I'm writing a Chrome extension, it listens the chrome.windows.onRemoved.addListener and disconnects the user when chrome window is closed.
I want to execute script (chrome.tabs.executeScript) in the "chrome://settings-frame" page.
In this page i am going to manually disconnect user from Chrome.
(by running this code: chrome.send('SyncSetupStopSyncing', [deleteProfile]);)
Is this permission possible?
Thanks for any hints.
No, there is no permission that would allow you to access chrome:// URL scheme. This is an explicit safety mechanism against potentially malicious changes to Chrome settings.
You can get the access if you enable extensions-on-chrome-urls flag, but obviously you can't do that on machines you don't fully control.
Additionally, there is no API to manipulate users in Chrome.
Related
I've having app which sometimes open the popup blocker, when the user run the application chrome have some flag in the url box (right side) which tell to the user that the pop-up is blocked ,in this case I give to the user in addition new warning message like "please pay attention the page was blocked please enable it..."
My question is when and in which term I need to do this check again ,assume the user allow the new App page
if user close and open the browser does he need to enable this pop-up again ?
I know that if the user will run it in diffrent chrome versions (like canary or beta) he probably need to confirm this page again but
my question in which cases the pop-up will show again to the same
user(which confirm it before)
In which case after allowing the App to run the pop-up blocker will block it again?
Btw I saw that in my company they add the exception to the popup blocker
with some automated process, how it can be? there is a code that can do that?(strange...)
I see it when I click on setting search for pop -> privacy -> content settings -> manage exception and then I see
Do you know how its possible to the company to add this privacy settings ( i've addtional for my company entries domain pattern...),
how this is possible?
Policies can be set which override user Preferences set at Settings.
See Documentation for Administrators, follow links at Windows Quick Start, Mac Quick Start, or Linux Quick Start.
Read Configuring Other Preferences, Policy Settings in Chrome
Should I use a Preference, or a Policy?
If you want to set some specific behavior that is accomplished by both
a preference and a policy, and you're not sure which one you should
use, simply answer: do you want users to be able to change this
setting?
User cannot change policies at will, but they can change their
preferences.
Note, these changes to Preferences file should be made when chrome, chromium is closed, that is does not have an ongoing process instance to avoid a SingletonLock file not being created in Default directory a when chrome, chromium is launched again.
To set the preference at Preferences file in browser configuration file, for example $ gedit ~/.config/chromium/Default/Preferences
"popups":{"[*.]domain1.com,*":{"setting":2},"[*.]domain2.com,*":{"setting":1}}
where 2 blocks popups, 1 allows popups, see also DefaultPopupsSetting.
The icon at the right of the Behavior at Pop-up exceptions at Settings indicates
This setting is enforced by your administrator.
Policies can applied to devices Set Chrome policies for devices or users Set Chrome policies for users by the administrator.
The formats for policies at different platforms are
Example value:
Windows:
Software\Policies\Google\Chrome\PopupsAllowedForUrls\1 = "https://www.example.com"
Software\Policies\Google\Chrome\PopupsAllowedForUrls\2 = "[*.]example.edu"
Android/Linux:
["https://www.example.com", "[*.]example.edu"]
Mac:
<array>
<string>https://www.example.com</string>
<string>[*.]example.edu</string>
</array>
For example, to create a mandatory policy for the device for popups at *nix platforms you can create a .json file at /etc/chromium-browser/policies/managed/
$ sudo touch /etc/chromium-browser/policies/managed/popup_policy.json
$ gksudo gedit /etc/chromium-browser/policies/managed/popup_policy.json
then set the popup policies for PopupsBlockedForUrls, PopupsAllowedForUrls
{
"PopupsBlockedForUrls": ["[*.]example.com", "[*.]example1.com]"],
"PopupsAllowedForUrls": ["[*.]example2.com", "[*.]example3.com]"]
}
When chrome, chromium is launched you can verify the policy is being enforced by navigating to
chrome://policy
where the policies should be listed; for example
Applies to Level Source Policy name Policy value Status
Machine Mandatory Platform PopupsBlockedForUrls [*.]example.com, [*.]example1.com] OK
A sample policy list template is available at policy_templates.json, see also Policy Templates.
I've been prototyping a few pages that use webkitspeechrecognition. I learned quickly that you cannot load these from a file, you have to serve them from a webserver. I'm using osx so I just moved my files to the local apache that was already running and enabled. This worked fine for quite a while.
For some reason, none of my pages that were working fine will prompt me to deny/allow the microphone usage. I even copied an existing working page from another webserver and if I load it from http://localhost/speech.html it will not prompt. It skips the prompt and goes to my recognition.onerror handler and logs "not-allowed"
However, if I load the same page (or any of my other prototypes) from http://127.0.0.1/speech.html it works fine. This made me think I had accidentally cached a response like "always deny" or something. I think I cleared/reset all my chrome settings but I'm still getting the same behavior. 127.0.0.1 will properly prompt, but localhost will not prompt at all.
Where might chrome be storing some additional settings that I need to clear?
Your microphone settings might be stored at chrome://settings/contentExceptions#media-stream-mic. You can view the websites that have permissions saved there.
getUserMedia permissions requesting in chrome currently works something like:
If you have a request by http, getUserMedia will only remember the permissions for that session. If you go back to the same page. it asks again.
If you do the same request by https, once you set the permissions, you always have permissions.
My memory is that an exception is granted for http://localhost/... for debugging purposes. In this case, you don't need to repeatedly grant
permissions.
If you use http and 127.0.0.1/, I think no exception is made.
http://www.html5rocks.com/en/tutorials/getusermedia/intro/
I'm creating web application on ASP.NET WebForms, and one of my tasks is copy/paste data to excel from web page. I/m using window.clipboardData, and it works for my user (local admin). But for other users it doesn't work. How can I fix it? Thank you.
This is a browser level permission, that need to be set depending of the browser.
In the documentation of your application you need to specify where and how to enable it on the browser.
I recommend you to explore each browser options, for your documentation.
For Internet Explorer you can go to Internet Options>Security>Add the Website/link to the trusted sites (Make sure https checkbox is checked, if your website is not using https). After adding it, go to Custom Level in the same window. It will pop another window, you can explore all the options for any other think you may need. The option to allow access to clipboard show be "Allow Programmatic clipboard access" and set it to enabled.
It may be a ActiveX Control that can make it automatically, but will work only for Internet Explorer.
I'm trying to write an app using Sencha Touch that ultimately targets iOS and Android. It's supposed to log into the corporate web server and then retrieve and parse some JSON data. It should be very simple. However I'm very new to both Sencha and Javascript, so I'm having a hard time doing this sort of client-side authentication. I can't even seem to make it authenticate from a web browser on my dev machine.
I used this link to help create my login page:
http://miamicoder.com/2012/adding-a-login-screen-to-a-sencha-touch-application/
But when I attempt to log in I seem to get the following error message and a null object:
XMLHttpRequest cannot load https://www.server.com/index.html?=_dc1234567890123
Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
Does anyone have any advice or good resources on getting this app to log in? Any help would be greatly appreciated!
Steve, the "is not allowed" error is returned because your login request violates the browser's same-origin policy (essentially it states that all XhrHttpRequests must go to the same domain the page was initially loaded from).
Some browsers offer ways of disabling this error temporarily (which might be fine for short-term development purposes), but for the long-term you'll either need to host your application in the same domain as your backend server, or look into using CORS or JSONP for your requests.
Your AJAX request violates the Same-Origin-Policy. That's why you are getting the error message. If you are using chrome for debugging u can disable the cross-domain Javascript security by doing the following :
For Windows:
1) Create a shortcut to Chrome on your desktop. Right-click on the shortcut and choose Properties, then switch to “Shortcut” tab.
2) In the “Target” field, append the following: –args –disable-web-security
For Mac, Open a terminal window and run this from command-line:
open ~/Applications/Google\ Chrome.app/ –args –disable-web-security
For Ubuntu, Open a terminal window and run this form command line:
open /usr/bin/ and execute ./google-chrome --disable-web-security
There is extension for chrome that does the work:
Allow-Control-Allow-Origin.
If you want to active it when the browser started, you have to press on the icon.
I wrote a scripting logic in using ActiveX. When the application runs it is blocked by popup blocker. When I enabled it works fine, but I want to enable the popupblocker using JavaScript (especially in IE).
Obviously a website cannot modify the popup blocker settings. And that's a good thing.
You should avoid using ActiveX Controls because it is only supported by IE. Trying running your page on Firefox and it won't work.
Now the actual problem -
Firstly you need to understand what ActiveX Objects are used for? They basically allow a web application to interact with the client machine. For example it can use resources on my local hard drive. This is a security risk. So IE gives a warning for the same. You may disable it in your browser by going to Tools-> Internet Options -> Security Tab. Click "Custom Level" and change all the boxes with ActiveX text in it to "Enable".
But it will still show up in your client browsers.
So the point is try finding an alternative for it.
Hope this helps!
You cant. What you could do is have a message on screen which requests the user to turn off the popup blocker .