I'm just publishing a Google Chrome extension and I run into the error message: "Because of the following issue, your extension may require an in-depth review:
- Broad host permissions"
And whilst I know why this is (see snippet of manifest code) I wonder what the best way to fix it is?
I know this is to do with the wildcards I'm using and I have now published the extension with specific websites to test it works as intended (it does). But for the extension to be truly effective I want it to work more universally.
"content_scripts" : [{
"matches" : [ "http://*/*","https://*/*" ],
"exclude_globs" : [ "*.jpg","*.jpeg","*.gif","*.png","*.bmp","*.webp",
"*.css","*.swf","*.js","*.zip","*.rar","*.tar","*.tar.gz","*.tgz","*.tar.bz2","*.tbz2",
"*.doc","*.docx","*.ppt","*.pptx","*.xls","*.xlsx","*.pdf","*.xml","*.txt",
"*.mpg","*.mpeg","*.qt","*.mp4","*.m4v","*.m4a","*.mp3","*.ogv","*.ogm","*.ogg","*.oga","*.webm","*.wav",
"*.","*." ],
"css" : [ "css/inject.css" ],
"js" : [ "js/jquery.js" , "js/inject.js" ],
"run_at" : "document_start"
}],
"web_accessible_resources" : [
"html/iframe/*",
"src/options/options.html"
],
"permissions" : [
"tabs"
"activeTab",
"webRequest",
"http://*/*",
"https://*/*",
"storage"
]
}
Related
I want to navigate SharePoint in Teams tab app by clicking button as below, but it doesn't work properly only in MS Teams Mobile app(works with desktop), it shows the loading screen.
var url= https://${DOMAIN_URL}/_layouts/15/teamslogon.aspx?spfx=true&dest=/${SITE_URL};
window.location.replace( url );
is there any reason for that ?
manifest similar to this
"staticTabs": [
{
"entityId": "16f1325347cb",
"name": "Portals7",
"contentUrl": "https://my-site-url.io/Tab?loginHint={loginHint}&userObjectId={userObjectId}&userPrincipalName={userPrincipalName}&tenantId={tid}&locale={locale}&theme={theme}&userPrincipalName={userPrincipalName}",
"websiteUrl": "https://my-site-url.io/Tab",
"scopes": ["personal"],
"supportedPlatform" : ["desktop"]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"my-site-url.io",
"*.login.microsoftonline.com",
"*.sharepoint.com",
"*.sharepoint-df.com",
"spoppe-a.akamaihd.net",
"spoprod-a.akamaihd.net",
"resourceseng.blob.core.windows.net",
"msft.spoppe.com"
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://{teamSiteDomain}"
}
}
It seems to be a manifest error, we need to provide all supported platforms.
"supportedPlatform": [ "desktop","mobile","teamsMeetingDevices" ]
I am creating a chrome extension. Problem I am facing is I am able to see the html content but I am not seeing my js files included in content_scripts. I am checking this by inspecting on my extension & checking sources tab.
Mainfest -
{
"manifest_version": 2,
"name": "My Plugin",
"description": "some description",
"version": "1.0",
"browser_action": {
"default_popup": "popup.html"
},
"content_scripts": [
{
"matches": [
"http://*/*",
"https://*/*"
],
"js": ["myPopup.js"]
}
],
"permissions": [
"activeTab",
"declarativeContent",
"storage"
]
}
myPopup.js -
console.log("hello world")
What could I be doing wrong?
Source tab will display the scripts that are actually injected into page DOM.
If you are trying to debug the content script, then add a debugger to your content script.
Open the developer tools and reload the page, you should be able to see content script in the source tab.
enter image description here
I'm trying to publish my chrome extension but it's appears and i don't use permissions for active tab
Because of the following issue, your extension may require an in-depth
review:
- Broad host permissions Instead of requesting broad host permissions, consider using the activeTab permission, or specify the sites that
your extension needs access to. Both options are more secure than
allowing full access to an indeterminate number of sites, and they may
help minimize review times.
The activeTab permission allows access to a tab in response to an
explicit user gesture.
{ ... "permissions": ["activeTab"] } If your extension only needs to
run on certain sites, simply specify those sites in the extension
manifest: { ... "permissions": ["https://example.com/*"] }
My Manifest litterally don't have activeTab permissions
{
"name" : "AZSolusindo VPN",
"description" : "VPN Solusindo",
"permissions" : [
"proxy",
"tabs",
"unlimitedStorage",
"storage",
"<all_urls>",
"webRequest",
"webRequestBlocking",
"http://azsolusindo.info/*",
"http://127.0.0.1/*"
],
"background" : {
"scripts" : [
"background.js"
]
},
"browser_action" : {
"default_icon": {
"16" : "images/vpnoff.png",
"32" : "images/vpn32.png",
"48" : "images/vpn48.png",
"128" : "images/vpn128.png"
},
"default_title": "AZ VPN",
"default_popup": "popup.html"
},
"commands": {
"_execute_browser_action": {
"suggested_key": {
"default": "Alt+Shift+O",
"mac": "Alt+Shift+O",
"chromeos": "Alt+Shift+O",
"linux": "Alt+Shift+O"
},
"description": "Open Pop Up."
}
},
"content_scripts": [
{
"matches": [
"http://azsolusindo.info/vpn/index.php/template",
"http://127.0.0.1/AzVPN/public/template"
],
"js": ["JS/content.js"],
"run_at": "document_end"
}
],
"version" : "0.9.5.1",
"manifest_version" : 2
}
Is there anything i need to change ?
What’s getting flagged is your <all_urls> permissions entry. The message is saying that requesting such broad permissions is going to require a more in-depth review for your extension.
If you only need host permissions in a few places, then declare the specific hosts in your permissions array. As the message suggests, you can also use the activeTab permission if all you need is tab-related information and lifecycle events (such as tab id, URL, etc.).
If you do in fact potentially need full permissions on any given webpage, then there’s not much you can do here - your extension will need to go through the extended review.
How do I auto load script when a page loads?
I have this extension source:
{ "browser_action" : { "default_icon" : "icon.png"},
"description" : "Alert on Google Load",
"icons" : { "128" : "icon.png" },
"name" : "Auto alert",
"version" : "1.0",
"content_scripts": [
{
"matches": ["http://www.google*"],
"js": ["myscript.js"],
"run_at": ["document_end"]
}
],
}
Now myscript.js includes:
alert("hi")
But when i load google.com, nothing happens.
thanks alot.
The match pattern you are using (http://www.google*) is invalid. You can use the wildcard character (*) as scheme, host or path parts of URL. You can not use it as a part of domain.
If you want to match all Google sites, you should use this pattern:
*://*.google.com/*
You can read about match patterns, including good and bad examples, in the documentation at: http://developer.chrome.com/extensions/match_patterns.html
When I'm running the Chromium browser using:
chromium-browser --load-extension=/path/to/my/extension
--user-data-dir=/path/to/chrome/profile --app=http://localhost/somepage
some content scripts are not injected into the page. These scripts are defined as follows in the manifest file:
"content_scripts" : [{
"matches" : [ "http://*/*", "https://*/*" ],
"js" : [ "content/s1.js", "content/s2.js", "content/s3.js", "content/s4.js" ],
"run_at" : "document_end"
}]
When inspecting the page, I see that only s1.js and s4.js were injected successfully. After reloading the page all scripts are injected correctly, and my extension works as expected.
What can be the reason for that, and how to debug this?
Edit:
Those content scripts (that fail to inject sometimes) reference 'document' at the beginning. It seems like if I wrap them into something like:
setTimeout(function() { document. ... }, 5000);
They are always injected as expected. Is it possible that the document is not available, even though "run_at": "document_end" was specified in manifest?
Thanks!
You can better do this:
Create 1 content.js script:
/* inject script */
try {
var script1 = document.createElement("script");script1.type = "text/javascript";script1.src = chrome.extension.getURL("/js/injected1.js");document.getElementsByTagName("head")[0].appendChild(script1);
var script2 = document.createElement("script");script2.type = "text/javascript";script2.src = chrome.extension.getURL("/js/injected2.js");document.getElementsByTagName("head")[0].appendChild(script2);
var script3 = document.createElement("script");script3.type = "text/javascript";script3.src = chrome.extension.getURL("/js/injected3.js");document.getElementsByTagName("head")[0].appendChild(script3);
var script4 = document.createElement("script");script4.type = "text/javascript";script4.src = chrome.extension.getURL("/js/injected4.js");document.getElementsByTagName("head")[0].appendChild(script4);
} catch(e) {}
in the manifest.json:
"content_scripts" : [{
"matches" : [ "http://*/*", "https://*/*" ],
"js" : [ "content.js" ],
"run_at" : "document_end"
}]