I am building a Chrome Extension for my personal use (i.e. it will not be packaged and distributed) to dump data from a website into Google Sheets. I'd like to click on the Extension and have it process the data to my sheet. I believe this means I need to do the Oauth flow in background.js.
I did the initial authorization flow by customizing this Google Sheets demo, can't figure out how to make it work in my Extension.
I've tried a number of approaches, including using the chrome.identity API, and gapi.client.init(), and following the Chrome App sample. No dice.
Some of my questions...thanks in advance:
To what extent do Chrome Extensions mirror Chrome Apps? I understand that Chrome Apps are being deprecated, so wondering if the docs are inconsistent.
Is it possible to do this without packaging and uploading my app? The Oauth credentials page in Console asks for a Web Store URL
Is it acceptable to store a copy of Google's api.js in my extension, or must I load it from https://apis.google.com/js/client.js? If so,
For the Chrome App Sample, Where do I get the key included in manifest.json? I've seen instructions like "Copy key in the installed manifest.json to your source manifest" but I don't understand.
Is anyone aware of a complete, self-contained Chrome Extension sample?
To what extent do Chrome Extensions mirror Chrome Apps? I understand that Chrome Apps are being deprecated, so wondering if the docs are inconsistent.
Extensions and Apps are similar in many ways, however for your situation the main hurdle to overcome is the two handle Google Authentication differently. Extensions have permission limitations, where javascript can't run in certain places. Therefore, Chrome Extensions use chrome.identity in background.js to establish a secure connection and token. The general process to implement it is as follows:
Make a Chrome Extension, zip it, upload to your Google Dev account & get extensionID#
In Google API Console, register an OAuth ClientID# using the extensionID#
Update your Chrome Extension manifest to include an 'oauth2' section with the OAuth ClientID# as well as the scopes you allow, and include 'identity' under "permissions:"
Enable the API of your choosing in the Google API Console and generate a key. Include this key in your background.js file so you can use the API.
Is it possible to do this without packaging and uploading my app? The Oauth credentials page in Console asks for a Web Store URL
No, mainly because you need both the chrome extension and the API to be aware of each other and be 'linked' in a sense so they can be secure and work properly. You can still have a private app however, as you only need to package (.zip it) and upload it into your Developer Dashboard, and you can leave it out of the public Chrome Store by simply not publishing. It can forever linger in 'Draft' stage for your personal use.
Is it acceptable to store a copy of Google's api.js in my extension, or must I load it from https://apis.google.com/js/client.js? If so,
For the Chrome App Sample, Where do I get the key included in manifest.json? I've seen instructions like "Copy key in the installed manifest.json to your source manifest" but I don't understand.
You don't need to store a copy within your extension, you can add the following to your manifest.json:
"content_security_policy": "script-src 'self' https://apis.google.com/; object-src 'self'"
and then this at the bottom of your popup.html:
<script src="https://apis.google.com/js/client.js?onload=onGAPILoad"></script>
It's a rather confusing process without a guide; here is the one that finally made sense of it all for me. This official example from Google is a good one as well.
Is anyone aware of a complete, self-contained Chrome Extension sample?
'self-contained' is a bit tricky here, as the manifest needs to reference keys specific to the OAuth ClientID and API that YOU are utilizing, however this (download link) along with the two links above should be enough to get you to a working extension.
Related
VM2335:34152 POST https://cr-input.mxpnl.net/data?_channel_id=&_partner_id=39571&_sub_id=0000&_app_version=1.0.23&_app=cs-dca net::ERR_INTERNET_DISCONNECTED
From what I can find, it appears to be a behaviour and analytic tracking script most likely related to mixpanel.com. I've recently run into the same thing, and followed it back to the content.js file inside the Tampermonkey chrome extension. I'm sure there are other chrome extensions that do the same thing, but uninstalling this chrome extension made the https://cr-input.mxpnl.net request stop.
I've also heard others have solved this problem by uninstalling Hide my adBlocker, but I can't confirm this myself.
This could mean you have a malicious Chrome extension installed. I googled "cr-input mxpnl" and came across this Google Forums post. If your internet is disconnected, the extension is probably failing to connect to the website where it wants to send your data.
To be clear, this is a guess. It may be a totally legit extension. However it would definitely be worth checking what extensions are installed, removing any that you don't recognise and doing a virus scan.
Since you are using some Adblocker extension that's the reason for getting
ERR_INTERNET_DISCONNECTED from the console. In the preferences of your Adblocker, you have blocked the access to Site Analytics Tracker
Turning off or Disabling the Web Statistic Tracker options from the preferences of the installed extension came from the Tampermonkey chrome extension. That alone stops accessing analytic tracking script most likely related to mixpanel.com.
There are other options from the preferences from the extension that might not be needed
Cheap Flights Advisor
PromoBar
Aliradar
So try to disable these options and always try to block all unencrypted requests by using HTTPS Everywhere extensions so that your information might not be stolen to any third party agents.
Hello I would like to use networkingPrivate api, which one is from chrome private API, I have added permission for networkingPrivate but it seems that is not enough. Also I found this
These are only usable by extensions bundled with Chrome, they are not publicly accessible.
here: https://developer.chrome.com/extensions/private_apis, but I'm not sure what that exactly mean, and how to do that.
My original intention is to get info about wifi (ssid,...)?
Thanks
It would be a security risk to allow user extensions to access this information direct from the OS. I think the private API is for Chrome OS, so that you can access and modify OS features direct from the browser, since Chrome OS is basically just a browser.
You could try looking at Native Messaging, which I believe will allow you to connect your extension to a native application installed on the host's machine. The application written by you would have some link between the extension, and then you can pass messages between the two. For example, your extension could request network information, and the native app will get that and send this information back to the extension.
I haven't looked into this so I may be wrong, but worth investigating. I'd be very interested to see the result.
Private APIs are made for internally usage.
For example, DeveloperPrivate API is used on chrome://extensions page.
They have stronger power than other APIs. but they also have security issues if they are open. if you really need to use them, just ask to make new API.
I need to combine functionality available only in a Chrome packaged app (access to syncFileSystem) and functionality available only in a Chrome extension (injecting a script into a 3rd party website).
It seems that neither a packaged app nor an extension can achieve both these things, so I'm now considering trying to achieve what I'm after with a separate packaged app and extension communicating.
I see that Chrome's documentation explains how two extensions can communicate via chrome.runtime.onMessageExternal.addListener and chrome.runtime.sendMessage, but nothing about packaged apps and extensions communicating.
Does anyone know if this is allowed? Is there any documentation, or a working example out there?
Yes, that is possible. The code sample in the documentation you linked works for any combination of app and extension.
The extension documentation for chrome.runtime.sendMessage says:
Sends a single message to onMessage event listeners within the extension (or another extension/app).
Messaging works the same in both extensions and apps, and they seem to be fully compatible; simply use the ID for the destination extension or app. If you look at the docs for the app version of chrome.runtime.sendMessage, you'll see that it is identical to the extension version.
I have my first brand new google chrome extension, which I'd like to upload to the chrome web store. The thing is that my extension is using native messaging via stdio to a c++ exe. The extension also required a registry key to be installed.
Is it possible to upload the required files to the chrome web store (including exe and dll dependency)? Is there a way to automate the installation of the registry key (required to send messages from chrome extension js to exe), and register dll?
The idea behind chrome-extensions (and native messaging) is to limit the giant security hole that is NPAPI: to create a divide between the browser and the desktop that runs it. For this reason, you'll need to perform two separate installations: one for the extension and another for the native code.
To the best of my knowledge, you can't bundle the binary with the extension. But you might be able to (partially) do it the other way around: have the native code also install the extension:
There is a way to partially automate the process of installing the extension: you can pre-load the extension via the registry. This only applies to extensions on the chrome web-store (CWS). I believe this requires to reboot chrome. And of course the user is notified that an extension was installed. see here - https://developer.chrome.com/extensions/external_extensions
There's also something called "inline installation" - not quite "automatic", but this should make it easier for your users to install the extension from "within" your site (as opposed to the CWS). The extension still needs to be hosted on the CWS, but the user needs not navigate there.
see here - https://developer.chrome.com/webstore/inline_installation (and especially the line section - about verified site - which requires that you register your site with Google - and thus may render this technique useless to you)
I am working on an environment that relies on unedited scripts. All the basics are covered (secured location, https ...), but I'd like to add an additional check by verifying the scripts (calculating a checksum) in the users browser via a Firefox extension.
How would an extension be able to access the source of a loaded script? As I am fairly new to developing Firefox extensions, any hints are greatly appreciated.