Chrome custom tabs cookies, storage APIs and service worker - google-chrome

I tried to lookup many answers from stackoverflow but couldnt find anything specific to this, I am implementing payment app and I want to display custom-tab in my app to record user visit by storing user-id, either by setting a cookie or using localstorage or by installing a service worker for the domain that custom tabs opens.
Can a https page loaded in custom-tab write cookies that are also
available when visiting the same page from Chrome?
Is localstorage API available for my domain in custom-tab? if yes,
is stored value available from Chrome?
Is installing service worker allowed from Custom-tab? So I have
access to S/W from Chrome browser?
If none of this possible, how could I record the visit from custom-tab and have it available in Chrome when user opens the domain from chrome browser?
Thanks in advance

Chrome Custom Tabs uses the same Cookie jar as Chrome. So, if a Cookie is created when a user accesses the page from a Custom Tab and Chrome is the Custom Tabs provider, it is also available when the user goes to the same domain from Chrome (outside Custom Tabs).
Same as above.
Yes, it is possible to install a service-worker from a Chrome Custom Tab.
You can check all the above by opening the URL that adds the cookie, install the service-worker or writes to the local store inside a Custom Tab, setup the device for debugging, connecting it to your computer and navigating to chrome://inspect/#devices in Chrome. Then choose the device and inspect the cookies, local storage, service-workers, etc.

Related

Kibana dashboard embedded in iframe redirecting to login everytime, due to same site cookie setting in latest chrome browser

When I try to login to kibana(7.6 Version) iframe embedded dashboard it is redirecting to the same login page every time. As per my research on google, I found this is due to chrome browser latest update which enabled SameSite by default cookies default( Chrome Browser Settings Link ),
I can able to access the dashboard normally when I disable this setting.
But I am expecting a proper production kind of solution.
You can add the parameter xpack.security.sameSiteCookies: None in kibana.yml with ELK stack version above 7.8.0, to allow third-party cookies in iFrame. It can be used in the elastic.co cloud provider.
If you use a reverse proxy, you can add a header for SameSite.
References: https://discuss.elastic.co/t/cookies-issue-while-embedding-kibana-dashboard-with-iframe/256777/8

How to detect if chrome profile is in use chrome driver

We have an internal company utility that can open our internal sites through various browsers using the various browser drivers (iexplore, geckodriver, chromedriver).
One of the options for the chromedriver is to use the profile of logged-in Google users. However, it doesn't work if the profile is already in use from another instance of Chrome.
Anyone know of a way to detect if the profile of the currently logged-in user is in use? Then the utility can just skip adding that option into the list of arguments when we launch a browser.
I know there's a workaround for an individual computer, but as not everyone in the company will know how to set that up, it's okay if the instance doesn't automatically load the Google profile.

How to auto-login website in chrome with saved password

Chrome is auto-filling the credentials, but not log me in until I click login. How to automate? (windows, non-google websites).
Using the Chrome Identity API you can have Chrome (on desktop and Android) automatically attempt to log in the user when they hit your page, even if their session has expired.
Following is a workflow diagram of how it works, but the details can be found in the Google Authentication API: Let the user automatically sign back in section:
It is not the browser's responsibility to auto-login to websites. This is the responsibility of the website you are accessing. The browser can remember form data and auto-fill for you, as can various extensions like LastPass.
However, in order to actually auto-login, you must first login to the website you are trying to access and enable the option they provide, often called 'Remember me?'. The website would typically use a cookie to store the credentials (securely with a hash + salt), and if the cookie still exists (not cleared from the browser or expired), and the hash of real password in database matches the one in the cookie, the website will auto-login.
You could force the browser to try and auto-login with extensions, which are essentially macros. You could try Auto Login or iMacros extensions for this. I would generally avoid this though.
Anyone else stumbling into this thread from a google search.... you can do this with autohotkey. If you browse to yourbankhere.com and chrome fills in the user/pass, you can have autohotkey perform a mousemove then a mouseclick to click the login button.

Why is the google chromecast extension not injecting API on a whitelisted domain

I got a couple of domains whitelisted. Let's say they are a.mydomain.com and b.mydomain.com
I went to developer options in the chromecast extension and whitelisted mydomain.com and added data-cast-api-enabled=”true” to the html tag
At this point, I was expecting the extension to inject api_script.js (like the one that I am seeing on youtube and netflix)
What am I missing here?
There are two whitelisting procedures listed in the developer documentation.
The first is device whitelisting (under "Whitelisting your receiver device"). During this process you provide 1 or 2 target URLs to the Google Cast team, and they generate an application ID for you. Then when launching a session with the Cast API from a device (Android, iOS, or Chrome browser with extension installed) you provide the string "<applicationId>_<urlNumber>" and the receiver you select will then open the receiver page located at the URL associated with that string.
The second whitelisting (under "Whitelisting Chrome apps" at the link above) is specific to developing a sender app with the Chrome extension, and is configured within the browser. The Chrome extension will only inject the Cast API into specific sender pages currently, but allows developers to whitelist the domain their sender pages are on.
Be sure you are running Chrome version 28 or later.
If you haven't restarted Chrome in a while you may be running an older version; restarting will update Chrome automatically.
In the Chrome address field, enter chrome://extensions, and check the Developer mode checkbox to enable developer mode.
Install the Chrome extension for Google Cast.
On the Cast extension icon in the browser's upper right corner (next to the address field), right-click and select Options.
The Google Cast extension options page opens in a new tab.
On the blue Cast icon, in the page's upper left corner, click four (4) times.
The Developer Settings appear.
In the Cast SDK additional domains field, enter your application's domain, for example, "www.mydomain.com" and click Add.
Code your application's HTML tag as follows:
<html data-cast-api-enabled=”true”>
Reload the application's page.
I observed that the issue was a Javascript error on that page which prevented the injection of cast api by the extension. (Was missing jquery)
I have able to get the injected JS on all other pages

chrome extension: open an website with different account in each tab

I have several accounts for a website and currently I want to write an extension that I can open all the accounts simultaneously in chrome, each tab for one account.
So that means I want each tab with a separate cookie system, is it doable? If so please suggest the API I should use, thanks!
Go to Chrome Preferences. There is a Users section where you can add users. Each new user will have its own cookie jar, so you can log in to a site as many different users at once. It makes new chrome windows, but it seems you cannot drag a tab onto a window of another user.
According to Chrome documentation, you can modify HTTP headers (including cookies) in the onBeforeSendHeaders event handler. So, you need to store new cookies for every account by means of the onHeadersReceived event handler, and then substitute them for every tab in outgoing requests.
There even exists an extension which seems doing almost the thing you want - Chrome Cookie Switcher.
Also I have found an answer that may be helpful for your task: Associate a custom user agent to a specific Google Chrome page/tab.
I really don't think Chrome allows extensions to do this. If I recall correctly, extensions can inspect and block requests, but they can't modify them, such as changing cookies on the fly for each tab.
I suggest you use the --user-data-dir command-line option of Chrome. It allows you to keep several separate profiles, each in its own directory, and then you only need to start chrome with the proper option:
# run this command to use the first profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_1
# run this command to use the second profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_2
...
Each profile will be in its own Chrome window, with its own cookie store, instead of its own tab, but it's easier than writing an extension.
Lastly, if the website you're mentioning is Google, you can keep several Google accounts open at the same time.