UPDATE: Solved one part, but not other
I have the CRX updating now (it was not rebuilding).
However, Chrome will not accept the XML or CRX at an https URL.
I believe #2 is because it's a self-signed certificate. Does anyone know if there's a way around this? (This is purely for development, so hosted internally)
ORIGINAL POST:
I created a packaged extension that is hosted on my internal website, but is added to Chrome via dragging it from the desktop (because Chrome won't allow installing packaged extensions via external websites - see here: After adding ExtensionInstallSources preference with my URL to Chrome Preferences, still won't allow installing ".crx" packaged app ).
The manifest has the update_url set to an XML file located on my site. That XML file has the url for the crx file set under updatecheck codebase='...'. Both files exist on the website and are findable. I also upated the version number from 2.0.0.2 to 2.0.0.2 in both the XML file and the manifest.json. I also made a change in the index.html file of the extension.
I checked the appid and it is the same in the XML file and in Chrome.
Despite clicking the "update extensions now" button about 50 times, and waiting 10 minutes, it does not update.
NOTE: I did alias the internal ip 192.168.1.108 where the site is hosted in my hosts file as myinternal.fake but this works in both chrome and firefox so I don't think that's the issue
Update XML File (located at: https://myinternal.fake/updates/helloworld.xml)
<?xml version='1.0' encoding='UTF-8'?>
<gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>
<app appid='akchdaojnpiglpjeiamjpacbkppcgbgj'>
<updatecheck codebase='https://myinternal.fake/helloworld.crx' version='2.0.0.2' prodversionmin='23' />
</app>
</gupdate>
manifest.json
{
"manifest_version": 2,
"name": "Hello World",
"version": "2.0.0.2",
"minimum_chrome_version": "23",
"update_url": "https://myinternal.fake/updates/helloworld.xml",
"icons":
{
"16": "icon_16.png",
"128": "icon_128.png"
},
"app":
{
"background":
{
"scripts":
[
"main.js"
]
}
}
}
EDIT: I also checked and the header is an acceptable one for Chrome (according to this: http://developer.chrome.com/dev/extensions/hosting.html). It sends the CRX file as "text/plain" and does NOT send the header X-Content-Type-Options: nosniff so it should be valid.
Also, when I changed from https to http, now when I click "update extensions now" the extension disappears for a split second which indicates it's now reading the XML, but still not accepting the update!
The issue is with self-signed certificates and Chrome. Chrome does not accept Extension updates form self-signed certificates unless they're an "accepted" authority. These steps will make it work:
Follow these steps: https://stackoverflow.com/a/15076602/857025 to export your certificate and then import it as an authority
Close Chrome
Restart Chrome
Close extensions window if opened
Reopen via "chrome://extensions" and then click "update extensions now"
It should then update your extension located on a self-signed https connection.
UPDATE This is not a perfect solution as Chrome appears to be a bit wonky in accepting self-signed certs. It randomly stops seeing updates. If I switch back to using regular http (for the update_url and the CRX's url), updates happen every time.
I checked and my cert is still a trusted authority but Chrome suddenly stopped recognizing updates, so there must be an issue with this.
By the way Google Stopped supporting updating extensions that are hosted outside of Chrome Webstore: http://blog.chromium.org/2013/11/protecting-windows-users-from-malicious.html
Related
I am trying to get U2F to work under Chrome. I'm developing so I'd like it if I could connect to my local web server with not HTTPS certificate.
I am running Chrome in OSX
Currently my workflow is
Quit all instances of Google Chrome.
Restart Google Chrome with the --show-component-extension-options command-line flag.
Navigate to chrome://extensions and enable Developer Mode by clicking a checkbox in the top right corner.
Find the CryptoTokenExtension extension.
Click on "background page". This will open a Developer Tools window, including a Console.
In the console, type:
HTTP_ORIGINS_ALLOWED = true;
and it still doesn't work. What step am I missing
Just changing the value won't reregister the extension's manifest.json which has to be patched too:
"externally_connectable": {
"matches": [
"https://*/*"
],
You can manually edit resourse.pak file in any binary/hex editor (not a text editor).
In Windows it's usually in %LocalAppData%\Google\Chrome\Application\xxxxx\resources.pak
Backup the file
Find "fjajfjhkeibgmiggdfehjplbhmfkialk"
Replace the nearby "https://*/*" with "*://*/*"
Optionally edit HTTP_ORIGINS_ALLOWED
Save and restart Chrome
You can automate this by writing a simple patcher in node.js or any other scripting language.
P.S. Not tested.
I try to auto-install a chrome extension on a WIN10 device that have no connection to the internet and thus can not access the Chrome Web Store. So uploading the extension to the CWS is no option. The extension exists as a crx file on a server in a network and on the device.
On Chrome Versions 59 and lower I could install the extension via settings in the registry. When Chrome was started, the user was ask if he wants to install the extension.
For this I used the registry key ExtensionInstallWhitelist and defined the path and version of the extension under the key "[...]/Google/Chrome/Extensions/[ExtensionID]".
But since Version 60 the extension does not appear in Chrome anymore. So I tried to auto-install the extension via an Active Directory domain policy.
I have imported the chrome policy templates and configured the entry ExtensionInstallForcelist (http://www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist) in the group policy editor. This policy setting is listed on the chrome://policy page in Chrome. But the extension does not appear in Chrome. The ExtensionInstallForcelist entry contains "[ExtensionID];[url where the crx file resides]". I also tested this with an url to an "Update Manifest XML document" which points to the crx file. Neither of them worked.
Does anyone know, if Chrome 60+ still supports this?
Is my configuration incorrect?
Any help will be appreciated, thanks!
I have a chrome extension (.crx) that when I install it directly everything works fine, but doesn't when I try to load it in developer mode with the manifest.json I created.
I no longer have access to the developer who wrote this extension for me, so I tried to package it for the Chrome store myself.
To explain in more detail. The usecase where my chrome extension works:
I open the extensions area in Chrome
I drag and drop the .crx file into my chrome extensions dashboard
My icon appears as expected in the toolbar
I click on the icon and the dialog box for my extension appears as expected
The usecase where my packaged chrome extension doesn't work (after uninstalling the .crx file):
I created a package, with the manifest.json described below incorporating the exact same .crx file used successfully above.
To test the package, I went to the extensions dashboard, made sure my "Developer Mode" checkbox was enabled, and selected the "Load Unpacked Extension".
No errors, and the icon loads just fine.
I click on the icon in the browser toolbar, nothing happens! No dialog appears even though it is the exact same .crx file.
Here's the manifest.json I created:
{
"manifest_version": 2,
"name": "Rock the Deadline Curation Extension",
"version": "5.2",
"description": "This extension allows you to bookmark and curate content into RTD Studios and share with other studio users.",
"icons": {"128": "RTD-Square-Icon_128x128.png"},
"browser_action": {
"default_icon": {
"19": "discover-iconx19.png",
"38": "discover-iconx38.png"
},
"default_title": "RTD Studios"
}
}
Any thoughts? Thanks so much in advance!
Reverse engineering an extension could be a complicated process, and I wouldn't recommend it if you don't need to. But a .crx file is a .zip file with some extra stuff at the beginning. This means that you may be able to unzip the file as if it were a .zip file, and ignore any error that comes up. I've not been able to do this with Windows right click "Extract All", but I have done this with the Mac OS X unzip command. Once you have the extracted folder, you can load the extension using your second step 2 above.
I made some changes to a Chrome Extension of mine, I updated the manifest.json by changing the extension's version number and, finally, I uploaded it to the Chrome Web Store.
Here is the url.
Now if you try to install it, you'll get an "invalid manifest" error.
The problem here is that I don't either get this error with the locally unpacked version or when I upload the extesion to the Chrome Web Store.
This is the manifest.json
I have created pretty easy extension that is working well in "load unpacked mode" and even as .crx file. But I can't install it from Chrome Store, it says "no file" while I trying to install it. Other users reporting about the same problem. Is there something at my side or google side?
ps. extension page, source code.
Google Chrome considers a file to be installable if either of the following is true:
The file has the content type application/x-chrome-extension
The file suffix is .crx and both of the following are true:
The file is not served with the HTTP header X-Content-Type-Options: nosniff
The file is served with one of the following content types:
empty string
"text/plain"
"application/octet-stream"
"unknown/unknown"
"application/unknown"
"*/*"
Take a look here
I had the same problem, unfortunately mine stayed broken for 2 days. I managed to fix it simply by bumping up the version number and re-uploading the zip file.