Is there a command line option where I could launch chrome with the developer tools disabled? The scenario is this - I want to have an extension that will autofill info into forms, but if the form has a password field that the user shouldn't have, by opening up the dev tools and playing in the console it would be easy to discover, which is something I've been asked to prevent - is this possible?
Not possible. There is no such flag in Chrome.
From a security point, passwords should never be filled in by anybody other then the user himself.
The client should never-ever receive sensitive data that the user is not proven to be authorized to have.
And no, you cannot affect client-side applications. Chrome is not the only browser that has inspection tools.
Related
Looking for the best way to lock chrome browser tweaking per user on shared lab computers so each user gets a consistent experience on login. Currently some users will pollute the chrome experience requiring the IT team to do some housekeeping. I would like to remove all user changes if possible, so each experience is fresh clean browser.
Tried: GPO in place to block the settings url changes and clear history on exit but customize is still available. Reached out with no luck, seems like support is firewalled at google and out of reach.
I'm building a website using simple passwords like 'abc123'. Chrome pops up this message everytime I log in my website and is very annoying. I can't find ways to turn it off. All solutions I searched are about removing passwords settings.
Please let me know any ways to turn this pop up off. Thank you.
The duplicate target I linked (Can I disable Chrome password check only for localhost?) only covers removing type="password" from your input elements.
As a more extreme measure, this Google support thread proposes disabling the feature browser-wide. You should consider whether this is a good solution for your other browsing habits before turning it off to improve the development experience.
To turn off this feature:
Go to Chrome settings and go to Sync and Google services.
Turn off Warn you if passwords are exposed in a data breach.
I'm using a client certificate to authenticate with HTTPS to a website.
The first time, chrome asked me which certificate I wanted to use.
However, I don't how to flush/forget this choice to choose another certificate. Chrome remembers it and I didn't find (either in stackoverflow or chrome settings) a solution to that.
The only way I found is to open a new window in private mode.
Anyone know how to do it ?
Restarting the browser will help and ask you again.
Looking forward to see better solutions.
Open the target URL in an incognito session, and it should re-prompt. Not a great solution, but to me it beats having to restart all of Chrome, especially if you already had a lot of important tabs open.
This particular thing has sucked since the beginning of web browsers. The only solution is to use the platform APIs to build extension to manage client certificates. This is in fact what Google recommends but it's mainly for CAs and other solution providers. So the only way is to reload the browser or use incognito windows.
I have been logged-in into stackoverflow in Chrome browser with my Google credentials and then I open stackoverflow in Firefox Developer Edition browser and tried to login again in Firefox with Google credentials. I have been automatically logged-in. I clicked to log out and after logout when try to login with Google credentials, I have been automatically logged-in again.
As per my knowledge, Firefox and Google chrome doesn't share the session.
So, I am curious to know whether this new FDE browser share session
with chrome or is it the feature of StackExchange?
No. Firefox/Chrome doesn't share sessions. Auto relogin is feature of Stackexchange. You can completely uninstall one of the browsers, clear cache and retry and this will still work.
Firefox/Chrome uses entirely different browser engines. Firefox based on Gecko and Chrome is based on Blink - each with it's own data storage formats. They may use sqlite, but Chrome still saves secure passwords with operating system security features like keystore in osx. Firefox saves password internally. Even if they wanted to, for data exchange both browser would need to arrive at a common data exchange formats with a LOT of security implications.
I’m using the AppCache in order to enable offline access for a web app. The issue is that for development every time I make a change to my JavaScript I also need to make a change to the manifest (in order to trigger a re-download of the cached field). Now I know that in FireFox you can disable the AppCache (in fact you are prompted when you first visit the page whether to grant permission to web site to store data locally) which makes it a lot more convenient for development.
My question is there a similar option for chrome and safari?
I know that I can view/Edit the AppCache in chrome via chrome://appcache-internals/, what I’m looking for is a way to disable it.
Thanks
In Chrome, use Incognito Mode. Okay, it's probably not what it was originally intended for, but it does the job. Nothing gets cached, and now developers everywhere have a handy excuse for why they might be using Incognito Mode.
I assume there's similar 'Private Browsing' functionality available in Safari.
EDIT: I see from your comment that you want to disable Cache Manifest functionality only. Try starting Chrome from a Command Line with the --disable-application-cache switch.