We are working on an Open Source Chrome extension: Digital Assistant Client
We are trying to read and modify the "content security policy" header with chrome extension in manifest 3. We are using the declarativeNetRequest api for modification with append operation to allow our domains for fetching and posting data. In manifest v2 it is easy to read the header values by using
chrome.webRequest.onHeadersReceived.addListener( onHeadersReceived, onHeaderFilter, ['blocking', 'responseHeaders'] );
How can we acheive this in manifest 3 for reading the headers?
I have tried by defining the rules.json as given below
[ { "id": 1, "action": { "type": "modifyHeaders", "responseHeaders": [ { "header": "content-security-policy", "operation": "append", "value": "connect-src udan.nistapp.ai udantest.nistapp.ai" } ] }, "condition": { "resourceTypes": [ "csp_report", "font", "image", "main_frame", "media", "object", "other", "ping", "script", "stylesheet", "sub_frame", "webbundle", "websocket", "webtransport", "xmlhttprequest" ] } } ]
and in manifest as given below
.... permissions": [ .... "declarativeNetRequest", "declarativeNetRequestWithHostAccess", "declarativeNetRequestFeedback", ], "declarative_net_request": { "rule_resources": [{ "id": "csp_rules", "enabled": true, "path": "rules.json" }] }, ....
Problem:
When i try to append the value to the original, connect-src is getting overridden. So i want to read the header values such that i can modify the existing values. Is there a way for acheiving this?
The code you have looks good for modifying the CSP header. With that in mind, there are two common gotchas which you might be running in to:
Certain DNR rules that access or modify request/response data require host permissions. Make sure you have the host_permissions key set in the manifest with the hosts you wish to act on.
Modifications to headers made with DNR are not shown in Dev Tools (https://bugs.chromium.org/p/chromium/issues/detail?id=1247400). Doing a fetch request from the console and logging headers can help, or using the (development only) onRuleMatchedDebug API to see if your rule has been run.
Related
I am currently grabbing the entire swagger.json contents:
swagger_link = "https://<SWAGGER_URL>/swagger/v1/swagger.json"
swagger_link_contents = requests.get(swagger_link)
#write the returned swagger to a file
swagger_return = swagger_link_contents.json()
with open ("swagger_raw.json", "w") as f:
f.write(json.dumps(swagger_return, indent=4))
The file is filled with beautiful JSON now. But there are a ton of objects in there, quite a few I don't need. Say I wanted to grab the command "UpdateCookieCommand" from my document:
"parameters": [
{
"name": "command",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/UpdateCookieCommand"
},
"x-nullable": false
}
],
but it also has additional mentions later in the document...
UpdateCookieCommand": {
"allOf": [
{
"$ref": "#/definitions/BaseCommand"
},
{
"type": "object",
"required": [
"command",
"id"
],
The latter object is really what I want to take from the document. It tells me what's required for a nominal API command to Update a Cookie. The hope is I could have a script that will look at every release and be able to absorb changes of the swagger and build new commands.
What methodology would you all recommend to accomplish this? I considered making subprocess Linux commands to just awk, sed, grep it to what I want but maybe there's a more elegant way? Also I won't know the amount of lines or location of anything as a new Swagger will be produced each release and my script will need to automatically run with a CI/CD pipeline.
Whenever a new release pipeline is ran in Azure DevOps, the URL Is changed.. currently my ARM template has a hard-coded URL which can be annoying to keep on adding in manually.
"cors": {
"allowedOrigins": [
"[concat('https://',parameters('storage_account_name'),'.z10.web.core.windows.net')]"
}
The only thing that changes is the 10 part in the z10 so essentially i want it to be something like
[concat('https://',parameters('storage_account_name'),'.z', '*', '.web.core.windows.net')] I dont know if something like that is valid but essentially its so that the cors policy will accept the URL regardless of the z number.
Basically speaking this is not possible, because of the CORS standard (see docs).
which allows only for exact origins, wildcard, or null.
For instance, ARM for Azure Storage is also following this pattern allowing you to put a list of exact origins or a wildcard (see ARM docs)
However, if you know your website name, in your ARM you can receive the full host and use it in your CORS:
"[reference(resourceId('Microsoft.Web/sites', parameters('SiteName')), '2018-02-01').defaultHostName]"
The same with a static website (which is your case I guess) if you know the storage account name:
"[reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2019-06-01', 'Full').properties.primaryEndpoints.web]"
Advance reference output manipulation
Answering on comment - if you would like to replace some characters in the output from the reference function the easiest way is to use build-in replace function (see docs)
In case you need a more advanced scenario I am pasting my solution by introducing a custom function which is removing https:// and / from the end so https://contonso.com/ is transformed to contonso.com:
"functions": [
{
"namespace": "lmc",
"members": {
"replaceUri": {
"parameters": [
{
"name": "uriString",
"type": "string"
}
],
"output": {
"type": "string",
"value": "[replace(replace(parameters('uriString'), 'https://',''), '/','')]"
}
}
}
}
],
# ...(some code)...
"resources": [
# ... (some resource)...:
"properties": {
"hostName": "[lmc.replaceUri(reference(variables('storageNameCdn')).primaryEndpoints.blob)]"
}
]
I am trying to create a rule engine in a cdn endpoint. like this:
But using a Json file (The result in the image has been achieved manually but now i want to automate this).
So far I got this:
"deliveryPolicy": {
"description": "Rewrite and Redirect",
"rules": [
{
"name" : "UrlFileExtension",
"order": 2,
"conditions": [
{
"name": "UrlFileExtension",
"parameters": {
"#odata.type": "#Microsoft.Azure.Cdn.Models.UrlFileExtensionMatchConditionParameters",
"Extension": 0,
"operator": "LessThanOrEqual",
"matchValues": [0]
}
}
],
"actions": [
{
"name": "UrlRewrite",
"parameters": {
"#odata.type": "#Microsoft.Azure.Cdn.Models.DeliveryRuleUrlRewriteActionParameters",
"sourcePattern": "/",
"destination": "/index.html",
"preserveUnmatchedPath": false
}
}
]
},
The action works just fine, but the urlfileextentionI cant get it to work, it does not recognize the odata.type either.
Please any hint ot suggestion how to fix the condition?
You might want to try with this odata.type for the condition
"#odata.type": "#Microsoft.Azure.Cdn.Models.DeliveryRuleUrlFileExtensionMatchConditionParameters",
instead of
"#odata.type": "#Microsoft.Azure.Cdn.Models.UrlFileExtensionMatchConditionParameters",
https://learn.microsoft.com/en-us/python/api/azure-mgmt-cdn/azure.mgmt.cdn.models.urlfileextensionmatchconditionparameters?view=azure-python
(I'm aware the documentation says Python, I could not find better, but it could be your solution)
I'm having problem with loading $schema in SPFx within my new web part for SP. Web part is working on benchmark.aspx but my whole manifest is not being processed so I can't set preconfiguredEntries and it's big problem for me.
error is:
Problems loading reference 'https://developer.microsoft.com/json-schemas/spfx/client-side-manifest-base.schema.json': Request vscode/content failed unexpectedly without providing any details.(768)
Any idea on this issue please?
{
"$schema": "https://developer.microsoft.com/json-schemas/spfx/client-side-web-part-manifest.schema.json",
"id": "56dab116-67ba-453f-883d-b7a11690e965",
"alias": "ReadListWebPart",
"supportedHosts": ["SharePointWebPart"],
"componentType": "Webpart",
"version": "1.0",
"manifestVersion": "2",
"requiresCustomScript": false,
"preconfiguredEntries": [{
"groupId": "5c03119e-3074-46fd-976b-c60198311f70",
"group": { "default": "Other" },
"title": { "default": "read-list" },
"description": { "default": "popis web party" },
"officeFabricIconFontName": "Page",
"properties": {
"vedouci_velke_foto": true,
"asistenti_pod_vedoucim": false,
"nazev_web_party": "To jsme my"
}
}]
}
I checked the manifest.json, will be the same as yours, have the following waring:
Then tested to access "https://developer.microsoft.com/json-schemas/spfx/client-side-web-part-manifest.schema.json" in my local, no problem, still can be accessed.
After this, I tested to output the preconfigured properties in React SPFX Web Part like this:
Props.ts
WebPart.ts
.tsx
Still able to output properties:
In conclusion, you can just igore this issue, it's still able to read preconfiguredEntries.
In an application in my trial Azure AD tenant, I want to modify my API permissions via the Graph API. I am able to GET the application's requiredResourceAccess in the Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer#) via https://graph.microsoft.com/beta/applications/{app object ID}/requiredResourceAccess, but I am not able to modify or delete these values, or even GET specific resources. Here's my GET result:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#applications('{app object id}')/requiredResourceAccess(resourceAccess)",
"value": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "{id}",
"type": "Scope"
},
{
"id": "{id}",
"type": "Scope"
}
]
}
]
}
When trying to specify the resourceAppId above, I get an error about how segment 'requiredResourceAccess' refers to a segment, so this must be the last part of the request URI besides filters.
And when I try to delete, I get the error 'Specified HTTP method is not allowed for the request target.'
I can modify the API permissions via the Microsoft Azure Portal of course, but can you please let me know if there is a way to add or remove API permissions via the Microsoft Graph API?
You could use this API Update application, refer to my request sample as below.
Sample:
Request URL:
PATCH https://graph.microsoft.com/beta/applications/{App Object ID}
Request body:
{
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "863451e7-0667-486c-a5d6-d135439485f0",
"type": "Scope"
}
]
}
]
}
If you want to delete the API permissions, just specify the requiredResourceAccess as below.
{
"requiredResourceAccess": []
}
Note: This API is a Beta version, I don't recommend you to use it in the production environment. Also, when we update the API permissions via this API, it just adds the permissions to this application, it will not consent the permissions for the application.