I am trying to allow a http website to use my camera without the prompt without luck.
I changed the Preference file (when Chrome is closed) and changed the Profile part as follows:
"profile": {
"avatar_index": 0,
"content_settings": {
"clear_on_exit_migrated": true,
"pattern_pairs": {
"http://mywebsite.com:80,*": {
"media-stream-camera": 1,
"media-stream-mic": 1
},
...
However, for some reason it keeps showing the prompt.
Any idea? I'm using Chrome version 33.
Thanks!
It seems like Chrome overwrites the preference file every time it starts. I couldn't get any of my changes to stick.
Solution 1. Packaged Chrome app.
One way to grant permissions is to run your site as a chrome app. Just include videoCapture in the manifest.json. This will definitely work.
"permissions": [
"videoCapture"
],
Solution 2. Get an SSL Certificate.
I know you specifically said 'http', but if you have serve your site over https, it will only require the user to grant permissions once.
Solution 3. Modify device policy.
If you can't package your site as a chrome app for some reason, there might be another way to get it to work. It involves editing Chrome's policy list to allow camera access. I can't get this to work, currently, but I'm looking into it.
http://www.chromium.org/administrators/policy-list-3#VideoCaptureAllowedUrls
VideoCaptureAllowedUrls are a list of urls to automatically grant webcam permission to. The problem is setting this property. I know where the file lives, but there are no examples on HOW to set properties.
/Applications/Google\ Chrome.app/Contents/Resources/com.google.Chrome.manifest/Contents/Resources/com.google.Chrome.manifest
There are 'instructions' on editing the policy list, but they're totally useless. All it does is point to that file, and gives templates for Windows and Linux (I'm on OSX).
Note that this solution will only work in kiosk mode. To run Chrome in kiosk mode, add the flag --kiosk http://yoursite.com. This forces the app into fullscreen mode.
If you're on Windows/Linux, this SO post might help you.
Solution 4. Use command-line flag
use --use-fake-ui-for-media-stream command-line flag
example (OS X) : /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome http://html5-demos.appspot.com/static/getusermedia/record-user-webm.html --use-fake-ui-for-media-stream
More info here http://creativcoders.wordpress.com/2014/08/18/chrome-always-allow-access-to-webcam-and-microphone-over-http-webrtc/
Related
I am using geo-location for a site running locally on my machine using HTTP on Chrome. However this does not work as I am running on HTTP as opposed to HTTPS.
On the console it says:
getCurrentPosition() and watchPosition() no longer work on insecure origins.
To use this feature, you should consider switching your application to a
secure origin, such as HTTPS. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
for more details.
Accoriding to Deprecating Powerful Features on Insecure Origins its says to start chrome using --unsafely-treat-insecure-origin-as-secure="http://example.com" flag. The command I ran was similar to:
chrome.exe --unsafely-treat-insecure-origin-as-secure="http://hello.app"
However, the same error message still appears.
How can I fix this issue.
None of the solutions worked for me.
I achieved this by following steps.
Type chrome://flags/#unsafely-treat-insecure-origin-as-secure in the address bar.
Add the origin which you need to treat as secure as shown in the below image.
Relaunch chrome.
You must have missed some steps. Try to follow this
Go to File Explorer then paste this to address bar >> C:\Program Files (x86)\Google\Chrome\Application (or just go to where you can find your chrome.exe)
Right click chrome.exe > send to > Desktop (Create Shortcut)
Go to your desktop then find the chrome shortcut you've created.
Rename it to ChromeForTesting (this step is optional)
Right click the shortcut, then Click Properties
At the "Target", paste the following at the end of the link
--user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
so Target should look somewhat similar to this
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
Click Ok..
During testing close all of your opened google chrome browser.
Then double click ChromeForTesting shortcut (the one you've created), when a prompt appears, just click ok..
EDIT: If the steps above does not work for you, you might be using Chrome V63, update it to V64 above cause this flag is messed up in V63.
P.S. If it's still not working follow these extra steps
At your drive C, create a folder and name it "ChromeTempFiles".
Then in your --user-data-dir= you change the value into "C:\ChromeTempFiles"
Add these to your target as well
--allow-running-insecure-content --reduce-security-for-testing
so your target should look like this now
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --unsafely-treat-insecure-origin-as-secure=http://example.com --allow-running-insecure-content --reduce-security-for-testing
You should also use a temproary fresh profile for that session. something like this:
chrome.exe --user-data-dir=/test/only/profile/dir --unsafely-treat-insecure-origin-as-secure="http://example.com"
Just an update to this for Chrome 70. This works perfectly
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --allow-running-insecure-content
Now does anybody know if there is an equivalent for firefox?
For Chromium 44 use
--unsafety-treat-insecure-origin-as-secure=http://192.168.0.101:3000
instead
--unsafely-treat-insecure-origin-as-secure=http://192.168.0.101:3000
See that bug
In Google Chrome, you simply type into the address bar, "chrome://flags", and search for, "--unsafely-treat-insecure-origin-as-secure", enable that flag, and enter into the field below (multiples may be entered separated by a comma) the domain you wish to treat as secure. This may or may not compromise your security, but I would assume not as getCurrentPosition() and watchPosition() are somewhat recently deprecated features. this works for publicly served domains, as well.
With Chrome 79 this setting doesn't work no matter what.
What I ended up doing was to configure the domain on a VPS to show some test webpage and then generate a valid certificate for it using Let's Encrypt's certbot.
Then I copied that certificate to my machine and it's now valid.
While I'm trying to visit a specific website (that one: https://login.uj.edu.pl) I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key".
More about the issue there: https://productforums.google.com/forum/#!topic/chrome/o3vZD-Mg2Ic
I know that it should be fixed by a webmaster but until it happens I have to access the page every day anyway. I found an extension to Firefox to avoid this error: https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/
Now i want to get rid of the error in Google Chrome (well, Chromium actually). Is there any possibility to make it work? It's my university's page and it can take years for the site administrator to fix that secure connection issue.
What's strange the problem occurs in Linux only, in all the browsers. In Windows, Chrome-OS or Android there is nothing wrong. I know that using insecure connection is wrong but in that case I have no choice.
EDIT:
I cannot accept any solution because the site I was trying to access changed its encryption to the right one. Now I can't test your solutions because the problem is already solved by site admins.
The solution is:
Type in your browser (I tried in Iceweasel)
about:config
Search for
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
Set them both to false (just double click to set them to false or true).
That's it!
This solution worked for me:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
The recent release (Sep. 1) to Chrome 45 contains the fix for the Logjam attack as detailed in https://weakdh.org but it introduce this kind of problem.
I found it in this post
Quick hack to get around this issue (Mac OSX)
Run this in commandline to workaround the issue while launching Chrome
Chrome:
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
Canary:
open /Applications/Google\ Chrome\ Canary.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
For Firefox
Go to about:config
Search for security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha
Set them both to false.
NOTE: Permanently fix would be to update the DH key with a length > 1024
Are you by any chance on the Chrome development channel, or possibly the Beta channel? I know that the dev channel currently has some stricter rules on SSL keys, and Beta might as well. You might try getting the stable release from https://www.chromium.org/getting-involved/dev-channel and see if that runs without the error.
Use netsurf (netsurf aur) on that site. I am on the same boat with you. Using Arch and Chromium and Firefox both refuses to enter certain websites. Netsurf can do the job for me.
I have also facing this issue and resolved by #Duccio Fabbri answer,
--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
I don't know why this works but it works, for permanent use of this you can follow below step.
Go to browser short cut
Right click and Go to properties
Go to Short cut tab
Go to Target textbox, in this you will find your chrome full path , add above string at the end of path.
and it will look like
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
Apply and close it.
Now it will work.when you open it next time.
At Fireforx I was facing the same problem, I did the following changes and it worked for me,
Firefox:
Go to about:config from browser tab
Search for security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha parameter.
Set them both to false.
I was also getting this error, I reset the chrome settings to fix it: Settings > show advanced settings > Reset setting
I found the solution for apache tomcat in this stackoverflow question, I just copy the solution:
Just edit 'conf/server.xml' adding the 'ciphers' attribute to your https connector:
<Connector
...
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
...
Practically you're explicitly defining the list of allowed ciphers, excluding the Diffie-Hellman ones (the one with 'DHE' in the name).
Open Server.xml file in your tomcat and set attribute "ciphers"
<Connector port="8007" protocol="AJP/1.3" redirectPort="8443" ciphers="SSL_RSA_WITH_RC4_128_SHA" />
Chrome had introduced the use of extensions for WebRTC Screen Sharing. In this, each domain has to have the extension so that people install the extension in order to share the screen using webrtc.
Here is my use case:
During an on-going webrtc video call, if one person needs to do screen sharing and doesn't have the extension then after installing the extension one is required to refresh the page. This interrupts the call and both people need to join the call again.
I want to control the user experience using javascript so that refresh is not required. But if we don't do refresh, html page doesn't recognize the recently installed extension.
I have seen many open source code regarding this but none of them has use case similar to mine. They assume the extension to be installed during the session.
However, I had seen www.uberconference.com and they have similar use case. I tried installing the screen sharing extension during a live call and it did not require the page refresh and did not interrupt the call. It did the screen sharing right after extension was installed.
I could not understand how they did it as uber is not open source. Many people say that refresh is must after installing the extension. Any help in this case will be highly appreciated.
Here is how I install the chrome extension using in-line installation:
$scope.installExtension= function(){
!!navigator.webkitGetUserMedia
&& !!window.chrome
&& !!chrome.webstore
&& !!chrome.webstore.install &&
chrome.webstore.install('https://chrome.google.com/webstore/detail/<some-id>',
successInstallCallback,
failureInstallCallback
);
};
function successInstallCallback() {
//location.reload();
}
function failureInstallCallback(error) {
alert(error);
}
This is something we recently changed in getScreenMedia. View the pull request to see how we did it:
I wrote about the changes on my blog, so look there for more details, but the important bits are:
Instead of creating a communication channel on chrome.runtime.connect, and messaging directly, we can use external messaging. Instead of posting a message to the window, which gets picked up by the content script and passed to the background script (and vice versa), we can use chrome.runtime.sendMessage(extensionId, options, callback) and, in the background script chrome.runtime.onMessageExternal. This works where the other solution doesn't, because background scripts are loaded immediately upon extension installation, whereas content scripts are injected on page load.
So, basically, the extension uses a different permission:
"externally_connectable": {
"matches": [
"https://example.com/*"
]
}
And a different API:
chrome.runtime.sendMessage combined with chrome.runtime.onMessageExternal
instead of
window.postMessage combined with window.addEventListener('message') and chrome.runtime.connect.
At least two different sites https://apps.mypurecloud.com and https://beta.talky.io do screen sharing with inline extension installation with no reload at all.
This may helps today. If you are running Janus demos on the localhost - just run it over https.
If you will run it over http : the getDisplayMedia function will not be declared (e.g. in Chrome), and then Janus will ask you for plugin install.
If you had installed your own Janus-server: to use https - you must to configure ssl-certificates in Janus server configs:
janus.transport.http.jcfg - if you're using https in server definition
janus.transport.websockets.jcfg - if you're using wss (and don't forget to enable secure web-socket in it)
Have you looked at Chrome Extension Inline Installation ...
https://developer.chrome.com/webstore/inline_installation
I was having the same problems until I put within the html <head> tag ...
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/[your-chrome-extension-id]" >
Your extension manifest also needs to include the domain that this head tag is on.
I'm trying to follow this procedure on Chrome's documentation:
http://www.chromium.org/administrators/linux-quick-start
Yet no policy is loaded by chrome. I tried to create the policies/managed and policies/recomended in /opt/google/chrome also but couldn't load the policies.
Is there any special configuration I have to make in order to load Chrome's policies ?
How can I know for sure what is the right place to put the policy file ?
This is part of a WIP trying to solve this question: Chrome Certificate Selection appears multiple times
It should be some cache or wrong parameter problem. As I discovered in Chrome discussion forum here: https://groups.google.com/a/chromium.org/forum/#!forum/chromium-discuss
in linux, Chrome and Chromiun have the same dir for policies, which is:
/etc/opt/chrome/policies/managed
if you put a valid file there it will load it. Double check the commas and parameters.
I am having the same issue. I placed my setting in
/etc/opt/chrome/policies/managed/managed_policies.json
The contents look like this:
{
“ExternalProtocolDialogShowAlwaysOpenCheckbox”: true
}
The file and all parent directories are readable by all users.
I tried reloading Chrome's policies via the url chrome://policy/ as well as restarting the browser and even the entire machine, but to no avail.
I am on Chrome 80 and Centos 7
What am I missing?
Thanks,
frank
/etc/chromium/policies/managed
this path worked for Chromium
" google-chrome --allow-file-access-from-files "
Like i have an app,that requires chrome to have this security restriction on local files removed.
So i cant type do this everytime i take the app.
Any ideas?
PS: It would be great if you can tell what the positives and negatives about it,as well as how to revert back if needed.
On Linux Operating System (specifically UBUNTU)
Slightly Permanent Method
Go to the menu entry/ launcher for Chrome (.desktop file)
Open the launcher properties dialog.
It should look something like this: ‘/usr/bin/google-chrome %U’
Change it to ‘/usr/bin/google-chrome --allow-access-from-files‘ to
make the flags work permanently
You may also need to delete and re-pin your launcher(s) after
modifying it. Chrome should launch with the specified flags enabled
after the modification.
PS: I found this here, haven't tried this out..