Google Chrome App submission permissions - manifest

I want to submit my Web app which is hosted on my own domain to Google Chrome Web store. I wanted to know if I need to enter anything in the 'permissions' section to allow access to my javascript, iamges and css files (static files) or for hosted sites, you don't need to put anything in the permissions? Thanks.
Here's my manifest (with sample data):
{
"name": "My website name",
"description": "my website description.",
"manifest_version": 2,
"version": "1",
"app": {
"urls": [
"*://mywebsite.com/"
],
"launch": {
"web_url": "http://mywebsite.com/page/"
}
},
"icons": {
"128": "icon_128.png"
},
"permissions": [
]
}

Related

Google App ID losing after upgrading NWJS to last version from 0.37.3

I have a legacy Google Chrome installable Apps packaged with NWJS as a standalone app.
I were using NWJS version 0.37.3 but now had to upgrade to last 0.56.0 because of Big Sur compatibility problems.
Now the problem is that the app generated with last NWJS sdk don't mantain old Google chrome app ID but got a new ID (testable in console with chrome.runtime.id).
So upgrading installed apps I were loosing old local data (local files, database, settings etc).
In manifest.json I have a "key" field with the app key that in old 0.37.3 was responsible to maintain chrome.runtime.id.
How I can keep using the same chrome.runtime.id with new NWJS SDK or any workaround to not loose existing local data?
My current manifest.json
{
"key": "MIGfM....B",
"name": "MyApp",
"description": "my app",
"version": "309",
"manifest_version": 2,
"default_locale": "en",
"nodejs": true,
"permissions": [
"<all_urls>",
"storage",
"browser",
"unlimitedStorage",
{
"fileSystem": ["write", "retainEntries", "directory"]
},
"videoCapture",
"nativeMessaging",
"webview"
],
"icons": {
"16": "images/favicon/favicon-16x16.png",
"128": "images/favicon/apple-icon-128x128.png"
},
"app": {
"background": {
"scripts": [
...
]
}
},
"chromium-args": "--ignore-certificate-errors",
"build": {
"appId": "my.app",
"nwFlavor": "sdk",
"output": "../package/",
"nwVersion": "0.56.0",
"outputPattern": "${NAME}-${VERSION}-${PLATFORM}-${ARCH}",
"targets": ["zip"],
"win": {
"icon": "images/favicon/win-app.ico",
"copyright": "..."
},
"mac": {
"icon": "images/favicon/mac/icon.icns",
"copyright": "..."
},
"nsis": {
"icon": "images/favicon/win-app.ico"
},
"excludes": ["**/bower_components", "**/bower_components/**/*"]
}
}
I'm not familiar with this, but seems like something that should be documented. I've created an open spreadsheet (anyone with link can edit), that documents all the versions of NW.js and their details. The data comes from the official versions list. And I've manually added the chrome.runtime.id's for some versions I had locally. I think some scripting will be needed to flesh out the rest of the versions, but at least there is now a public place for the info to go to.
https://docs.google.com/spreadsheets/d/16Y-mH5GzFL8BXLXCwzkvKQ7Vg4t4c2Jt6WgZaAAZPwc/edit?usp=sharing

A justification for remote code use is required. - Chrome Extenstion

My Extension is not getting published because of 2 error
A justification for remote code use is required.
The single purpose description is required.
Here's my manifest:
{
"name": "Spotlight",
"icons": {
"128": "icon_128.png",
"96": "icon.png"
},
"description": "Spotlight - Browse open tabs, search history, bookmarks, downloads, and do much more!",
"version": "1.19",
"manifest_version": 2,
"permissions": [],
"update_url": "https://clients2.google.com/service/update2/crx",
"homepage_url": "https://usespotlight.co",
"optional_permissions" : [
"<all_urls>",
"tabs",
"bookmarks",
"history",
"downloads",
"storage"
],
"background": {
"scripts": ["background.js"],
"persistent": false
},
"browser_action": {
"default_icon": "icon.png"
},
"commands": {
"toggle-feature": {
"suggested_key": {
"default": "Ctrl+M",
"mac": "Command+M"
},
"description": "Toggle spotlight"
}
}
}
You have to go to the new developer dashboard and fill out these fields under the Privacy menu.
Go to https://chrome.google.com/webstore/devconsole/ then click on Privacy menu (3th tab on the left) then fill all your purpose description. After that you can release your extension normally
These new requirements are not actually part of the manifest. In the new developer console, click your item and go to the privacy tab. You can find the various requirements there.
ActiveTab - Used to open tabs
Host Permission - Used to load files onto certain websites
"matches": [
"https://www.google.com/"
],
"js": [
"googleHome.js"
]
Single purpose description is an old suggestion and a new requirement. Just now being enforced because extensions are supposed to be small and serve a single purpose.

Why does it show "Visit Website" and not Add extension?

I would like publish a website (web app) on our intranet as chrome app in the google web store.
I want to publish this app to all Computers in my domain, I've seen that I can do this with the GPO of Google and it works with every extension but not with mine.
So the problem I ran into is that if I publish my app in the chrome web store you can't download it. It only says "Visit Website". As shown in the picture here: Visit Website Button in the web store
This is how my manifest.json looks like:
{
"manifest_version": 2,
"name": "Support-Ticket",
"version": "1.0",
"icons": {
"128": "128.png"
},
"app": {
"urls": [
"https://intranet.*.com/example"
],
"launch": {
"web_url": "https://intranet.*.com/example"
}
},
"permissions": [
"notifications"
]
}
I've tested it with another little app where the manifest looks like this:
{
"name": "Support Test",
"version": "1.0",
"icons": {
"128":"128.png"
},
"manifest_version": 2,
"browser_action": {},
"permissions":[
"tabs"
],
"background":{
"scripts": ["background.js"],
"persistent": false
}
}
And the .js like this:
chrome.browserAction.onClicked.addListener(function(tab) {
chrome.tabs.create({'url': chrome.extension.getURL('index.html')}, function(tab) {
// Tab opened.
});
});
I would like to have this website as chrome app and than install it on all computers in my domain with a shortcut in the Start Menu or Desktop.
Update:
I managed to create the app and display the intranet on the app with the html tag "webview".
Now it looks like this:
Window Frame
Does anyone know how I can change the color of the window frame to a darker grey?

Using chrome.runtime.sendmessage to communicate from a webpage to a packaged app

I'm trying to communicate from a web page to a packaged app. The idea is to have the web page read a number from a serial device. Because I want to access the serial device, I need a packaged app and can't use an extension. This is pretty similar to Keep Chrome Packaged App running in background? and it seems that Chrome documentation says this is possible.
How can I execute the chrome.runtime.sendMessage from a regular web page? When I do so, I get *Uncaught TypeError: Cannot read property 'sendMessage' of undefined. My simple function is:
function doFunction(){
chrome.runtime.sendMessage(editorExtensionId, {openUrlInEditor: url},
function(response) {
if (!response.success)
handleError(url);
});
}
My packaged app loads and can access the serial ports. But my suspicion is the manifest isn't "enabling" the chrome.runtime of the regular webpage. Manifest.json:
{
"name": "Hello World!",
"description": "My first Chrome App.",
"version": "0.1",
"app": {
"background": {
"scripts": ["background.js"]
}
},
"icons": { "16": "calculator-16.png", "128": "calculator-128.png" },
"permissions": [
"serial",
"*://localhost/*"
],
"externally_connectable": {
"matches": [
"*://localhost/*"]
}
}
Maybe it's the ://localhost/ which I'm using for testing. But Chrome does not complain.
Any ideas out there? Thanks in advance.
Xan's comment did the trick.
While Chrome did not complain about *://localhost/*, it did not work. Chrome did complain about other combinations such as file://localhost/.
I added foo.com to host file and then served up my web page through a web server, and it worked! I can communicate from my web page to my packaged app.
Note that browsing to file://www.foo.com/hostpage.html did not work. But browing to http://www.foo.com:3000/hostpage.html did. (I'm using Rails, hence the 3000 port).
Morale of the story: When testing locally, you need to add an entry with a bogus second level domain to your host file.
Here's my manifest.json:
{
"name": "RFID Tag Reader",
"description": "Reads RFID Tags connected via USB reader",
"version": "0.0.0.1",
"app": {
"background": {
"scripts": ["background.js"]
}
},
"icons": {
"16": "rfid-16.png",
"128": "rfid-128.png"
},
"permissions": [
"serial",
"*://www.foo.com/*",
"*://arealsite.net/*"
],
"externally_connectable": {
"matches": [
"*://www.foo.com/*",
"*://arealsite.net/*"
]
}
}
Adding "*://localhost/*" to externally_connectable worked for me.

How do I get the checkbox "Allow access to file URLs" to show up next to my app? I have file write permissions in manifest

More Info/Update
I packaged and installed google's own sample app showing filesystem access and it also does not show the checkbox!
You can find it here: https://github.com/GoogleChrome/chrome-app-samples/tree/master/filesystem-access
Original Post
I have the permission asking for filesystem.write ability in my manifest but on the chrome://extensions page, the check box doesn't show up. And when I click "permissions" next to my app's icon, it only shows:
"Write to files that you have opened in the application"
What am I doing wrong? (This is a hosted app)
manifest.json
{
"manifest_version": 2,
"name": "Hello World",
"description": "A test application",
"version": "2.0.3.92",
"minimum_chrome_version": "23",
"offline_enabled": true,
"update_url": "http://mywebsite.com/updates/helloworld.xml",
"icons":
{
"16": "icon_16.png",
"128": "icon_128.png"
},
"app":
{
"background":
{
"scripts":
[
"utils.js",
"fs.js",
"main.js"
]
}
},
"permissions":
[
"unlimitedStorage",
"fullscreen",
{
"fileSystem":
[
"write"
]
},
"background",
"http://*/",
"tabs"
]
}
To get this to work you need either:
permissions: [ "<all_urls>" ]
or a scheme starting with file:///.
If you try *://*/* that will not work as it only represents http or https