I will open a URL in a new tab from my chrome extension using chrome.tabs.create() method. My problem is that I need to set a header on opening the URL, so that it is listened from the server side. How to set a header for the URL that is been opening?
I'm assuming you mean the HTTP Request headers, in which case there is a way to modify HTTP Request headers for requests as they go out the door, using the chrome.webRequest.onBeforeSendHeaders API found here. Let's say that you know you're going to create a new tab with a specific URL. You can setup a listener for the onBeforeSendHeaders API prior to creating the new tab. In the handler for that, you would only consider URLs that match that URL. You could then modify the header, and optionally un-instrument your onBeforeSendHeaders API (might need to do via a setTimeout or something).
This is a little unclear. Could you give me the source code of your extension? I suppose you could do it with the <title> HTML element, if that's what you're asking
Related
I'm working on an extesion which will work of some kind of a helper. Namely, a user gets authenticated on a website as he normally would -- via a website itself.
Then he'd open my extension and click a button "Action". A click would make HTTPS request to the /api/some-method of the current domain and send along with it all the data the current browser would. In particular, all the cookies of the current domain, and, preferably, the correct user-agent too.
That is, it's as if domain123.com/api/some-method was called by the browser itself.
How can I make my extension attach all that info and make a request in such a manner?
Is there a way to create a Chrome extension to trick a site loaded in an iFrame into thinking it's not in a frame?
We load clients' sites into an iframe for demos, but some resources get blocked due to them disallowing being loaded in an iFrame. We'd like to load these sites into a frame as though you were browsing directly to the site in a standalone tab.
You should use the Chrome's webRequest in order to intercept the server response. See the API. Here you go for onHeadersReceived event where you are in control of any response headers => you need to remove X-Frame-Options header from the response.
That's pretty much it, if this is the only problem in loading those sites.
However, for the sake of completeness, in order to fully trick the browser (which you most likely do not need) you need also to inject a script into every page that would clear up some things like window.parent by simple removing them from window object and some other things like origin etc. However removing the header would work for 99.9999% of your use cases.
I'm working on a chrome extension that tries to protect users from being redirected to malicious web pages.
When a user visits a shady domain like "faecbook.com" he will be redirected to another page but this was not his intention. When a user intends to be redirected to another page this will mostly be due to a click (f.e. a click on a hyperlink: <a href="http://foobar.com">)
How can I distinguish the two types?
Currently I'm inspecting the details from the redirects using this code from my extension but I can't find anything to distinguish one from the other:
chrome.webRequest.onBeforeRedirect.addListener(
function(details) {
console.log(details);
},
{urls: ['<all_urls>']});
Unless Chrome specifically makes this information available, then you can't directly detect whether a request is the result of a redirect or a direct request resulting from clicking on a hyperlink or typing the URL into the browser. Both are standard browser requests. (You can potentially check the HTTP referer for direct links and perhaps to see where the link originated - but this is likely to be unreliable.)
IMO you would need to check for the redirect before it actually happens. In other words by scanning the previous response. But there could be 3 flavours of redirect:
HTTP redirect: check for a 3xx status code and Location: HTTP response header.
META Refresh: Scan the HTML head section for this tag. (Although it could be added late with JS?)
JavaScript Redirect: This could be very difficult to spot unless you somehow process the JavaScript in a sandbox first?
I'm using
window.postMessage({message: "Hello !"}, url);
to send a message from a Chrome Extension (i don't know if this is relevant) to a specific page in a window with multiples opened pages. I noticed that sometimes i have TWO pages with the same URL.
I have a simple question:
How can i be sure to which page is postMessage sending the message ?
I want to send the message to only one tab. Can i use anything else apart from the url to identify the it?
Thanks in advance !
Considering that you said you can modify the remote website's code, and I don't see how to fix the postMessage solution, here are a couple of alternatives. I would love to know if there is a way to fix the postMessage approach, as it is the recommended one from the docs!
First off, you will need to coordinate your scripts from a central background page, which can keep track of open tabs.
Custom DOM events
This is an old recommendation from Chrome docs, that was replaced with window.postMessage example. It is described here (disregard the old chrome.extension.connect API) and consists of firing a custom event in shared DOM.
So, a sample architecture would be a background page deciding which tab to post message to, and sending that tab a message via chrome.tabs.sendMessage, to which your content script listens with chrome.runtime.onMessage. The tab's content script can then communicate with the page using the above custom event technique.
One possible approach to keeping tack of tabs: have the tabs permission to be able to enumerate all open tabs with the chrome.tabs API. Your background page can then decide which tab to message based on URL.
Another possible approach, to eliminate need for the scary tabs permission, is to have your content scripts report to the background page with chrome.runtime.connect as soon as they are initialized. The background page then can keep track of all active instances of your script and therefore decide which tab to message.
Webpage connecting to your extension
This is a "modern" way of doing communication with one exact extension.
It is described in the Chrome docs here. You can define your extension as externally connectable from your webpage, and your webpage initiates a port connection with your background script.
Then, as above, you can track live ports and use them for communication, cutting out the content script middleman.
I'm really new to the chrome app dev part. I want to know how can I make a chrome application that will read my current URL and redirect me to another.
For instance if I am on www.stackoverflow.com and user clicks on the extension icon then it will redirect him to wwww.stackoverflow**NEW**.com
Thank you..
Follow these steps and you will be good.
Create a background script and define an entry for background script in manifest.json
In background script, define a handler on chrome.browserAction.onClicked.
Inside that handler, extract the url of current tab and check if it is the expected url, then just change the url of that tab.