I'm having trouble integrating the Dropbox API with a Chrome extension. Upon trying to authenticate the Dropbox, the redirect to the Dropbox confirmation/permission page works just fine, but the redirect back to the Chrome app fails. This is the error in the console:
Denying load of chrome-extension://mlabibnomhfmephibijgghejmmmbigpi/chrome_oauth_receiver.h…sGbCG&token_type=bearer&uid=14169733&state=oas_hquvrf6k_0.ycudjb24vysexw29. Resources must be listed in the web_accessible_resources manifest key in order to be loaded by pages outside the extension.
It seems that Chrome is preventing Dropbox from redirecting back to a page within the extension. Several hours of experimenting with permissions have yielded nothing.
Here's the manifest.json:
{
"name": "MyApp",
"description": "Description",
"version": "1.0",
"icons": {"16":"icon.png",
"48":"icon.png",
"128":"icon.png"},
"manifest_version": 2,
"permissions": [
"http://*/*",
"https://*/*",
"<all_urls>",
"tabs",
"storage",
"background",
"bookmarks",
"clipboardRead",
"clipboardWrite",
"contentSettings",
"contextMenus",
"cookies",
"debugger",
"history",
"idle",
"management",
"notifications",
"pageCapture",
"topSites",
"webNavigation",
"webRequest",
"webRequestBlocking"
],
"background": {
"scripts": ["backgroundcollector.js"]
},
"browser_action": {
"default_icon": "icon.png"
},
"web_accessible_resources": [
"http://*/*",
"https://*/*",
"<all_urls>",
"chrome-extension://mlabibnomhfmephibijgghejmmmbigpi/chrome_oauth_receiver.html&response_type=token&state=oas_hquul1r4_0.1qwu7sh12pqzolxr",
"chrome-extension://*/*"
],
"content_security_policy": "script-src 'self' https://www.dropbox.com; object-src 'self'",
"key": "(included so that the extension gets a persistent extensionID)"
}
(The large number of permissions is the result of a lot of experimenting to get this to work. Obviously they'll be removed later.)
Thanks in advance!
You've got a truckload of trash in your manifest file...
To allow other web pages to redirect to a page within your extension, you have to put this file at "web_accessible_resources", without chrome-extension://.. prefix, like this:
"web_accessible_resources": [
"chrome_oauth_receiver.html"
],
You should request as few permissions as possible, see Declare permissions for a list of descriptions for each permission. I guess that you can get rid of almost every permission after reading that document.
Related
im trying to create a chrome extension for my company's web app, but upon reading the docs i couldnt find any permission or chrome api that allows a chrome extension to access the webcam, all i could see were permissions to record screens. is there anyway a chrome extension can access a users webcam? or i would have to look for other means.
my manifest.json:
{
"name": "Intaclips",
"description": "Intaclips chrome extension for intaviewer",
"version": "0.1.0",
"manifest_version": 2,
"icons":{
"19": "./icons/icon-19.png",
"32": "./icons/icon-32.png",
"48": "./icons/icon-48.png",
"128": "./icons/icon-128.jpg"
},
"background": {
"scripts": ["./background.js"]
},
"options_page": "./options.html",
"browser_action": {
"default_popup": "popup.html"
},
"permissions": [
"tabs",
"unlimitedStorage",
"activeTab",
"clipboardWrite",
"cookies",
"storage",
"https://www.app.intaviewer.com/*",
"https://www.google.com/*",
"https://www.linkedin.com/*"
],
"content_security_policy": "script-src 'self' https://static.opentok.com/v2/js/opentok.min.js; object-src 'self'"
}
Help in solving this issue will be well appreciated
I think you have to use a third party library like "p5.js"
I have a page in block.html in extension directory. I want match content script with the page name.
Check my manifest file below, there is content_script match:
{
"manifest_version": 2,
"name": "Cobra Security ATD",
"version": "1.0",
"description": "Cobra Security Advance Threat Defence.",
"icons": {
"48": "img/48-48.png",
"128": "img/128-128.png"
},
"browser_action": {
"default_icon": "img/16-16.png",
"default_title": "Cobra Security Advance Threat Defence",
"default_popup": "popup.html"
},
"background": {
"scripts": ["js/jquery-1.11.1.js","js/event.js"],
"persistent": false
},
"content_scripts": [
{
"matches": ["http://*/*block.html"],
"js": ["js/jquery-1.11.1.js","js/block.js"]
}
],
"permissions": [
"<all_urls>",
"tabs",
"webNavigation"
]
}
One does not inject content scripts into chrome-extension:// pages. You cannot indicate this schema in the manifest, and you can't indicate a host permission that would allow you to inject it.
Since it's an extension that you control, you don't need to inject scripts for anything!
If you want to put code in it, you.. put code in it, in a <script
src="..."> fashion.
If you want to inform the page of some event, you use Messaging.
If you want to pass some information when you open the page, you can
use this trick, sending a request back for data.
I've made a Chrome extension and set a browser_action in my manifest. This puts a little icon in the browser bar, and then clicking that runs background.js which opens the app in a new tab.
However, I notice that on the web store, my app icon is listed inside a little jigsaw piece, and it doesn't appear on the Chrome New Tab page like other 'apps' I've installed.
Do I need to set something specific in my manifest.json file for it to be listed as an 'app' instead of an extension? Is there any benefit to even making it an app apart from removing the jigsaw piece and having it listed on the new tab page?
Here's my manifest.json file:
{
"manifest_version": 2,
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"name": "Super Simple Tasks",
"description": "A very simple tasks app that uses localStorage.",
"version": "1.1",
"icons": {
"16": "img/icon16.png",
"48": "img/icon48.png",
"128": "img/icon128.png"
},
"permissions": [
"tabs",
"storage"
],
"offline_enabled": true,
"background": {
"scripts": ["background.js"]
},
"browser_action": {
"default_icon": "img/icon19.png",
"default_title": "Super Simple Tasks"
}
}
You need to specify that it is an app:
"app": {...},
This will explain how to format your manifest: https://developer.chrome.com/trunk/apps/manifest.html
I have been developing a chrome extension locally. I just finished it and wanted to upload it to the Chrome Web Store. When I uploaded it and it told me:
An error occurred: Invalid manifest. If your manifest includes comments, please remove them as our gallery does not support them yet.
I checked the JSON to make sure it it was valid and as far as I can tell it is fully valid. I tried naming it differently and uploading it and it still didn't work. I also tried changing the encoding and that did not work. The Manifest is below
{
"name": "Name",
"version": "0.0.0.0.1",
"manifest_version": 2,
"description": "Description",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"icons": { "128": "icon.png"},
"permissions": [
"tabs",
"http://*/*",
"webNavigation",
"history",
"storage"
],
"content_scripts": [{
"matches": ["http://*/*", "https://*/*"],
"js": ["js/jquery.min.js", "js/tab.js"]
}],
"background": {
"page": "background.html"
}
}
Does any one have any clue what the problem is? It is really frustrating to get this after finally finishing the extension.
Used your manifest.json, got this error.
Could not load extension from '/Users/jjperezaguinaga/samples/ext'. Required value 'version' is missing or invalid. It must be between 1-4 dot-separated integers each between 0 and 65536.
I removed some 0's from your version and I was able to load it.
replace
"version": "0.0.0.0.1"
with
"version": "1.0"
XMLHttpRequest cannot load http://localhost:4567/save. Origin chrome-extension://cbemaelkkmebiohhjgmlclegalijdbbh is not allowed by Access-Control-Allow-Origin.
Even thought I'm getting this error the extension seems to be calling the URL. The message passing from contentscript.js to background.html took me a few minutes to wire up, but seems ok. I'm confused.
Here is my manifest.
{
"name": "FirstExt",
"version": "1.0",
"description": "My First Extension",
"browser_action": {
"default_icon": "icon.png",
"popup": "popup.html"
},
"content_scripts": [
{
"matches": ["http://*"],
"js": ["jquery.min.js", "contentscript.js"]
}
],
"background_page": "background.html",
"permissions": [ "http://*",
"http://localhost:4567/*" ]
}
Try changing http://* to http://*/ (and removing the localhost entry).
If you're trying to access a https page, you will need that too.
Replace "http://*" with "<all_urls>".