I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:
Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).
Any ideas?
No, the extension API does not offer any method to modify SSL settings or behavior.
You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.
For example:
chrome.webRequest.onErrorOccurred.addListener(function(details) {
if (details.error == 'net::ERR_INSECURE_RESPONSE') {
console.log('Insecure request detected', details);
}
}, {
urls: ['*://*/*'],
types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();
If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.
Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.
Related
I am using tessera for execute private transaction's in Quorum. When invoking the third party (privateURL) API from the postman, I am getting the expected output but when calling the same API's from the other server I am getting an empty response with 200 status code( http://:9081/storeraw). This issue is happening due to the CORS. I've checked with:
File:///< HTML_PATH >
and it's working.
How to enable CORS for tessera third party API's?
Currently, this feature is not implemented in tessera. I'm working already I'll get back to you once it's done. For enabling CORS follow steps below.
Clone repository from git.
open the file /jaxrs-service/src/main/java/com/quorum/tessera/thridparty/RawTransactionResource.java
Replace
return Response.status(Status.OK)
.type(APPLICATION_JSON)
.entity(response)
.build();
with
return Response.status(Status.OK)
.type(APPLICATION_JSON)
.header("Access-Control-Allow-Origin", "*")
.entity(response)
.build();
Recompile the code
Start tessera.
Note: This will allow all origins, please modify the code as per your security needs. This is not a standard, I am working on config changes that will allow you to have the freedom to enable CORS with corresponding changes.
I am trying to get a port's status in an application (not a content script). When I do :
this.port = chrome.runtime.connect("okcbadfdlhldjgkbafhnkcpofabckgde");
I get a valid port object but I can't find anyway to determine if the port can be used at all (I don't even get a disconnect event if the extension can't be reached).
The only way I figured out to have the connectivity state is to actually trap an exception when performing a this.port.postMessage.
Is there a better way ?
https://developer.chrome.com/extensions/runtime#method-connect
Update
Running Version 48.0.2564.97 (64-bit) on Linux Ubuntu
No cross-extension messaging, just application to/from extension
Extension source code but note I have since moved on to implement another strategy for the extension because of the issue raised in this question.
Your extension uses a background-script that provides listener function for the chrome.runtime.onMessageExternal event. This event is used to listen for incoming messages, send from external webpage-scripts (or other extensions) by calling the chrome.runtime.sendMessage method.
Since your extension does not provide a listener function for the chrome.runtime.onConnectExternal event, chrome.runtime.connect cannot work for your extension.
As far as knowing the connection status is concerned, in this case a simple try-catch block would do enough to know whether the extension supports port or not. If it does, you need to view the manifest corresponding to this extension - to see if a particular host is allowed to send messages or not.
I was able to send message to your extension (see the enclosed figure) by adding the following lines of code in the background-script. In addition to this, I also added the matches string for the host - www.example.org in the manifest.
chrome.runtime.onMessageExternal.addListener(
function(request, _sender, sendResponse) {
console.log(request);
...
}
);
For some reason suddenly when calling navigator.geolocation.getCurrentPosition() I get this error:
Network location provider at 'https://www.googleapis.com/' : Returned error code 403.
It used to work perfectly yesterday! Could there be anything with their servers??
It appears it is back up now. But before I realized it was working, I used another way to get location data as recommended by another user on reddit.com
var latLong;
$.getJSON("http://ipinfo.io", function(ipinfo){
console.log("Found location ["+ipinfo.loc+"] by ipinfo.io");
latLong = ipinfo.loc.split(",");
});
Source: https://www.reddit.com/r/webdev/comments/3j8ipj/anyone_else_had_issues_with_the_html5_geolocation/
This happens for me too on idoco.github.io/map-chat
I suspect that this is related the the changes google planed for Deprecating Powerful Features on Insecure Origins it seems that some changes were done in the last few days in this chromium Issue 520765: Deprecation and removal of powerful features on insecure origins
Can you test your site over https to confirm that?
In the meanwhile I found this api usage as a workaround on this repo:
$.getJSON("http://ipinfo.io", function(doc){
var latlong = doc.loc.split(",")
setUserLocation(parseFloat(latlong[0]), parseFloat(latlong[1]));
getLocation(parseFloat(latlong[0]), parseFloat(latlong[1])).then(function(res){
userLocationName = res
})
initialiseEventBus();
map.panTo(userLocation);
}, function(err) {
setUserLocation(Math.random()*50, Math.random()*60);
userLocationName = "unknown.na"
initialiseEventBus();
map.panTo(userLocation);
})
I had the same issue, you have to check your developer dashboard and make sure that your API key has no usage restrictions or warnings.
I'm working on a project that needs to use an extension that a customer must download and install, however my web page needs to communicate with the extension, so i use the documented way:
https://developer.chrome.com/extensions/runtime#method-sendMessage
chrome.runtime.sendMessage(string extensionId, any message, object options, function responseCallback)
{
...
}
This means i have to include the "extensionId" of an extension that only generates this code once its installed.
Doesn't this sound a little "cart before the horse"?
I have to explain this to our clients, how to go and get their extension ID, and some how apply it to this page in order for it to work? Its seems terribly clumsy, especially since i have have to set the permissions explicitly.
"externally_connectable": {
"matches": ["*://mywebsite.com/*"]
},
If I omit extensionId, it doesn't work.
"Uncaught Error: Invalid arguments to connect"
According to the link you posted, it says extensionId is optional and that it is "[t]he ID of the extension/app to send the message to. If omitted, the message will be sent to your own extension/app." So it seems that it should still work even without the extension ID.
Having said that I noticed the same error on an extension I'm trying to debug, but it seems to be all working despite it. And when I add the extensionId the errors disappear. Might need to find a way to access the extensionId from within the extension.
Update: I successfully substituted in '##extension_id'. See this.
I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:
Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).
Any ideas?
No, the extension API does not offer any method to modify SSL settings or behavior.
You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.
For example:
chrome.webRequest.onErrorOccurred.addListener(function(details) {
if (details.error == 'net::ERR_INSECURE_RESPONSE') {
console.log('Insecure request detected', details);
}
}, {
urls: ['*://*/*'],
types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();
If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.
Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.