How to obtain GET request URL using chrome.webRequest API? - google-chrome-extension

I create a chrome extension which offer accessibility to download any media in opened page of Facebook, including photo, video, and story. But I'm stuck when about to access/catch facebook's video story request URL that's shown up in Network tab in console, using chrome.webRequest API.
By excluding bytestart and byteend params from URL above, we got the full video file (with an expiration token). The <video> tag itself has src attribute like blob:https://www.facebook.com/<some_alpha_numerics_and_hyphens>.
This is what I've tried in my extension project:
permission:
"permissions": [
"webRequest",
"*://*/*"
],
I've tried to listen all the events available but no luck.
chrome.webRequest.onBeforeRequest.addListener(
function(details) {
console.log('onBeforeRequest', details.url);
},
{
urls: ["<all_urls>"]
}
);
// onBeforeSendHeaders
// onSendHeaders
// onHeadersReceived
// onAuthRequired
// onResponseStarted
// onBeforeRedirect
// onCompleted
// onErrorOccurred
I haven't tried chrome.declarativeWebRequest https://developer.chrome.com/extensions/declarativeWebRequest because it's for Beta and Dev channels only.
Is it really possible or did I have mistake in using it? Thank you in advance.

I would recommend adding the "webRequestBlocking" permission to your manifest.json file.
According to the documentation the callback uses a blocking event handler that requires the "webRequest" as well as the "webRequestBlocking" permission in order to work.
Reference: https://developer.chrome.com/extensions/webRequest#examples

Related

Intercepting requests and returning a local file using chrome extensions

I want to intercept a request and return a local file as the response using a chrome extension. The user is going to provide the local file path.
Requirements
I want to do this only through the extension (ideally). No additional installations, no chrome apps, other 3rd party apps should be needed. I'm happy to provide whatever permissions are needed in the manifest, but this will ship, so it can't be in dev-mode / i.e. can't have dev-only APIs.
The files that the user can select aren't going to be from the extension package, I think the chrome.runtime.getURL allows reading from the relative URLs within the package, but it didn't work for exact paths for other files.
I'm aware that by setting up a server in either on localhost, or elsewhere and by redirecting to that URL; this could be achieved, but I'm not interested in that; I'm looking for an out of the box solution which will help me pass local files as responses.
Also - I'd be happy if there's a workaround - one that I thought was reading the contents of the file that user selected and streaming those contents from memory / or putting them into a temporary location that the file:// can work with, but couldn't find any way around this yet.
Current state
I'm using the snippet below to handle interception:
// API that I'm using
chrome.webRequest.onBeforeRequest.addListener(function(request){...})
Manifest looks like this:
{
...
"background": {
"scripts": ["background.js"],
"persistent": true
},
"permissions": [
"activeTab",
"tabs",
"http://*/*",
"https://*/*",
"file://*/*",
"webRequest",
"webRequestBlocking"
]
}
I've been able to intercept requests and redirect to other http(s) URLs - this works fine. I'm also receiving the user input for the file path just fine, using <input type="file"/> for this.
Redirecting the request path to be a file doesn't work though; for obvious security reasons. This is the bit that I'm stuck. Being a bit more descriptive below:
chrome.webRequest.onBeforeRequest.addListener(function(request){
// works fine
if (request.url === 'https://someurl') {
return {redirectUrl : 'https://someotherurl'};
}
// doesn't work - and I'm looking for a solution for this scenario
else if (request.url === 'https://someurl2') {
return {redirectUrl: 'file://somefileondisk' };
}
});
and this doesn't:

Is it possible to catch requests from another extension?

In my extension I use chrome.webRequest to catch requests from any web pages and it works like a charm.
But I can not catch any requests initialized from another extension.
My manifest:
"permissions": [
"tabs",
"webRequest",
"webRequestBlocking",
"<all_urls>"
],
background.js:
chrome.webRequest.onBeforeRequest.addListener(function (data) {
console.log('catched', data);
}, {urls: ['<all_urls>']});
Tests:
open tab with http://google.com:
catched https://www.google.com/
open extension console and run fetch('http://google.com'):
catched http://google.com/
open another extension console and run fetch('http://google.com'):
// no output
Does anybody know if is it possible and if so, how to set it up?
Thanks!
Updated
My previous answer it not correct, see #Rob W's comments.
But when #Xan mentioned that extension URLs were visible to other extensions, it became apparent that this behavior is undesirable and a security issue, so I removed the ability for extensions to see other extensions' requests
Previous answer
It's not allowed to handle requests sent from other extensions.
In addition, even certain requests with URLs using one of the above schemes are hidden, e.g., chrome-extension://other_extension_id where other_extension_id is not the ID of the extension to handle the request, https://www.google.com/chrome, and others (this list is not complete).

Fetch API not sending session cookies when used inside a Chrome Extension

I'm trying to make a Chrome Extension which scrapes some details from Pull Requests on Github using the Fetch API, and then displays them elsewhere. I'm running into some problems when I try to use this with a non-public repository on Github. I believe this is related to CSRF protection, and the rules that govern Chrome extensions having access to session cookies.
I have the following in my extension's manifest.json:
"content_scripts": [{
"matches": [
"*://github.com/*/*/pulls"
],
"js": ["script/underscore-1.8.3.min.js", "script/content.js"]
}],
"permissions": [
"tabs",
"activeTab",
"*://github.com/*",
"webNavigation"
]
But when I run the following from within my script/content.js:
fetch('/redacted/redacted/pull/4549', {credentials: 'same-origin'}).then((response) => {
return response.text();
}).then((text) => {
// do cool stuff
})
This produces a 404 response from Github. Inspecting this request with Chrome Inspector's network tab, I can see it is not sending my GitHub session header with the request.
If I make the very same request using the Javascript prompt in the Inspector, I can see a 200 response, and I can see that it is sending my session cookies.
My understanding was that specifying the Github domain in my manifest.json would mean my extension would have access to my session data in my content scripts, is this not correct? What should I be doing to make a valid request to this protected content?
According to Chrome blog, to include cookies you need credentials: 'include' instead of credentials: 'same-origin'.
Specifying github in the permissions only gives access to the host, its there to limit damage if the extension/app is compromised by malware (source).
Its not indicated in the content script documentation that session data can be retrieved in content scripts, just their DOMs. I think it would be better if you use and incorporate the official Github API in the chrome extension project you're creating.

Google Chrome extension get IP address of server

I had a good idea, which kind of revolves around ips from the server the user is on.
Im very new to making a google chrome extension, but i am good at the programming languages that requires to build one .
Question: Can I get a IP from a server that the user is on? and if so how would you do this?
I was thinking just AJAX the url to my own server which then pings the server which would get the ip and returns that/stores it some where.
You can get current URL of tab\web Pageuser is currently browsing using chrome.tabs API
Demonstration
chrome.tabs.query({
"currentWindow": true, //Filters tabs in current window
"status": "complete", //The Page is completely loaded
"active": true // The tab or web page is browsed at this state,
"windowType": "normal" // Filters normal web pages, eliminates g-talk notifications etc
}, function (tabs) { //It returns an array
for (tab in tabs) {
_url_i_need = tabs[tab].url;
//Do AJAX Stuff here
}
});
Ensure you declare tabs permission in your manifest as shown here
{
"name": "My extension",
...
"permissions": [
"tabs"
],
...
}
References
Tabs API

How can I hide WebRequest redirections from the rest of chrome?

I am trying to use chrome's experimental WebRequest URI to do resource translation - so that URLs link to different back end resources than they would outwardly do. In Firefox, I'm used to registering a new protocol handler, so that:
myscheme:user_prefs
actually is connected to some webserver like so:
https://myhost/prefs?token=bla
I'm sort of lost, is there a way to do something similar in Chrome?
I think you can use the WebRequest API (make sure you're on the Beta channel or higher):
chrome.webRequest.onBeforeRequest.addListener(function(details) {
if (details.url.indexOf("myscheme")!=0)
return;
var options = details.url.substr(details.url.indexof(":"));
return { redirectUrl: "https://myhost/prefs?" + options };
},{},["blocking"]);
...and that's completely untested code. Feel free to test it, debug it, fix it, whatever... but keep in mind you'll need to ask for some permissions: "webRequest", "webRequestBlocking", "<all_urls>"

Resources