Is it possible to use geolocation API in chrome extension without including the "geolocation" permission in manifest.json?
Like can we ask permission through the background.html file which runs the extension?
You can use it in a content script without declaring a permission.
This would trigger a standard notification bar asking if you want to allow current site (not your extension) to access geolocation. If user allows it, you can then pass received geolocation position to a background page for further processing.
This approach might work if your extension is injecting a content script to a single domain, otherwise user would have to allow geolocation for each domain they visit.
The code should look like:
navigator.geolocation.getCurrentPosition(function(position) {
console.log("Latitude : "+position.coords.latitude+":"+"Longitude : "+ position.coords.longitude);
});
Nope:
"An array of permissions that the extension or app might use. Each permission can be either one of a list of known strings (such as "geolocation") or a match pattern that gives access to one or more hosts. Permissions can help to limit damage if your extension or app is attacked."
http://code.google.com/chrome/extensions/manifest.html
...and here:
Your physical location "geolocation" permission Allows the extension to use the proposed HTML5 geolocation API without prompting the user for permission.
http://code.google.com/chrome/extensions/permission_warnings.html
Actually, after looking at it a bit more you can but the user will be prompted for permission:
http://www.html5rocks.com/en/tutorials/geolocation/trip_meter/
...and this page from Google says you can use this API and others:
http://code.google.com/chrome/extensions/api_other.html
Related
When using chrome.webNavigation the webNavigation permission is needed. As stated on Permission Warnings, using that permission makes the installer to show the warning message:
Read your browsing history
In my case, I only want to listen to one specific domain, let's say domain.com. So, I need to filter the callback for chrome.webNavigation.onCompleted.addListener().
Now, from the user perspective, they could distrust the chrome extension since "Read your browsing history" is too broad and the extension should only work on domain.com.
When a match pattern is used in the permissions, a message like Read and change your data on all domain.com sites and www.domain.com is used.
Is there any other way to use chrome.webNavigation and only listen to one domain? where chrome extension issues/feature requests should be sent?
Update: I had to use webNavigation in order to support AJAX calls. That is, listen to changes in the DOM and the URL made with AJAX. I solved this particular case by using a MutationObserver. Thus, I could remove the permission. The original question was already reported as a bug by Rob W.
In this case, I've already posted a feature request over a year ago: https://crbug.com/431108 ("Allow extensions to use webNavigation API without webNavigation permission").
where chrome extension issues/feature requests should be sent?
Report feature requests and bugs at https://crbug.com/new (points to https://bugs.chromium.org).
If you want to get the equivalent effect of chrome.webNavigation.onCompleted without using the webNavigation API or adding extra permissions, then you can declare a content script and send a message to the background page when the window.onload event fires.
I'm trying to implement user authorization for chrome extension.
I want to open new tab, log in there and receive access token and next get back to extension tab to update options page (show user is logged).
I use chrome.identity.launchWebAuthFlow but it opens new window instead of tab as I'd like to.
I want to achieve login similar like in Pocket extension.
Do you have any suggestions?
Then you will need to forgo using the chrome.identity API. There is no such option.
Instead, you'll have to do magic with content scripts to extract the resulting token, and you might have some problems with regards to callback URL - you can no longer use the one provided by the identity API.
Do google Chrome extensions support Chrome's Web Speech speech recognition API? I have included some javascript to create a speech recognition object, but when I launch my extension, I am not prompted for microphone access.
This is not an issue with my code. I have searched on google, but I can't find any information on whether Chrome extensions support the Web Speech API. I just want a yes/no answer.
Note: I believe the WebSpeech API won't work for local files.
The Web Speech API can already be used by Chrome extensions, even in the background page and extension button popups. The fact that it works is not necessarily an intended feature, and I have previously explained how it works and why it works in this answer to How to use webrtc insde google chrome extension?. The previous explanation is about WebRTC, but it applies equally to Web Speech, and can be used as follows:
Instantiate a webkitSpeechRecognition instance and start recording.
If a permission error is detected (onerror being triggered with event.error === 'not-allowed'), open an extension page (chrome-extension://[ID]/yourpage.html). This extension page can be opened in a new window, tab or iframe.
From this page, request access to the microphone. getUserMedia and SpeechRecognition both share the (persistent) audio permission, so to detect whether audio recording is allowed, you could use getUserMedia to request the permission without activating speech recognition. For instance:
navigator.webkitGetUserMedia({
audio: true,
}, function(stream) {
stream.stop();
// Now you know that you have audio permission. Do whatever you want...
}, function() {
// Aw. No permission (or no microphone available).
});
Update: Based on RobW's answer, this answer is now out of date, and the Web Speech API is now usable inside of extensions. (Unfortunately, I can't delete this answer unless the OP un-accepts it.)
The answer is not yet. Pages accessed through chrome-extension: URLs cannot access any media-input APIs, including speechRecognition and getUserMedia. Any attempt to the use APIs will immediately trigger an error callback.
I originally thought speechRecognition could work like the geolocation API: extension popups cannot prompt for geolocation permission, but chrome-extension: pages loaded as full browser pages can prompt for permission just like a normal page. However, media APIs do not behave this way; they fail regardless of whether the page is a popup or a full page.
There is a bug report to fix this and allow developers to specify media-access permissions in the manifest. When this bug is fixed, extensions can have a manifest-set permission that grants them automatic microphone/video access, so the inability to prompt for permission will become a non-issue (and therefore extensions with appropriate manifest permissions will be able to freely use the Speech API).
I am creating a browser extension that injects some javascript onto certain websites.
The script's functionality requires to know if the user has geolocation enabled for the specified site or not. Thus far, I have only seen example javascript that asks for permission from a user on a site, and then makes its decision on what to do.
To be as unintrusive as possible to the user, I would like to find out if the user has already permitted the site to use its geolocation and if it has, use that information, otherwise execute the code that doesn't require it. Is there any function in the html5 geolocation api that allows me to do this?
First of all, Geolocation is NOT part of HTML5, it is a W3C specification.
Secondly, as far as I'm aware, there isn't a method of doing this. A quick look at the W3C Geolocation Specification doesn't reveal anything.
I'd suggest simply attempting to obtain their position via Geolocation anyway, if it works then you can assume permission has been granted, if not run the code that doesn't require the API.
I know you don't want to explicitly ask the user's permission, but it will only be the once so you might as well.
As far a I know, there is no such feature and I've never heard about it, so you may have to wait for a long time...
It looks like there is now a "Permissions API" that will allow you to look at what permissions have been granted to the site.
// Check for Geolocation API permissions
navigator.permissions.query({name:'geolocation'})
.then(function(permissionStatus) {
console.log('geolocation permission state is ', permissionStatus.state);
permissionStatus.onchange = function() {
console.log('geolocation permission state has changed to ', this.state);
};
});
https://developers.google.com/web/updates/2015/04/permissions-api-for-the-web
However, at this time it is not very widely supported outside of Chrome and Firefox: http://caniuse.com/#feat=permissions-api
I'm working on a Google Drive interface for Emacs. The concept is that Emacs could provide a platform-agnostic way to load, modify and save text documents stored in Google Drive. I've registered my app and can authenticate with OAuth2 and get a file listing with the Docs List API, but when I try to execute an Insert with the Google Drive API, I see an error:
"The authenticated user has not installed the app with client id ..."
Reading further, it seems I need to publish my Emacs application in the Chrome Web Store to get access to the Drive API. That doesn't make sense to me...I noticed that there is a FUSE project in development for Google Drive, which suggests that native development is possible. When I skimmed the code, however, I didn't see a Chrome Web Store component to getting it working.
Am I trying to misuse the API, or is there an route to make this work that makes more sense?
EDIT:
According to Ali Afshar, of the Google Drive team, installation is no longer required to use this API. So what follows may no longer be relevant, but will be left for historical purposes.
So, first off the API does not support application development in the sense that we are both doing it, I wouldn't use the word native though. The good news is I have been doing some research and Google Drive is really just a rebranding of Google Docs. So the Google Docs API could be a good choice as well for the same purposes.
Anyway, here's the steps to solve the error: "The authenticated user has not installed the app with client id ..." Which is a 403 error, for the sake of this answer. These steps assume you have set up an app in the chrome web store as is required, and installed it. I am working on my local machine too, with my project: http://github.com/tom-dignan/gdrive-cli which I have gotten past this error, so I think you should keep plugging away at your emacs version, because I think we can make this work.
a. Open the Google APIs console.
b. Confirm you've already enabled the apis under "API Access" both the API and SDK for Google drive should be enabled. There you get your client secrets/api keys and such. I am almost positive you've done this already, so go ahead to C. (this is here for others who may have missed it)
c. In the left navigation bar, under "Drive SDK" you will need to do the following:
Add a "Support URL" (required)
Add at least a small 16x16 application icon (required)
Add "OAuth Client ID (Required)" under Drive Integration (I was just tinkering and this seems to be the key field.)
Add "Open URL (Required) URL to open for your app from the google drive UI."
Check off "Multiple File Support"
Add some MIME types and file extensions, "text/plain", and txt for example
Add the the auth scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Don't bother trying to add the auth scopes for Google Docs here, because it won't work. Google does not want us to use it that way because files that drive apps create should be private to that app. Integration with Google Docs will have to be separate.
Now I know you must be thinking "why do I have to add some of these..." It's because the form makes them required fields. In mine, I put a couple URLs that point to static HTML pages.
Once you've done the above, clean up your state and reinstall your chrome app. Then try your code again, and it should stop giving you a 403.