I would know if it's possible to make a chrome app who could be launched in the terminal without chrome UI. Example:
chrome.app.runtime.onLaunched.addListener(function() {
console.log("Hello world!);
});
imac:bin$ chrome --app-id=<my-app-id>
Hello world!
imac:bin$
I think not, but could you confirm. Thanks
I use this line to start chrome apps from the command line, on OSX:
open -n -a Google\ Chrome\ Canary --args --user-data-dir=/tmp/temp_chrome_data_dir --load-and-launch-app=...
The key flags are --user-data-dir to create an isolated profile, and --load-and-launch-app to start a chrome app automatically. I use the open command to resolve the path to chrome application on OSX, but you can just an explicit path instead:
/path/to/Google\ Chrome\ Canary --user-data-dir=/tmp/temp_chrome_data_dir --load-and-launch-app=...
That said, this will pop open a chrome browser window as well. I'm not yet sure how to get around that, but I will investigate. (My workaround for local development is to just minimize the window once, and it won't pop up any more).
Related
I have a problem with the --disable-web-security flag. It is not working in Chrome 48 and Chrome 49 beta on Windows.
I've tried killing all of the instances, reboot and run Chrome with the flag first of all, tried different machines as well. In the beta I can see the warning popup ("You are using unsupported flag.."), but CORS is still being enforced. Public version seems to ignore the flag completely.
There seems to be no news or people reports about that, so it might be a local issue.
Will be grateful for help or any related info.
Update 2021-10-18
As of Chrome 95, on MacOS and Windows, --disable-site-isolation-trials remains a required flag in order to disable web security, so the command-line arguments to Chrome seen below are still valid. (Some of the arguments are not formally supported by Chrome, as it will warn you.)
To test whether you've successfully launched Chrome with web security disabled, run the snippet in Web Security Test at the bottom of this post.
Update 2020-04-30
As of Chrome 81, it is mandatory to pass both --disable-site-isolation-trials and a non-empty profile path via --user-data-dir in order for --disable-web-security to take effect:
# MacOS (in Terminal)
open -na Google\ Chrome --args --user-data-dir=/tmp/temporary-chrome-profile-dir --disable-web-security --disable-site-isolation-trials
# Windows (from "Run" dialog [Windows+R] or start menu in Windows 8+)
chrome.exe --user-data-dir=%TMP%\temporary-chrome-profile-dir --disable-web-security --disable-site-isolation-trials
(Speculation) It is likely that Chrome requires a non-empty profile path to mitigate the high security risk of launching the browser with web security disabled on the default profile. See --user-data-dir= vs --user-data-dir=/some/path for more details below.
Thanks to #Snæbjørn for the Chrome 81 tip in the comments.
Update 2020-03-06
As of Chrome 80 (possibly even earlier), the combination of flags --user-data-dir=/tmp/some-path --disable-web-security --disable-site-isolation-trials no longer disables web security.
It is unclear when the Chromium codebase regressed, but downloading an older build of Chromium (following "Not-so-easy steps" on the Chromium download page) is the only workaround I found. I ended up using Version 77.0.3865.0, which properly disables web security with these flags.
Original Post 2019-11-01
In Chrome 67+, it is necessary to pass the --disable-site-isolation-trials flag alongside arguments --user-data-dir= and --disable-web-security to truly disable web security.
On MacOS, the full command becomes:
open -na Google\ Chrome --args --user-data-dir= --disable-web-security --disable-site-isolation-trials
Regarding --user-data-dir
Per David Amey's answer, it is still necessary to specify --user-data-dir= for Chrome to respect the --disable-web-security option.
--user-data-dir= vs --user-data-dir=/some/path
Though passing in an empty path via --user-data-dir= works with --disable-web-security, it is not recommended for security purposes as it uses your default Chrome profile, which has active login sessions to email, etc. With Chrome security disabled, your active sessions are thus vulnerable to additional in-browser exploits.
Thus, it is recommended to use an alternative directory for your Chrome profile with --user-data-dir=/tmp/chrome-sesh or equivalent. Credit to #James B for pointing this out in the comments.
Source
This fix was discovered within the browser testing framework Cypress: https://github.com/cypress-io/cypress/issues/1951
Web Security Test
Run this snippet to confirm that this solution actually disabled web security in Google Chrome:
window.addEventListener("DOMContentLoaded", () => {
const iframe = document.querySelector("iframe");
iframe.addEventListener("load", () => {
const canAccessIframeDocument = !!iframe.contentDocument;
document
.querySelector(
canAccessIframeDocument ? ".security-disabled" : ".security-enabled"
)
.classList.remove("hidden");
});
// To ensure the `load` event always fires, only set iframe src after the
// event listener is attached.
iframe.src = "https://google.com";
});
body {
font-family: sans-serif;
}
.hidden {
display: none;
}
/* Web security should normally be enabled, so this is colored green, despite
the objective of this solution to disable it. */
.security-enabled {
font-weight: bold;
color: darkgreen;
}
.security-disabled {
font-weight: bold;
color: darkred;
}
<h1>Web Security Test</h1>
<p>
This test attempts to access the inner contents of a cross-origin iframe,
which is normally disallowed.
</p>
<p class="security-enabled hidden">
Web security is enabled. The cross-origin iframe document could not be
accessed.
</p>
<p class="security-disabled hidden">
Web security is disabled. The cross-origin iframe document was
successfully accessed.
</p>
<iframe class="hidden">
Iframes are not supported.
</iframe>
I'm seeing the same thing. A quick google found this question and a bug on the chromium forums. It seems that the --user-data-dir flag is now required.
Edit to add user-data-dir guide
Mac OS:
open -a Google\ Chrome --args --disable-web-security --user-data-dir=
UPD: add = to --user-data-dir because newer chrome versions require it in order to work
On OS X, to open a new Chrome window - without having to close the already open windows first - pass in the additional -n flag. Make sure to specify empty string for data-dir (necessary for newer versions of Chrome, like v50 something+).
open -na /Applications/Google\ Chrome.app/ --args --disable-web-security --user-data-dir=""
I found that using Chrome 60+ on Mac OS X Sierra, the above command no longer worked, but a slight modification does:
open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_sess_1" --disable-web-security
The data directory path is important. Even if you're standing in your home directory when issuing the command, you can't simply refer to a local directory. It needs to be an absolute path.
The chosen answer is good, but for those who are still struggling with what they are talking about(your first time dealing with this issue), the following worked for me.
I created a new shortcut to Chrome on my desktop, right clicked it, and set the "Target" field to the following,
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="c:/chromedev"
The directory can be anything you want, I decided to make an empty folder called chrome dev in my C: directory. It has nothing to do where chrome is installed on your computer. It's just a fluff type thing.
This link also has clear directions for other OSes. How to disable web securityin Chrome
The version 49.0.2623.75 (64-bit) is not in beta anymore.
The command to fix the CORS issue is
google-chrome-stable --disable-web-security --user-data-dir
Install This Chrome-plugin for Disable-web-security in Chrome::
" Allow-Control-Allow-Origin: * "
link Here or you can google above plugin if you want.
it is very easy to enable and disable the security with this plugin.
For Chrome Version 50+ for Mac Users. Close all opened chrome first and run the below command
open -a Google\ Chrome --args --disable-web-security --user-data-dir=""
The above will work. Thanks
For Mac, using Safari is a good alternate option for local development purpose and the feature is built into the browser (so no need to add browser extension or launch Chrome using bash command like [open -a Google\ Chrome --args --disable-web-security --user-data-dir=""].
To disable cross origin restriction using Safari (v11+): From menu click “Develop > Disable Cross Origin Restriction”.
This does not require relaunching the browser and since its a toggle you can easily switch to secure mode.
From Chorme v81 the params --user-data-dir= requires an actual parameter, whereas in the past it didn't.
Something like this works fine for me
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="\tmp\chrome_test"
In a terminal put these:
cd C:\Program Files (x86)\Google\Chrome\Application
chrome.exe --disable-web-security --user-data-dir="c:/chromedev"
As of the date of this answer (March 2020) there is a plugin for chrome called CORS unblock that allows you to skip that browser policy. The 'same origin policy' is an important security feature of browsers. Please only install this plugin for development or testing purposes. Do not promote its installation in end client browsers because you compromise the security of users and the chrome community will be forced to remove this plugin from the store.
For MacOSX
open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_sess_1" --disable-web-security
For Windows 10+
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp
It working for me.
Try using this..it will help you out..
c:\Program Files\Google\Chrome\Application>chrome.exe --disable-web-security --user-data-dir="D:\chrome"
For Windows
C:\Program Files\Google\Chrome\Application> .\chrome.exe --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp
I'm trying to test out some code for accessing a webcam on an HTML page and Chrome doesn't seem to allow me to. I made an exception for the file and yet everytime I reload (which it tells me will put the settings in effect) it goes back to blocking it
Go to:
chrome://flags/#unsafely-treat-insecure-origin-as-secure
Add your url there and enable this flag, relaunch and it should work.
You can open chrome with the flag disable-web-security
For Mac, in terminal:
open -a /Applications/Google\ Chrome.app/ --args --disable-web-security
For a PC in console:
chrome.exe --disable-web-security
I'm trying to do a simple test without changing any server-side code involving a cross-domain AJAX call, and I was wondering if it's possible to use --disable-web-security anymore. It seems to not work on Chrome 28.
I haven't used it since Chrome version 21; has this feature been dropped?
Check your windows task manager and make sure you kill all chrome processes before running the command.
The new tag for recent Chrome and Chromium browsers is :
--disable-web-security --user-data-dir=c:\my\data
Try this :
Windows:
Run below commands in CMD to start a new instance of chrome browser with disabled security
Go to Chrome folder:
cd C:\Program Files (x86)\Google\Chrome\Application
Run below command:
chrome.exe --disable-web-security --user-data-dir=c:\my-chrome-data\data
MAC OS:
Run this command in terminal:
open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_sess_1" --disable-web-security
Hope this will help both Windows & Mac users!
This flag worked for me at v30.0.1599.101 m
The warning "You are using an unsupported command-line flag" can be ignored. The flag still works (as of Chrome v86).
This should work. You may save the following in a batch file:
TASKKILL /F /IM chrome.exe
start chrome.exe --args --disable-web-security
pause
Open target location of chrome and navigate through cmd
type
chrome.exe --disable-web-security --user-data-dir=c:\my\dat
Just create this batch file and run it on windows. It basically would kill all chrome instances and then would start chrome with disabling security. Save the following script in batch file say ***.bat and double click on it.
TASKKILL /F /IM chrome.exe
start chrome.exe --args --disable-web-security –-allow-file-access-from-files
Check if you have Chrome App Launcher. You can usually see it in your toolbar. It runs as a second instance of chrome, but unlike the browser, it auto-runs so is going to be running whenever you start your PC. Even though it isn't a browser view, it is a chrome instance which is enough to prevent your arguments from taking effect. Go to your task manager and you will probably have to kill 2 chrome processes.
As you can't run --disable-web-security and a normal chrome in parallel it's probably a good solution to use Opera for --disable-web-security
Here is how to create a launcher for opera on windows. By the way, Opera has the same debugging tools as chrome!
http://www.opera.com/
:: opera-browse-dangerously.bat
cd c:\Program Files\Opera\
launcher.exe --disable-web-security --user-data-dir="c:\opera-dev"
PS: Opera doesn't display any notification when started without web-security
If you want to automate this:
Kill chrome from task Manager First. In Windows - Right Click (or Shift+right click, in-case of taskbar) on Chrome Icon. Select Properties. In "Target" text-box, add --disable-web-security flag.
So text in text-box should look like
C:\Users\njadhav\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --disable-web-security
Click Ok and launch chrome.
just run this command from command prompt and it will launch chrome instance with CORS disabled:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp
Automated solution for Windows 10
Right-click on Chrome icon > right-click Google Chrome > Properties
Shortcut > Target > "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\ChromeDevSession"
Notes:
Your file path for chrome.exe may vary.
Also, the --user-data-dir flag is required, and its file path may vary. Besides C:\ChromeDevSession, another possible location is ~/chromeTemp
Now Chrome always has its web security disabled :-)
As the title suggests, I want to write a shell command to open google chrome portable (with supplied parameter) which is installed on the flash drive also. I am trying to do it as follows:
open "/Volumes/NDCS/chrome/chromium.app/Contents/MacOS/Portable Chromium" --allow-file-access-from-files
Portable Chrome opens up, but the setting hasn't worked. I also wanted it to launch a default homepage (parameter is --homepage="[url or file path]", but for now have done that by setting the default homepage in the browser.
If anyone has any knowledge/advice on this, would be much appreciated. I have done the same scenario on PC recently, just struggling with the Mac deployment.
From man open you need to supply thr parameters to the executable using the --args argument, otherwise they are taken as arguments to open not the app.
Also Open works on the App bundle
So
open "/Volumes/NDCS/chrome/chromium.app" --args --allow-file-access-from-files
oruse the plain unix executable as you are doinf without the open
"/Volumes/NDCS/chrome/chromium.app/Contents/MacOS/Portable Chromium" --allow-file-access-from-files
I carefully revised the list of switches at http://peter.sh/experiments/chromium-command-line-switches/#chrome-frame and I couldn't find anything that would launch Chrome in a hidden background process.
The closest I was able to is --keep-alive-for-test + custom packaged app, but the app fails to execute any passed code because (the way it reports) "no window - ChromeHidden".
TL;DR
google-chrome --headless --remote-debugging-port=9222 http://example.com
You'd also need --disable-gpu temporarily.
Tutorial:
https://developers.google.com/web/updates/2017/04/headless-chrome
There's a work in progress: https://code.google.com/p/chromium/issues/detail?id=546953
The main deliverables are:
A library which headless applications can link to to.
A sample application which demonstrates the use of headless APIs.
So it would be possible to create a simple application that runs in console without connecting to display.
Update Apr 18 '16: The work is mainly done. There's a public forum now:
https://groups.google.com/a/chromium.org/forum/#!forum/headless-dev
Documentation is being in progress:
https://chromium.googlesource.com/chromium/src/+/master/headless/README.md
Update Sep 20 '16: It looks like chrome will eventually get the "--headless" parameter:
https://bugs.chromium.org/p/chromium/issues/detail?id=612904
There was a presentation on BlinkOn 6 (June 16/17, 2016)
Update Nov 29 '16: Design doc for --headless flag: https://docs.google.com/document/d/1aIJUzQr3eougZQp90bp4mqGr5gY6hdUice8UPa-Ys90/edit#heading=h.qxqfzv2lj12s
Update Dec 13 '16: --headless flag is expected to be available in Canary builds soon
Update Mar 12 '17: Chrome 57 has a --headless flag working. Waiting for Selenium and other tools to catch up. User guide: https://chromium.googlesource.com/chromium/src/+/lkgr/headless/README.md
This guy managed to run Chrome headlessly by using Xvfb (X virtual frame buffer) to trick Chrome into thinking it was displaying a window:
http://e-method.blogspot.fr/2010/11/google-chrome-with-xvfb-headless-server.html
If you're on Linux you could try that.
So basically you need to install X virtual frame buffer and Google Chrome via:
root#localhost: ~# apt-get install xvfb imagemagick
root#localhost: ~# apt-get install google-chrome
Then run the browser on the display:
root#localhost: ~# xvfb-run --server-args='-screen 0, 1024x768x24' \
google-chrome -start-maximized http://www.example.com \
> & /dev/null &
root#localhost: ~# DISPLAY=:99 import -window root myimage.png
Or you can look at PhantomJS project which is a headless WebKit implementation.
You could set up a linux VM and use xvfb in it.
Installation on debian / ubuntu:
sudo aptitude install xvfb
Start Chrome headless and visit http://example.com :
xvfb-run --server-args='-screen 0, 1024x768x16' google-chrome
-start-maximized http://example.com > /dev/null &
Turns out it starts in headless mode if you start it as a child subprocess. Besides that:
nircmd.exe can do win hide on chrome based on its PID
Autohotkey_L can also start Chrome hidden without a taskbar button
The Chromium Embedded Framework project seems like it might fit your usecase. I don't have personal experience with the project, but I've heard good things, and it has a solid API that you should be able to exploit for your purposes.
I don't have enough reputation to comment yet, but want to let you guys know that the chrome headless mode which Vanuan mentions actually works with Selenium webdriver.
In Java you can pass the flag to chrome through chromeDriver with the following code:
ChromeOptions options = new ChromeOptions();
options.addArguments("--headless");
ChromeDriver chromeDriver = new ChromeDriver(options);
I've recently found this article which mentions several commandline options that seem to do it. Using these keywords I googled out this piece of code which seem to confirm that these options exist.
// Does not automatically open a browser window on startup (used when
// launching Chrome for the purpose of hosting background apps).
const char kNoStartupWindow[] = "no-startup-window";
// Causes Chrome to launch without opening any windows by default. Useful if
// one wishes to use Chrome as an ash server.
const char kSilentLaunch[] = "silent-launch";
I managed to successfuly run Chrome with --no-startup-window and indeed it launched without any windows. It looked like it launched properly, it spawned all typical children, but the website I tried to make it load inside didn't seem to be actually visited. It maybe possible that this headless mode is only for running apps and not for visiting sites headless*), but it looks very promising as the normal worker tree is set up, just no windows.
The second option --silent-launch made chrome process very silent. I didn't notice any children spawned and the process exited promptly. I doubt it'll be usable for this case.
After I failed my attempts with these options, I focused on less sophisticated ways. On the bottom of the list there are two options:
// Specify the initial window position: --window-position=x,y
const char kWindowPosition[] = "window-position";
// Specify the initial window size: --window-size=w,h
const char kWindowSize[] = "window-size";
I ran Chrome with options to move it completely out of the working area:
--window-size=800,600 --window-position=-800,0
and as dirty as it feels, sure it's no true headless, but still the window is out of my sight, and everything done just with chrome's startup options, without external tools sending low-level window-hide messages.
*) yes, I know try to do weird things. Essentially I tried to get rid of Chrome window that's kept by Karma during tests. I know I can switch to PhantomJS, but I specifically needed to run them in Chrome, and the window popping out was.. eh.. disturbing in the long run.
It is currently under development, you can read more information about it from here:
https://chromium.googlesource.com/chromium/src/+/master/headless/README.md
Headless Chromium is a library for running Chromium in a
headless/server environment. Expected use cases include loading web
pages, extracting metadata (e.g., the DOM) and generating bitmaps from
page contents -- using all the modern web platform features provided
by Chromium and Blink.
It currently works on Linux, there is a nice presentation.
I was also able to make chrome headless work with NightwatchJS. Here is the config that let me use it:
"chromeHeadless": {
"desiredCapabilities": {
"browserName": "chrome",
"chromeOptions": {
"args": ["--headless"],
"binary": "/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary"
}
}
}
Chrome 59 has the ability to create instance as headless.
Find the below tutorial
https://www.automation99.com/2017/07/how-to-use-chrome-headless-using.html?m=1