I have read tonns of articles and I'm near by to say, that what I want to do is not possible. But maybe I have overlooked an article with the solution.
We have a webclient for intranet solutions which is not bound to a domain I know. Our customers install the webclient on their server and give him a domain they like in their company.
Now we want to develop a WebExtension to have further possibilities on filesystem and other system mechanismen. We do not want to manipulate the webclient with this WebExtension. The webclient should send messages with commands to the WebExtension and they should be processed.
The only solution I found is.
WebClient -> content_scripts -> background_scripts.
The content_scripts can forward the messages to the background_scripts. The problem is, that content_scripts must match a domain and we do not know the domain were our customers install the webclient
"content_scripts": [
{
"matches": ["*://*.mozilla.org/*"],
"js": ["jquery.js", "content-script.js"]
}
]
Is it possible to send a message like
browser.runtime.sendMessage()
Directly from an webpage script to an WebExtension? Maybe if one know the WebExtension unique id? Or are there other solutions for the problem not knowing the domain a webpage runs?
Thanks
René
Related
How can I use PayPal to charge users for feature(s) in my MV3 Chrome extension?
I'm specifically looking for PayPal as Stripe isn't supported in my country.
This is the first-ever time I'm trying to charge money for anything, so I wish to do it the right way the first time.
Also, my extension is open-source, so if I could make the code in a certain way to prevent the user from bypassing the storage to enable the feature without paying, it'd be cool.
You need a web server that provides services and payment verification if you want to prevent the user from bypassing anything.
Current versions of the PayPal Checkout require loading external JS resources, which browser extensions typically frown on. So the simplest solution, again, is going to be to have your extension direct over to a web page to handle the payment.
If you insist on processing the payment directly from your extension, the only possible way would be using a legacy HTML-only PayPal flow, most simply opening a tab to a link such as:
https://www.paypal.com/webscr?cmd=_xclick&item_name=payment%20purpose%20goes%20here&amount=100¤cy_code=USD&business=receiverofpayment#emaildomain.com
This would not be at all secure or verifiable, other than perhaps if you were to also integrate the legacy IPN service on a server (also a bad idea).
So in summary, to do what you want to do you ought to pair a server and web page with your extension for payment processing/verification.
See the full stack example at https://developer.paypal.com/docs/subscriptions/integrate/ , and do API calls from your server's backend (in whatever programming environment, the node js there is just an example) for the order creation and capture. Your 2 server routes should be called from your web page, ideally using this approval flow includes a sample of error handling code for if the capture fails.
Chromebooks have an option, "Remove Google Play Store" in their settings. Is it possible for a Chrome browser extension (by itself) to detect if the Play Store is enabled or disabled on the Chromebook? If that is so, then how?
I don't see anything obvious in the Extension API docs to do this, but sometimes functionality can be somewhat obscure. Maybe there's a way to use the available APIs that I don't know about?
https://developer.chrome.com/extensions/api_index
Or maybe there's some other way...?
Thanks for any recommendations you can give!!
I've found a way to do it, but it isn't particularly secure. If someone else has a better way, please post it. Here is what I've found.
The Chromebook user must open this URL up in their Chrome browser and enable extensions on chrome:// URLS:
chrome://flags/#extensions-on-chrome-urls
The Chrome extension must have the following in its manifest.json:
"content_scripts": [
{
"js": ["my-content-script-file.js"],
"all_frames": true,
"matches": [
"chrome://os-settings/androidappsdetails",
"chrome://os-settings/apps",
"chrome://os-settings/"
]
}]
If everything is set up as I said above, then, when the settings window is open, the my-content-script-file.js file of the Chrome extension can read the HTML and add on-click events to the DOM elements in the settings window, just like a normal content script could with any other webpage.
I'm beginner in chrome extensions development. I'm trying to show desktop notifications when my background script finishes some of its methods but i don't know how i can request permissions for this. Is there any way to accomplish this task?
It can be done using content script, but I want to show notifications by background script, without background page.
You need to add notifications to your manifest.json file:
"permissions": ["tabs", "notifications","management"]
You can then call
webkitNotifications.createNotification('images/message48.png', title, message);
I'm writing an extension that needs to show a page action on amazon.com pages.
Would it be better to request the "tabs" permission or to inject a content script into amazon.com pages?
The tabs permission strikes me as using less resources (because it just checks the URL against a regex in the background script) but I think it's a scarier permission message ("access your tabs and browsing activity")?
Injecting a content script into amazon.com pages seems like it would take more resources it but would only need permission to amazon.com...
It is a generic question and answer depends on Client to Client. You have pointed out the + and - of each.
I suggest you to go for content scripts if your clients are particular about security and privacy, in this you are adding an extra load to pages(with content scripts and message passing) which may slow down the normal execution process.
I suggest you to go for tab permission, if you are all about performance. It is a native API, and executes in background page no extra load on tabs. Many extensions on web store does use tabs API, i dont think this would scare them as this is not new.
However, it is all about your target section of users.
I have need to communicate between two iframes of the same domain, which live inside a parent page on a different domain that I have no control over.
This is a Facebook app and the basic layout is this
apps.facebook.com/myapp
L iframe1 (src='mysite.com/foo')
L iframe2 (src='mysite.com/bar')
I need frame1 to talk to frame2, but in Opera I can't access window.parent.frames['frame2']
to do the usual cross-domain methods (updating location.hash for example)
Is there an alternate way to accomplish this in Opera?
Thanks for your help in advance
Did you try using HTML5 web messaging. It is quite well supported currently by recent versions of browsers.
iframe.contentWindow.postMessage('Your message','http://mysite.com');
The postMessage property will need the origin http://mysite.com.
Generally no. Same Origin Policy denies you the possibility of communicating upwards to the parent, which would be necessary to then step downwards to the other frame. This is true in any browser.
If the parent document has given your frame-to-be-contacted a unique name, there is a limited form of communication possible with it by getting the user to click a link with href="otherurl#message" target="name", which will navigate the target frame by changing the hash without reloading the page, as long as the URL matches exactly. In Mozilla you can also do this with a form target, allowing you to script its submission (since link clicking cannot be automated), but not in Opera. Probably not much use... don't know if FB gives you a frame target name in any case.
You can make a communication channel between scripts in the same domain by using cookies(*): one script writes a session cookie, the other script polls for changes to document.cookie to find messages in it. But it's super-ugly and requires some annoying work to control signalling which messages are meant for whom when there are multiple documents open simultaneously. And there are further limitations for cookies in third-party frames (you will probably need to write a P3P policy to get IE to co-operate).
(*: or, presumably, HTML5 web storage, where available.)
As others have said, use window.postMessage. But instead of using window.parent.frames['frame2'], try window.parent.frames[x] where x is the position in the node list of the other iframe.
You can see an example of doing this across origins here: http://webinista.s3.amazonaws.com/postmessage