We have a collection of apps, and we would like to test them before merging PR's using Heroku's Review Apps.
The login is stored in a cookie that is shared across these apps. Since herokuapp.com is listed under Public Suffix List, we can't use the heroku-provided domain for testing apps because cookies don't get shared on that domain.
Is there an easy way to disable the domain the check against the Public Suffix List in Chrome, or can we locally exclude/override herokuapp.com from the list?
Related
I have a web app to be listed in the google workspace marketplace. I have a list of scopes that is needed to solve my use case. I have the dev version as a private app which uses the service account, tested all the functionalities and made sure everything is working fine.
Now how do I test how the flow is going to look like for the public app? I understand if someone from my own domain installs the app, I will be able to get the data but the public flow through the service account is still unclear for me.
You can test your add-on with a limited list of defined external users.
To do that, you must set the User type as External > Testing within the Oauth consent screen settings in Google Cloud Console.
Keep in mind that only the users defined in the settings will be able to test the app however.
You may find more information here and here
I will host a static site (just a few pages actually) on Netlify, a cloud hosting provider. It would be my notes and may have sensitive code and API keys. I want it set up so that only I can access this site from internet and no one else. How can I block access to the static site for others?
Alternately, if I do the same with with Github Pages, is it possible to restrict access there?
You need an access control mechanism to protect your notes.
If you are running the web server doing the hosting, most web server programs (Apache and nginx are the two most popular) have built-in access control mechanisms, see link given by Carsten H or see Access Control with Apache or How to Set Up Password Authentication with Nginx (Digital Ocean guide).
If you are using Github Pages, it is possible to do access control, but a bit more tricky. You can create a Github OAuth application and ask people to authenticate using your Github OAuth app. The app will ask for their username, and check if that username matches a list of allowed Github users (probably just your Github username). If the usernames match, static content is served up, otherwise the user is redirected to a 403 forbidden page.
Also see the github-heroku-attack-rabbits project page for details of how to create the Flask app mentioned above (using flask-dance to authenticate users via your Github OAuth app). The Flask app can be hosted for free on Heroku.
Two more things to note regarding public/private repos:
If you are using Github Pages, the repository containing your notes will need to be private, otherwise the contents of your notes will be in a public repository (even if the Github Pages static page has an access control layer).
Just because a repo is private does NOT mean its Github Pages page is private. By default, a private repo's Github Pages page is accessible/readable by the public. It is up to you to put an access control mechanism in place to protect the page.
You can try the encryption route. Here, the name staticrypt really says everything (I have a demo here). It allows you to create a password for each page for your website. It used AES-256 encryption, so as far as I am concerned, a long password should suffice.
If you don't share the password, you will be the only one to view the webpage.
These are actually two questions and is good practice to ask them individually.
This is a frequently asked question and depends on your server, e.g. for Apache you can edit your .htaccess following this instructions
you need to create a private repository by checking the private repository option during the repository creation
I need to get the value of mac address and username and computer. I want to do this with networkingPrivate. But I can’t able to access it.
I wrote in the manifest.json file this:
"permissions": ["networkingPrivate"]
Generally you can't because they're private exactly for the purpose of being private, not public API. It's also whitelisted to specific extensions by Google or its trusted associates.
For your own personal use you may have success by running Chrome with a custom command line parameter --whitelisted-extension-id=abcd where abcd stands for the 32-character id of your extension as seen on chrome://extensions page when developer mode switch is enabled in the top right corner of the page. Or you can mimic a trusted extension's id by finding its manifest.json and copying its "key" to your own manifest.json.
For a public extension you'll have to use a workaround. For example, write a separate utility and invoke it via nativeMessaging API.
Im developing an App Engine project for a customer, I want that this project can be installed as an App from the Chrome Web Store, for a specific domain (not mine).
I have enabled the Marketplace SDK and API in my project, and tried to upload the ZIP, but I only can select my domain if I want set the App as private.
I have tried to upload the ZIP with one account from that domain, but when I'm going to publish the App the web gives me an error saying that I dont have permissions to publish because I'm not the owner of the console API Id (because the project stills in my main account, another domain).
Its possible publish the App as private to another domain, that is not the same domain where the App Engine project is?
You will need to publish it as a private app then choose only a certain people to share it. It's the only way.
The instructions for publish a private Chrome app for a specific users is found in Publish a private Chrome app
Users from the same Chrome domain will see their organization's
private apps in a private collection in the Chrome Web Store.
Administrators can choose which users they want to be able to publish
private apps for their organization by clicking this checkbox in the
Admin console under Device management > Chrome management > User
settings > Chrome Web Store Permissions.
When you click Allow users to publish private apps that are restricted
to your domain on Chrome Web Store, an additional setting will appear
to Allow users to skip verification for websites not owned. This
second setting allows users to create bookmark apps pointing to
websites that they aren’t the webmaster for.
How to publish private Chrome web apps Publishing a private app is
very similar to publishing a public app to the Chrome Web Store. The
only difference is there's an additional step of restricting access to
the app to your domain:
Sign in to the Chrome developer dashboard.
Accept the Terms of Service.
Add a new item and upload your app as a zip file.
Set the promotional image you want to use, and the category, and language for the app.
Select Private and Everyone at .
The app is now published to the Chrome Web Store. If you have
restricted the visibility of the app to your domain, only users in
your organization signed in to their G Suite accounts will be able to
see the app
I programmed a service for the teachers of a school a tool which they can use to automate their classroom.
For easier access, i want to implement authentication via URL. The teacher WLAN is on a seperate subnet than the others.
The URL is a subdomain of a domain I own and added a SSL certificate. Now I am ready to deploy some beacons for test purposes and I noticed that Google Chrome won't show the beacons with my internal URL. URLs like google.com and facebook.com work just fine.
The physical Web browser app recognizes the internal URL.
What should I do?
Unfortunately, you cannot use Chrome to display physical web URLs pointing to a private subnet. Part of the Chrome system is a server-side component hosted at Google that checks the URL, validates that it resolves, and pulls metadata about the page it points to. If the page is not accessible on the open Internet, this check will fail and Chrome will silently ignore the physical web URL transmitted by the beacon.
While you cannot use Chrome to display such URLs, you can display them in your own custom app using detection SDKs like the Android Beacon Library.