I'm developing a chrome webextension and I'm trying to use fetch api to get content-length header using a code similar with
fetch("http://example.com/", {
method: "GET"
}).then(response => console.log(response.headers.get("content-length")));
But I get a null value in console. Why?
Other info:
I have <all_urls> permission in extension manifest
The same code works ok in firefox version of this webextension
The XMLHTTPRequest variant works ok in chrome, so probably I'm missing some extra parameters to fetch function
Related
I started using the Azure Maps API on a project using Logic Apps (Azure). All of a sudden the HTTP action stopped working and I am getting a 400 BadRequest Error.
"error": {
"code": "400 BadRequest",
"message": "Bad request: one or more parameters were incorrectly specified or are mutually exclusive."
However, when I call the same API using Postman or my browser, it works fine.
API: https://atlas.microsoft.com/search/fuzzy/json?api-version=1.0&subscription-key=xxxxxxxxxxxxxxxxxxxxxxxxxxx&query=2 5 Donlands Ave 4 Toronto Toronto &countrySet=Ca&maxFuzzyLevel=2&limit=1
As I mentioned, this was working and all of a sudden started failing on Logic Apps without making any changes.
I exactly have the same issue.
I use address rest api to retrieve cities from postal code.
Sample :
https://atlas.microsoft.com/search/address/structured/json?subscription-key=mySubcriptionKey&api-version=1.0&postalcode=35000&countrycode=fr&limit=1
Like you, if I use the query client side, I have a 400 bad request with message :
{
"error": {
"code": "400 BadRequest",
"message": "Bad request: one or more parameters were incorrectly specified or are mutually exclusive."
}
}
Please note that the query is OK for google chrome, but return a 400 bad requests with Brave, Edge (chromium) and Firefox.
Note also that the sample web sdk have the same issue and is not updated.
Currently, I don't have any idea about where is the problem.
Edit : After some investigation, i'm pretty sure that it's a Microsoft issue.
So, I found a workaround.
If I try my query with Firefox, by default I have a 400 and a 200 with chrome.
I compare the header and the issue is with the accept-language.
By default, on Chrome, I Have : Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
On Firefox (Brave, Edge also maybe), I Have : Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Please note the inversion between fr-FR and fr.
If I change my Accept-Language on Firefox from fr,fr-FR to FR-fr,fr. It's working.
If I set my Accept-Language to "fr" only, I still have a 400. Work with "Fr-fr".
So after some test, my conclusion is that atlas have an issue with two letter header accept-langage.
So on my TS/JS code, just add accept-language with 4 letters to work again.
xhr.open('GET', url, true);
xhr.setRequestHeader("Accept-Language", this.acceptLanguage);
xhr.send();
My opinion is that it's a server/ atlas issue, I can't imagine this kind of code evolution from Microsoft ^^
I'm building a Chrome Extension that interacts with an API that I wish to protect using Google recatcha, as I'm intending for it to be used beyond just the Chrome Extension. The API side is working, correctly verifying a recaptcha response with Google, however, displaying the recatcha widget inside the extension's browser action window is resulting in the following javascript error:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://pjhcgfibbbmibojnlkgjejaojpokgldl:80') does not match the recipient window's origin ('chrome-extension://pjhcgfibbbmibojnlkgjejaojpokgldl').
which is generated in recaptcha_en.js at the line:
(a.window || ne(a.Tg)).postMessage(JSON.stringify({
message: c || null ,
messageType: b
}), Zj(a.path));
The problem seems to be that the value of a.path is chrome-extension://pjhcgfibbbmibojnlkgjejaojpokgldl:80 but I don't know how I can affect this value.
The result of this error is that the recaptcha widget displays a message saying:
Please upgrade to a supported browser to get a reCAPTCHA challenge.
I'm displaying the widget via the auto render method, but have also tried the explicit method which results in the same error. For info, I'm using the following content_security_policy:
script-src 'self' https://*.google.com https://*.gstatic.com; object-src 'self'
Is there any way I can get this to work in my extension? And if not, what is the best alternative method for integrating recaptcha?
In recaptcha v3
manifest.json
"content_security_policy": "script-src 'self' https://.google.com https://.gstatic.com; object-src 'self'"
ADD CHROME EXTENCION ID TO ALLOWED DOMAINS IN RECAPTCHA ADMIN CONSOLE
chrome-extension://aailnablglhloogfnpkgddnjjfimhhhg
so you just put "aailnablglhloogfnpkgddnjjfimhhhg" without chrome-extension://
I'm writing an extension that requests XML content from a server and displays data in a popup/dialog window. I've added the website to my manifest.json permissions like so:
"permissions": [
"http://*/*"
],
Later I added the following code to my background page:
function loadData() {
var url = "http://www.foo.com/api/data.xml";
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
...
xhr.send();
the problem is, that I get the cross-site security error "Origin chrome-extension://kafkefhcbdbpdlajophblggbkjloppll is not allowed by Access-Control-Allow-Origin. "
The thing is, with "http:///" in the permissions I can request "http://www.foo.com/api", but I can't find any way to allow "http://www.foo.com/api/data.xml".
I've tried both "http:////*" and http://www.foo.com/api/data.xml" in the "permissions". What else should I be doing?
This should work (SOP doesn't apply to chrome extensions),so there are three possibilities:
There is some mistake somewhere
Just to make sure use add <all urls> permission and check that extension really have this permission. (e.g. execute chrome.runtime.getManifest() in console when inspecting background page )
Server itself is checking Origin header and is rejecting request if origin value is unexpected
You can quickly check this by using some http tester and sending request manually (for example Dev Http Client for chrome, since I'm one of the developers). If it shows the same error, it means that the server is really checking origin header.
To fix this you will have to make server somehow accept your origin , or you can use chrome.webRequest to set valid origin header to all the requests sent to the target server (standard XHR api doesn't allow modification of Origin header)
Chrome bug
Well in this case you can only report this error and wait for the best
I'm building an app in NodeJS that stores files in Amazon S3 using the Knox S3 client. Everything works well for uploading files, moving files around, etc.
Now I want to use the Query String Authentication mechanism to allow direct downloads of the files. To do this, I have some code on my NodeJS server call to the Knox library and create a signed url.
The code looks like this:
exports.getS3Policy = function(file) {
var date = moment().add("min", 60).toDate();
var expires = new Date(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate(), date.getUTCHours(), date.getUTCMinutes(), date.getUTCSeconds());
return knoxClient.signedUrl(file, expires);
};
This code returns a proper URL with the authentication parameters. For example:
https://my-bucket.s3.amazonaws.com/some/folder/file.ext?Expires=1234567890&AWSAccessKeyId=ABCDEFGHIJKLMNO&Signature=someEncodedSignature
According to all of the documents I've read, this is a proper URL. I'm not getting any errors from Amazon with this url. The expiration is correct (I can verify this by creating an expiration of 1 second and then getting an expired error). The file path is correct, as well.
When I hit the url in my browser, though, my browser (latest Chrome on OSX) cancels the download of the file, even though I'm getting a 200 ok response with the right file information.
Here is a copy of the request info from Chrome dev tools (sensitive bits replaced):
Request URL:https://my-bucket.s3.amazonaws.com/some/folder/file.ext?Expires=1234567890&AWSAccessKeyId=ABCDEFGHIJKLMNO&Signature=someEncodedSignature
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
DNT:1
Host:my-bucket.s3.amazonaws.com
Pragma:no-cache
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.65 Safari/537.36
Query String Parameters
Expires:1234567890
AWSAccessKeyId:ABCDEFGHIJKLMNO
Signature:someEncodedSignature
Response Headers
Accept-Ranges:bytes
Content-Length:341390
Content-Type:application/octet-stream
Date:Tue, 10 Sep 2013 13:22:55 GMT
ETag:"fc4d24e752097f212e111f2736af7162"
Last-Modified:Tue, 10 Sep 2013 01:40:31 GMT
Server:AmazonS3
x-amz-id-2:some-id
x-amz-request-id:some-request-id
As you can see, the server response is "200 ok". The content-length of 341390 is also the correct lenght of the file I'm attempting to download - this is the actual file size. I'm getting the content type as "application/octet-stream" because that's how I told S3 to store the files... I just want the raw download, basically.
But after getting this response from S3, Chrome cancels the download. Here's a screencap from devtools, again:
FireFox and Safari both download the file as expected. Why is chrome canceling the download? What am I doing wrong? Is it the content type? or ?
Of course I find the answer as soon as I post the question... it's a bug in Chrome
https://code.google.com/p/chromium/issues/detail?id=104331
The fix will be available starting with Chrome/Chromium 30.x. Please
open a new issue if you are seeing similar issues with versions of
Chrome 30 or above.
The supported means of indicating that a resource must be downloaded
is to use the Content-Disposition header field
(https://www.rfc-editor.org/rfc/rfc6266).
Looks like I have to get S3 to set a content-disposition in the response.
My Chrome extension background.js checks if a condition is true, and if so, download a script from my server which makes changes to the DOM. Now I'm trying to make a jquery getJSON call from that downloaded script, again, to my server, but I'm getting a XMLHttpRequest cannot load https://www.mydomain.com/loadit.php?h=&fr=0&type=5&category=. Origin http://thisdomain.com is not allowed by Access-Control-Allow-Origin.]`
Now, my manifest file has the following:
"permissions": [
"tabs",
"http://*/*",
"https://*/*"
Which I thought was supposed to allow cross origin requests from any url, so why am I getting the error?
EDIT: What's even stranger is that I'm inserting both an external css file and another js file (jquery) from that downloaded script, and both give me no problems. It's just that getJSON request that does...
ALthough I still don't know exactly why the extension wasn't allowing the cross-domain request, I was able to complete the request by using jquery.Ajax with Jsonp instead of the getJSON.