I'm developing a Chrome extensions that would be installed simultaneously with a desktop app, as an "external extension" as the docs call it. But I believe the extension would be disabled, and users would need to manually enable it. It's inconvenient to do this and not at all obvious how (at least to users not very familiar with extensions).
Is there a way to automatically enable the extension, or make it very easy for users to manually enable it? This was asked in the comments on this other stackoverflow question, but no one had an answer.
Another issue is that I think Chrome has to be restarted for the extension to be installed at all. This is obviously very disruptive from a user perspective. Is there a way around this?
Related
Background
I've been using the crx-hotreload package to auto-reload my chrome extensions during development because it's annoying to have to click the refresh button on the Extensions page every time you make a change; however, this package doesn't work with MV3 because it uses the chrome.runtime.getPackageDirectoryEntry method, which seems to have been removed from chrome.runtime in MV3. I can't find documentation to confirm that it was removed, but it's not there when I try to use it.
Questions
Does anyone know how to get access to all the files in the extension directory in Chrome Extension Manifest Version 3?
Or generally, is there a better way that I can hot-reload my chrome extensions during development that would work for MV3?
This is one of many things based on DOM capabilities of background pages that are removed from ManifestV3 because service workers don't have DOM. For example, getPackageDirectoryEntry is using the old nonstandard FileSystem API in its returned value.
As to why, apparently the switch to service workers simplifies the internal source code in Chromium, even if it doesn't provide any real improvements for extension authors or users.
At this point all you can do is present a convincing use case and ask Chromium developers via https://crbug.com to implement an alternative API.
We have authored a Chrome extension and would like to ensure that our extension does not at any time participate in being sync'd using Google Account synchronization, even if the user has specified in the Advanced sync settings dialog that extensions be sync'd. Is there a way to prevent this sync'ing on a per-extension basis? Is there some setting we could place in the extension manifest file to accomplish this? Or other way to accomplish this?
If that is not possible, can we force the Extensions checkbox to always be unchecked and unalterable by the user, using enterprise-level techniques such as Group Policy Update? This is not optimal, since we only want to stop the sync'ing of our extension, and not prevent sync'ing of all extensions.
We do see that the SyncDisabled policy registry setting is available to us, but that looks like it will disable ALL data synchronization including Apps, Extensions, Settings, History, etc. This is even less desirable to us, since we don't want to affect other synchronization -- we just want to prevent only our extension from being sync'd.
The use case for this involves the following:
A corporate user installs Chrome on his work computer. Our extension is useful in the enterprise environment and is installed on Chrome.
At some point, using the Chrome browser, this user logs into his personal Gmail account. He has set up his Google Account to turn synchronization on.
Now when this user, using his home computer and Chrome browser, logs in to Google, he will find that our extension has also been installed on his Chrome browser at home -- this is not desirable, since our extension has no usefulness in the home environment. Moreover, the user may consider the presence of our extension an unwanted intrusion into his home computing environment.
The only remedy for this user would seem to be that he could go to the Advanced sync settings and uncheck the Extensions checkbox, but then he would lose the benefit of extension sync'ing of other extensions, which he may want.
Well, if you're doing it in a corporate / managed environment, you don't need to publish your extension on Web Store at all (thus preventing the sync) if you can use Group Policy.
Any extension in ExtensionInstallForcelist will be installed even if it (and its update manifest) is hosted outside Web Store. This will prevent the extension itself from syncing (though will probably still allow chrome.storage.sync to function for it, which is a plus).
Other than that, I don't think there's a way to prevent an individual Store-hosted extension from syncing.
I'm diving into the world of Chrome Extension development, primarily because there is a very small feature that is missing in Chrome that I miss dearly. The context-menu option to "Set as background/wallpaper" like that found in Firefox. Sounds trivial, but it's convenient.
I have most of the "basic" stuff worked out with the manifest file, am able to install it, even managed to get it to show up as a context menu item.
The problem obviously is that I am wanting to mess with a user's OS-level settings which is extremely difficult because of security issues (fully understand this).
I found an extension that allowed this in older versions of Chrome, and it looked like the developer used some type of .dll and C++ to accomplish this.
I'm not really sure how to make this work.
Since that Chrome doesn't allow these kind of manipulations (such as your PC's settings), you will need to create a native application that will run beside your extension. When the user chooses the image from your extension and selects "use as wallpaper", you will use the native messaging API to send a message to your desktop application, that will set the wallpaper (and do whatever else you can't do within a chrome extension) for you.
You can use the chrome.wallpaper app api to set the wallpaper after using the messaging api to send the image from your extension.
I've written a NPAPI plugin and I want to implement an NSIS installer that can install the plugin automatically.
I've googled a lot and found that from Chrome browser v25, *.crx package installation using the Windows registry does not work any more(the installed extension will be disabled by default). It seems that
Google does not allow any automatic extension installations without being approved by user.
However, I also found that if I install the plugin dll (instead of crx) on user's local machine and write reg keys to
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\#myplugin.com/myplugin with correct dll path, the plugin could be installed automatically as long as my user downloaded and executed my installer, without any notification that the new plugin was going to be installed.
My question is that why my installer works? Is it in contradiction with Google's policy?
Shouldn't all the plugins installed under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins be blocked or disabled by default?
Extensions and NPAPI plugins are very, very different, as are the associated risks to users, and they therefore have different policies.
Extensions can't be silently installed because that ends up being used to install malicious extensions that do things like change browser settings and make them hard to change back, easily harvest sensitive information from sites users visit, inject extra ads on every site the user visits (and/or replace ads that support sites with ads that just pay the malware authors), etc.
NPAPI plugins, on the other hand, do absolutely nothing in the browser unless specifically loaded by a page. They aren't particularly interesting as malware, because the added capability that NPAPI plugins give you is the ability to run native code. But if a malware author can get someone to run an installer to install the plugin, they could just as easily install something else instead that runs native code continuously in the background, rather than only when a user visits a site that triggers a plugin (and they can much more easily hide that than a plugin, which has to be in a known location, and shows up in Chrome).
The danger with NPAPI is around exploits of already-installed, non-malicious plugins, whereas the installation of malicious extensions is a real issue.
Chrome extensions can interfere with how a site is rendered and/or its behavior. This introduces unnecessary states and potential sources of errors.
So: Is there a way to disable all Chrome extensions for visitors of a certain website?
I dont think such API exists (we are taking about webiste scripts, right?) However you could determine if specific extension installed and update your code accordingly. Check this topic how to do this.
Even better and actual topic if you are fighting with adblock plus ;)
The best way to handle so far is to disable Extension sync in that specific browser.
Steps to follow:
https://superuser.com/questions/528014/how-to-disable-chrome-extensions-without-disabling-them-across-multiple-synced-d
.