not downloaded from chrome store"
Now, I really don't want to publish anything. It's a personal extension for me and friends! How can I workaround this limitation?
You could publish to testers.
I know you said you didn't want to publish anything but it only shows up to google accounts you have listed at testers.
You really only have two options:
Distribute the crx and have them run in developer mode.
List the extension on the Chrome store.
It sounds like #1 is a problem for you (as it is for most). If you go with option #2, you can list the extension privately, so it isn't listed in the Chrome store.
For context, Google is not doing this to hold people back. Most of the browsers have tightened up these methods to prevent abuse. From Google's perspective, they cannnot differentiate between your friendly use case, and a hacker using an extension to place malware. If it's published through the store, they can scan for malware.
I have several accounts for a website and currently I want to write an extension that I can open all the accounts simultaneously in chrome, each tab for one account.
So that means I want each tab with a separate cookie system, is it doable? If so please suggest the API I should use, thanks!
Go to Chrome Preferences. There is a Users section where you can add users. Each new user will have its own cookie jar, so you can log in to a site as many different users at once. It makes new chrome windows, but it seems you cannot drag a tab onto a window of another user.
According to Chrome documentation, you can modify HTTP headers (including cookies) in the onBeforeSendHeaders event handler. So, you need to store new cookies for every account by means of the onHeadersReceived event handler, and then substitute them for every tab in outgoing requests.
There even exists an extension which seems doing almost the thing you want - Chrome Cookie Switcher.
Also I have found an answer that may be helpful for your task: Associate a custom user agent to a specific Google Chrome page/tab.
I really don't think Chrome allows extensions to do this. If I recall correctly, extensions can inspect and block requests, but they can't modify them, such as changing cookies on the fly for each tab.
I suggest you use the --user-data-dir command-line option of Chrome. It allows you to keep several separate profiles, each in its own directory, and then you only need to start chrome with the proper option:
# run this command to use the first profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_1
# run this command to use the second profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_2
...
Each profile will be in its own Chrome window, with its own cookie store, instead of its own tab, but it's easier than writing an extension.
Lastly, if the website you're mentioning is Google, you can keep several Google accounts open at the same time.