I'm trying to block a website with a chrome extension that uses the new declarative net request API for Manifest V3, but it isn't working. I have added the permission in the manifest and made sure to add the priority, id, action and conditions, but it still doesn't do anything at all. I am trying to modify the response headers. Here is the applicable part of my manifest.
Manifest.json
"background": {
"service_worker": "background.js"
},
"content_scripts": [
{
"matches": ["https://mail.google.com/*"],
"css": ["base.css"],
"js": [
"jquery-1.10.2.js",
"inboxsdk.js",
"loader.js"
]
},
{
"matches": [
"https://mail.google.com/*",
"https://localhost:1234/*",
"http://localhost:1234/*",
"http://localhost:5000/*"
],
"js": [
"version.js"
]
}
],
"host_permissions": [
"*://*.google.com/*",
"*://*.googleusercontent.com/*",
"https://localhost:1234/*",
"http://localhost:1234/*",
"http://localhost:5000/*"
],
"web_accessible_resources": [{
"resources": [
"icon128.png",
"logo-pink.svg",
"logo-white.png",
"logo.png"
],
"matches": [
"https://mail.google.com/*",
"https://localhost:1234/*",
"http://localhost:1234/*",
"http://localhost:5000/*"
]
}],
"declarative_net_request": {
"rule_resources": [{
"id": "ruleset_1",
"enabled": true,
"path": "rules.json"
}]
},
"permissions": [
"scripting",
"declarativeNetRequest",
"declarativeNetRequestWithHostAccess",
"declarativeNetRequestFeedback"
],
"manifest_version": 3
}
rules.json
[
{
"id": 1,
"priority": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [
{
"header": "script-src",
"operation": "set",
"value": "script-src https://localhost:7000"
}
]
},
"condition": {
"regexFilter": "/content-security-policy/i",
"resourceTypes": [
"main_frame",
"sub_frame",
"script",
"object",
"xmlhttprequest",
"csp_report"
]
}
}
]
Is there any Idea how to test whether the headers are being modified or not
There are several problems.
regexFilter doesn't support JS RegExp literal syntax.
Solution: Remove / and the i flag.
regexFilter is for the URL of the request, not for a header name. Currently there's no way to match requests by checking a header.
Solution: Remove regexFilter or use a valid expression for the URL or use other types of conditions like urlFilter or requestDomains, see the documentation.
"header": "script-src" should be "header": "content-security-policy"
Example:
[{
"id": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [{
"header": "content-security-policy",
"operation": "set",
"value": "script-src https://localhost:7000"
}]
},
"condition": {
"requestDomains": ["example.com"],
"resourceTypes": ["main_frame", "sub_frame"]
}
}]
P.S. To change script-src it's sufficient to process main_frame and sub_frame types.
Related
I'm trying to iterate over these values to retrieve the tags to see if any of the tag values matches AWSNetworkFirewallManaged.
I'm having problems figuring out a solution to achieve this.
response = {
"VpcEndpoints": [
{
"VpcEndpointId": "vpce-123",
"VpcEndpointType": "GatewayLoadBalancer",
"VpcId": "vpc-test",
"ServiceName": "com.amazonaws.com",
"State": "available",
"SubnetIds": [
"subnet-random"
],
"IpAddressType": "ipv4",
"RequesterManaged": True,
"NetworkInterfaceIds": [
"eni-123"
],
"CreationTimestamp": "2022-10-28T01:23:23.924Z",
"Tags": [
{
"Key": "AWSNetworkFirewallManaged",
"Value": "true"
},
{
"Key": "Firewall",
"Value": "arn:aws:network-firewall:us-west-2"
}
],
"OwnerId": "123"
},
{
"VpcEndpointId": "vpce-123",
"VpcEndpointType": "GatewayLoadBalancer",
"VpcId": "vpc-<value>",
"ServiceName": "com.amazonaws.vpce.us-west-2",
"State": "available",
"SubnetIds": [
"subnet-<number>"
],
"IpAddressType": "ipv4",
"RequesterManaged": True,
"NetworkInterfaceIds": [
"eni-<value>"
],
"CreationTimestamp": "2022-10-28T01:23:42.113Z",
"Tags": [
{
"Key": "AWSNetworkFirewallManaged",
"Value": "True"
},
{
"Key": "Firewall",
"Value": "arn:aws:network-firewall:%l"
}
],
"OwnerId": "random"
}
]
}
So far I have
for endpoint in DESCRIBE_VPC_ENDPOINTS['VpcEndpoints']:
print(endpoint['VpcEndpointId']['Tags']
However this needs to be indice, but if it is I do not know if it will still iterate over the rest of the VPC endpoint ids.
Any suggestions or guidance on this?
You can use double for loop:
for endpoint in response['VpcEndpoints']:
for tags in endpoint['Tags']:
if 'AWSNetworkFirewallManaged' in tags.values():
print(endpoint['VpcEndpointId'], tags)
Given this Manifest v3 (after making it work on v2, I've adjusted some specs to match v3), I've some issue when adding the extension into Chrome (load unpacked).
The exact error is:
Invalid value for 'web_accessible_resources[0]'. Invalid match pattern.
Could not load manifest.
Here is the manigest
{
"author": "Hugo Gresse",
"description": "",
"name": "app",
"version": "1.0.0",
"content_scripts": [
{
"js": [
"src/entries/contentScript/primary/main.js"
],
"matches": [
"https://play.google.com/*"
]
}
],
"icons": {
"16": "icons/16.png",
},
"permissions": [],
"action": {
"default_icon": {
"16": "icons/16.png",
},
"default_popup": "src/entries/popup/index.html"
},
"host_permissions": [
"*://*/*"
],
"manifest_version": 3,
"web_accessible_resources": [
{
"resources": [
"assets/src/entries/contentScript/primary/main.5ebc631d.js",
],
"matches": [
"https://play.google.com/console/*"
],
"use_dynamic_url": true
}
]
}
According to the v3 specs specifics to the web_accessible_resources here, the pattern used in matches must only be tld based:
A list of URL match patterns specifying which pages can access the resources. Only the origin is used to match URLs. Origins include subdomain matching. Paths are ignored.
It says the "paths", here in my case: console/ is ignored, but it is not as it fail to load the extension.
✅: https://play.google.com/*
❌: https://play.google.com/console/*
The correct web_accessible_resources node is a follow:
"web_accessible_resources": [
{
"resources": [
"assets/src/entries/contentScript/primary/main.5ebc631d.js",
],
"matches": [
"https://play.google.com/*"
],
"use_dynamic_url": true
}
]
I am trying to remove requestHeader 'origin' using declarativeNetRequest. It's not working as the origin is still being sent with SharePoint rest api call. How do we ensure the rule is being triggered or not? How can we troubleshoot the issue?
Here is my manifest.json and rules.json
{
"short_name": "SPO Helper",
"name": "SPO Helper",
"icons": {
"16": "favicon.ico",
"48": "logo192.png",
"128": "logo512.png"
},
"manifest_version": 3,
"version": "0.0.1",
"background": {
"service_worker": "./static/js/background.js"
},
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": [
"content.js"
],
"all_frames": false,
"run_at": "document_end"
}
],
"action": {
"default_title": "SPO Helper"
},
"declarative_net_request": {
"rule_resources": [
{
"id": "ruleset_1",
"enabled": true,
"path": "./rules.json"
}
]
},
"permissions": [
"tabs",
"activeTab",
"cookies",
"scripting",
"declarativeNetRequest",
"declarativeNetRequestFeedback"
],
"host_permissions": [
"https://*.sharepoint.com/"
],
"content_security_policy": {
"extension_pages": "script-src 'self'; object-src 'self'"
}
}
rules.json
[
{
"id": 1,
"priority": 1,
"action": {
"type": "modifyHeaders",
"requestHeaders": [
{
"header": "origin",
"operation": "remove"
}
]
},
"condition" : {
"domains": ["cbgbfoeehbjllcimibeojmpgeoncgjcl"],
"resourceTypes" : ["main_frame", "sub_frame"]
}
}
]
using onRuleMatchedDebug you can check if your rule is being triggered.
you must add the declarativeNetRequestFeedback permission in your manifest.json and add this in your service worker:
chrome.declarativeNetRequest.onRuleMatchedDebug.addListener(function (o) {
console.log('rule matched:', o);
});
I have a chrome extension to block YouTube as a whole, but it's only blocking some requests. For example, all embedded videos are blocked, but when I go to https://www.youtube.com or https://www.youtube.com/watch?v=dQw4w9WgXcQ it'll block only some elements.
https://www.youtube.com as far as I can tell loads everything except for elements loaded due to user navigation--for example, the collapsed hamburger menu doesn't load when clicked.
manifest.json:
{
"manifest_version": 2,
"name": "Test",
"version": "0.0.1",
"permissions": [
"*://*.youtube.com/*",
"declarativeNetRequest"
],
"declarative_net_request": {
"rule_resources": [
{
"id": "1",
"enabled": true,
"path": "rules.json"
}
]
}
}
rules.json:
[
{
"id": 3,
"priority": 1,
"action": {
"type": "block"
},
"condition": {
"urlFilter": "youtube.com"
}
}
]
I'm trying to redirect a URL using the Chrome declarativeWebRequest API but it does not work.
The match pattern in the "permissions" key worked with Manifest V2 but it's now throwing a Permission '*://www.youtube.com/*' is unknown or URL pattern is malformed error in V3.
manifest.json:
{
"manifest_version": 3,
"name": "Redirect Test",
"version": "0.0.1",
"permissions": [
"declarativeNetRequest",
"*://www.youtube.com/*"
],
"host_permissions": [
"*://www.youtube.com/*"
],
"declarative_net_request": {
"rule_resources": [
{
"id": "1",
"enabled": true,
"path": "rules.json"
}
]
}
}
rules.json:
[
{
"id": 1,
"priority": 1,
"action": {
"type": "redirect",
"redirect": {"url": "https://www.google.com"}
},
"condition": {
"urlFilter": "*://www.youtube.com/*",
"resourceTypes": [
"main_frame"
]
}
}
]
I'm using Chrome 88.0.4324.104
The manifest documentation for declarative net requests at the time of posting isn't exactly accurate.
This is the
Permissions key in manifest.json from the documentation:
"permissions": [
"declarativeNetRequest",
"declarativeNetRequestFeedback",
"*://example.com/*"
],
However, the site should be specified in just host_permissions instead:
"host_permissions": [
"*://example.com/*"
],
It should be noted that this explicit declaration is only necessary if action.redirect is specified like in this example:
{
"id": 1,
"priority": 3,
"action": {
"type": "redirect",
"redirect": {
"regexSubstitution": "www.youtube.com/embed/"
}
},
"condition": {
"regexFilter": "(www\\.youtube\\.com\/watch\\?v=)",
"resourceTypes": [
"main_frame"
]
}
}