I'm trying to use the new chrome inline install feature for extensions (see here: http://code.google.com/chrome/webstore/docs/inline_installation.html).
I can't get it to work unfortunately, and have very little clues to go by. I've added the link element to the head element
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/pnnfemgpilpdaojpnkjdgfgbnnjojfik">
and I call
chrome.webstore.install();
in a jquery event handler. I've also verified my domain, however, I'm testing this on a local machine but have a subdomain pointed to my localhost (i.e. testing on dev.getbentobox.com which is mapped to localhost in my hosts file if that makes a difference).
When stepping through my js using the chrome debugger, chrome.webstore.install() is getting called and the function is defined. However, nothing happens - no install, no javascript exception, no console printing, nothing.
any ideas?
Your Chrome Web Store item doesn't show the verified site. If you compare it to the "We Heart It" extension, which can be inline installed from http://weheartit.com/heart-button, it has a green check saying "from weheartit.com". You'll need to edit your Web Store item, and associate your verified site with the item.
As of December 2018 (Chrome version 71), Google has disabled this feature. The workaround is to send the user to your extension in the Chrome Web Store.
Source: https://developer.chrome.com/extensions/inline_faq#change_dec18
What will change in M71 (Dec 2018)?
Beginning in M71, Chrome will no longer support the chrome.webstore.install() method and calling it will fail, resulting in a broken installation flow on your site. At this point calls to the API will throw a JavaScript TypeError. You should remove any calls to the API method before this date.
Related
I am using geo-location for a site running locally on my machine using HTTP on Chrome. However this does not work as I am running on HTTP as opposed to HTTPS.
On the console it says:
getCurrentPosition() and watchPosition() no longer work on insecure origins.
To use this feature, you should consider switching your application to a
secure origin, such as HTTPS. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
for more details.
Accoriding to Deprecating Powerful Features on Insecure Origins its says to start chrome using --unsafely-treat-insecure-origin-as-secure="http://example.com" flag. The command I ran was similar to:
chrome.exe --unsafely-treat-insecure-origin-as-secure="http://hello.app"
However, the same error message still appears.
How can I fix this issue.
None of the solutions worked for me.
I achieved this by following steps.
Type chrome://flags/#unsafely-treat-insecure-origin-as-secure in the address bar.
Add the origin which you need to treat as secure as shown in the below image.
Relaunch chrome.
You must have missed some steps. Try to follow this
Go to File Explorer then paste this to address bar >> C:\Program Files (x86)\Google\Chrome\Application (or just go to where you can find your chrome.exe)
Right click chrome.exe > send to > Desktop (Create Shortcut)
Go to your desktop then find the chrome shortcut you've created.
Rename it to ChromeForTesting (this step is optional)
Right click the shortcut, then Click Properties
At the "Target", paste the following at the end of the link
--user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
so Target should look somewhat similar to this
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
Click Ok..
During testing close all of your opened google chrome browser.
Then double click ChromeForTesting shortcut (the one you've created), when a prompt appears, just click ok..
EDIT: If the steps above does not work for you, you might be using Chrome V63, update it to V64 above cause this flag is messed up in V63.
P.S. If it's still not working follow these extra steps
At your drive C, create a folder and name it "ChromeTempFiles".
Then in your --user-data-dir= you change the value into "C:\ChromeTempFiles"
Add these to your target as well
--allow-running-insecure-content --reduce-security-for-testing
so your target should look like this now
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --unsafely-treat-insecure-origin-as-secure=http://example.com --allow-running-insecure-content --reduce-security-for-testing
You should also use a temproary fresh profile for that session. something like this:
chrome.exe --user-data-dir=/test/only/profile/dir --unsafely-treat-insecure-origin-as-secure="http://example.com"
Just an update to this for Chrome 70. This works perfectly
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --allow-running-insecure-content
Now does anybody know if there is an equivalent for firefox?
For Chromium 44 use
--unsafety-treat-insecure-origin-as-secure=http://192.168.0.101:3000
instead
--unsafely-treat-insecure-origin-as-secure=http://192.168.0.101:3000
See that bug
In Google Chrome, you simply type into the address bar, "chrome://flags", and search for, "--unsafely-treat-insecure-origin-as-secure", enable that flag, and enter into the field below (multiples may be entered separated by a comma) the domain you wish to treat as secure. This may or may not compromise your security, but I would assume not as getCurrentPosition() and watchPosition() are somewhat recently deprecated features. this works for publicly served domains, as well.
With Chrome 79 this setting doesn't work no matter what.
What I ended up doing was to configure the domain on a VPS to show some test webpage and then generate a valid certificate for it using Let's Encrypt's certbot.
Then I copied that certificate to my machine and it's now valid.
I'm trying to customize my own chrome://inspect/#devices , I see it uses utils.js and inspect.js and at the same time it uses a global "chrome" object in the original ones, how do I invoke it from my own inspect.js? Right know I just have a local clone:
Clone folder of chrome://inspect/#devices
devices.html
inspect.js
util.js
jquery.js
So I load devices.html but is not working, and the first obstacle I have is that global object "chrome" is not available for inspect.js.
I found a somehow related thread Can `chrome.*` extension API's be used inside content scripts?
chrome://inspect is one of the build-in Chrome pages (all are listed here - chrome://about/). These pages are considered an integral part of the browser and they have access to special actions (via chrome object). Browser will not inject chrome object into the regular pages (such as your copy of the inspect page).
Unfortunately, you won't be able to modify chrome://inspect page (even with an extension as you can't inject scripts into chrome:// pages). However, you might be able to recreate that page in an extension using debugger API.
I have installed the getting started polymer app (yo polymer).
And I am setting the auto-register to false on the platinum-sw-register element.
As I am not calling the elements register method I do not expect the service worker to be registered. But in chrome dev tools I can see service worker which seems to be activated and running even after deleting it and refreshing the page.
Am I misunderstanding what this property is used for? I was expecting not to see the service worker in the chrome dev tools until I manually called the register method on the element.
You've got a correct understanding of what that property is for.
I'd recommend using a new Chrome Incognito window when experimenting with service workers (including those registered via <platinum-sw-register>). It ensures that you'll start fresh each time.
I just modified a local copy of the demo to remove the document.querySelector('platinum-sw-register').register(); call, and confirmed that in an Incognito window, there's no service worker registration listed under chrome://serviceworker-internals/. So the property appears to be behaving as intended.
Chrome had introduced the use of extensions for WebRTC Screen Sharing. In this, each domain has to have the extension so that people install the extension in order to share the screen using webrtc.
Here is my use case:
During an on-going webrtc video call, if one person needs to do screen sharing and doesn't have the extension then after installing the extension one is required to refresh the page. This interrupts the call and both people need to join the call again.
I want to control the user experience using javascript so that refresh is not required. But if we don't do refresh, html page doesn't recognize the recently installed extension.
I have seen many open source code regarding this but none of them has use case similar to mine. They assume the extension to be installed during the session.
However, I had seen www.uberconference.com and they have similar use case. I tried installing the screen sharing extension during a live call and it did not require the page refresh and did not interrupt the call. It did the screen sharing right after extension was installed.
I could not understand how they did it as uber is not open source. Many people say that refresh is must after installing the extension. Any help in this case will be highly appreciated.
Here is how I install the chrome extension using in-line installation:
$scope.installExtension= function(){
!!navigator.webkitGetUserMedia
&& !!window.chrome
&& !!chrome.webstore
&& !!chrome.webstore.install &&
chrome.webstore.install('https://chrome.google.com/webstore/detail/<some-id>',
successInstallCallback,
failureInstallCallback
);
};
function successInstallCallback() {
//location.reload();
}
function failureInstallCallback(error) {
alert(error);
}
This is something we recently changed in getScreenMedia. View the pull request to see how we did it:
I wrote about the changes on my blog, so look there for more details, but the important bits are:
Instead of creating a communication channel on chrome.runtime.connect, and messaging directly, we can use external messaging. Instead of posting a message to the window, which gets picked up by the content script and passed to the background script (and vice versa), we can use chrome.runtime.sendMessage(extensionId, options, callback) and, in the background script chrome.runtime.onMessageExternal. This works where the other solution doesn't, because background scripts are loaded immediately upon extension installation, whereas content scripts are injected on page load.
So, basically, the extension uses a different permission:
"externally_connectable": {
"matches": [
"https://example.com/*"
]
}
And a different API:
chrome.runtime.sendMessage combined with chrome.runtime.onMessageExternal
instead of
window.postMessage combined with window.addEventListener('message') and chrome.runtime.connect.
At least two different sites https://apps.mypurecloud.com and https://beta.talky.io do screen sharing with inline extension installation with no reload at all.
This may helps today. If you are running Janus demos on the localhost - just run it over https.
If you will run it over http : the getDisplayMedia function will not be declared (e.g. in Chrome), and then Janus will ask you for plugin install.
If you had installed your own Janus-server: to use https - you must to configure ssl-certificates in Janus server configs:
janus.transport.http.jcfg - if you're using https in server definition
janus.transport.websockets.jcfg - if you're using wss (and don't forget to enable secure web-socket in it)
Have you looked at Chrome Extension Inline Installation ...
https://developer.chrome.com/webstore/inline_installation
I was having the same problems until I put within the html <head> tag ...
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/[your-chrome-extension-id]" >
Your extension manifest also needs to include the domain that this head tag is on.
Okay, so I'm a student programmer in my college's IT department, and I'm doing browser compatibility for a web form my boss wrote. I need the user to be able to open a local file from a shared drive with a single click.
The problem is that Firefox and Chrome don't allow that for security reasons. Thus, I'm trying to write a custom protocol of my own to open an address in Internet Explorer regardless of the browser being used.
Can anyone help me with this? I'd also be willing to try an alternative solution to the problem.
The below worked for me, is this what you mean?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo]
#="URL: foo Protocol"
"URL Protocol"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\DefaultIcon]
#="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell\open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell\open\command]
#="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe \"%1\""
Just to note, I'm running Win7Pro, so you may have to move around file path(s) to conform to your environment.
And if that doesn't work, create a proxy between the protocol and the browser, pass the argument(s) from foo:// to that, parse what's necessary, then hand it off to IE using start iexplorer.exe "args".
I'm unsure whether I understand your question, if it is how do I open local files using chrome/firefox, this is your anwser:
First a disclaimer, I have never done this and cannot vouch for the accuracy of my response
IE
Microsoft's security model is pretty fail so you can go right ahead and open these files
FireFox
Some quick googling found that Firefox can do this after either editing prefs.js as outlined here or installing an addon called LocalLink
Chrome
Practically impossible due to its security, until now when locallink was ported to chrome.