I developed an addon for firefox which I want to distribute among my group. I don't want to make it visible to everyone. How can I put that restriction for my published addon.
I did the same for chrome extension where my listed emails can install my chrome extension only.
Such an option is not available for extensions listed on AMO. It's either available for everyone or not at all.
Unlike CWS, with Firefox you can opt to self-distribute the extension (AMO will only do the signing, hosting and updating is on you), and then how you control access is up to you.
However, once someone has the XPI file, they can share it with anyone. This is technically true of Chrome extensions as well: once installed, they can be ripped and shared.
If you truly need to limit functionality for non-members, the only way is to offload some non-trivial part of the program to a server that requires access credentials.
Related
Background
I've been using the crx-hotreload package to auto-reload my chrome extensions during development because it's annoying to have to click the refresh button on the Extensions page every time you make a change; however, this package doesn't work with MV3 because it uses the chrome.runtime.getPackageDirectoryEntry method, which seems to have been removed from chrome.runtime in MV3. I can't find documentation to confirm that it was removed, but it's not there when I try to use it.
Questions
Does anyone know how to get access to all the files in the extension directory in Chrome Extension Manifest Version 3?
Or generally, is there a better way that I can hot-reload my chrome extensions during development that would work for MV3?
This is one of many things based on DOM capabilities of background pages that are removed from ManifestV3 because service workers don't have DOM. For example, getPackageDirectoryEntry is using the old nonstandard FileSystem API in its returned value.
As to why, apparently the switch to service workers simplifies the internal source code in Chromium, even if it doesn't provide any real improvements for extension authors or users.
At this point all you can do is present a convincing use case and ask Chromium developers via https://crbug.com to implement an alternative API.
We have authored a Chrome extension and would like to ensure that our extension does not at any time participate in being sync'd using Google Account synchronization, even if the user has specified in the Advanced sync settings dialog that extensions be sync'd. Is there a way to prevent this sync'ing on a per-extension basis? Is there some setting we could place in the extension manifest file to accomplish this? Or other way to accomplish this?
If that is not possible, can we force the Extensions checkbox to always be unchecked and unalterable by the user, using enterprise-level techniques such as Group Policy Update? This is not optimal, since we only want to stop the sync'ing of our extension, and not prevent sync'ing of all extensions.
We do see that the SyncDisabled policy registry setting is available to us, but that looks like it will disable ALL data synchronization including Apps, Extensions, Settings, History, etc. This is even less desirable to us, since we don't want to affect other synchronization -- we just want to prevent only our extension from being sync'd.
The use case for this involves the following:
A corporate user installs Chrome on his work computer. Our extension is useful in the enterprise environment and is installed on Chrome.
At some point, using the Chrome browser, this user logs into his personal Gmail account. He has set up his Google Account to turn synchronization on.
Now when this user, using his home computer and Chrome browser, logs in to Google, he will find that our extension has also been installed on his Chrome browser at home -- this is not desirable, since our extension has no usefulness in the home environment. Moreover, the user may consider the presence of our extension an unwanted intrusion into his home computing environment.
The only remedy for this user would seem to be that he could go to the Advanced sync settings and uncheck the Extensions checkbox, but then he would lose the benefit of extension sync'ing of other extensions, which he may want.
Well, if you're doing it in a corporate / managed environment, you don't need to publish your extension on Web Store at all (thus preventing the sync) if you can use Group Policy.
Any extension in ExtensionInstallForcelist will be installed even if it (and its update manifest) is hosted outside Web Store. This will prevent the extension itself from syncing (though will probably still allow chrome.storage.sync to function for it, which is a plus).
Other than that, I don't think there's a way to prevent an individual Store-hosted extension from syncing.
My question is how do third party installer installs addons in the browser like toolbars and able to set homepage and other browser properties??
I want to make an addon which get installed in browser in same way..
is it possible??
In principle, installing extensions along with other software is possible. I'm describing the procedure for Windows.
The following conditions have to be met:
You must be able to write to the HKLM registry subtree (needs Admin rights)
The extension must be published on Chrome Web Store
The machine must be able to download the extension from Web Store
If those conditions are met, you can do it according to the procedure described here. Basically, the installer must create a registry key that will trigger Chrome to download the extension on next launch.
That said, Google has gone to great pains to prevent silent installs and avoid browser settings hijack. Such setting overrides are a weapons race and Chrome is tightening its defenses. Ask yourself whether it's ethical to install your extension this way.
It will probably annoy your users and will flag your extension for more meticulous checks by Google. Remember that Google can disable any extension hosted by the Web Store if it violates its policies.
Also, be mindful of the single purpose policy. A toolbar that also overrides search/homepage/settings will be frowned upon. At a minimum it should be separated into several extensions, at a maximum - don't do it.
An extension can override, say, a homepage, but it's very restrictive. The extension must be in the Web Store as above, and any override pages must be verified for ownership for the Web Store developer account. All in the name of security and comfort of the users.
We have a Chrome Extension application that we have developed and would like to distribute it only a limited number of internal users.
This would be a private app, but to install it, users now have to follow the manual steps of going to Settings -> Extensions -> clicking on Developer mode -> drop the .crx in there.
I would like to know if there is a way to just have private App Store to privately distribute this app and not have it on Chrome Web Store for anyone to see/download/use.
Thanks for your help in advance ---
You use the Chrome Web Store. 2 options are available:
Share an unlisted Chrome extension from the Chrome Web Store (anyone with the link will be able to install it)
Chrome customers using G Suite or Education can use the Chrome Web Store to host private apps restricted only to their users on the same domain.
See https://support.google.com/chrome/a/answer/2663860
Update 2016-05-20: From https://support.google.com/chrome/a/answer/2663860?hl=en
Chrome customers using Google Apps for Work or Education can use the Chrome Web Store to host private apps restricted only to their users or people who you share a direct link to the app with. Users from the same Chrome domain will see their organization's private apps in a private collection in the Chrome Web Store.
Update 2015-10-27: Google has updated installation policies in attempt to curb malicious extension activity on Windows. On the chrome extension hosting page:
Warning: As of Chrome 33, Windows users can only download extensions
hosted in the Chrome Web store, except for installs via enterprise
policy or developer mode (see Protecting Windows users from malicious
extensions). As of Chrome 44, no external installs are allowed from a
path to a local .crx on Mac (see Continuing to protect Chrome users
from malicious extensions).
With the latest versions of Google Chrome, users are no longer going to be able to just click a download link and have it install with the correct HTTP headers. This leaves you with 4 possible options:
user downloads extension and then drags the file into the extension management page (This no longer works on Windows per update note)
change registry settings on users computers
user downloads extension source folder and loads extension from source in the extension management page
Re-enable extension installs with command-line flag as suggested by Rob W
I have created and distributed several different Google Chrome extensions privately within my company and went with the first option. It is an extra step for the users but it wasn't a big deal. The users did not have to have developer mode enabled in their Chrome browser for this to work.
Yes, you can. You need to create the crx file through the google chrome "Extensions" page (visit: chrome://extensions/ NOTE: You cannot click the link you have to manually copy and paste it, chrome does not allow you to visit the link from href)
On the Extensions page, check the box "developer mode", choose "pack extension".
Now you get the following popup. Click "browse" for the Extension root directory and navigate to the folder containing your extension (the folder containing manifest.json).
The first time you do this, ignore private key file. It will generate one for you automatically and save it to the same folder.
When you release a new version of the extension, use the generated private key file. This way for someone to update the extension, it won't ask for permissions again.
TO INSTALL
To install the extension, just get each user to manually drag the newly created extension crx into the Extensions page (chrome://extensions/).
The first time it will ask for permissions just like when installing from the Chrome Web Store.
For each new version, as long as you used the same private key file for each new version, users just drag the new version into the Extensions page the same way except they won't be asked for permissions again. It will just update the extension.
WARNINGS:
Beware the way you distribute the extension crx file. When user downloads the extension .crx file in Google Chrome, it will think you're trying to install the extension from that page, and come up a warning "couldn't be installed from this site". You need to make sure that users know to ignore the error, and check their downloads folder for the extension to manually install it.
Whenever you download the .crx file, Chrome will give the user a warning saying it might contain a virus. There is no way around this. Even if you zip up the file, Chrome will read the contents and give the same warning. Some users won't install because of this. A workaround is to rename the .crx to something else, like .RENAME_TO_CRX, but this is a hassle and a lot of users either won't want to or won't be able to figure it out.
You can't update the extension automatically. It's just not possible because Chrome manually blocked this capability.
NOTE: Another way would be to release it on the Chrome Store, but only for certain users (not public). Only people with the link could install, OR you could make it only certain people can install and even if you had the link but weren't part of the group, they couldn't view the extension. Only problem here is if you don't want Google to see the extension.
If you use Google Apps, it appears there's now a way to publish apps and extensions to the Chrome Web Store, but only make it visible to users of that domain.
https://support.google.com/chrome/a/answer/2663860?hl=en
Since its internal, could you change registry settings on their computers?
Because if so, you can use them to allow easy install of extensions from outside the web store or force install extensions on their machine.
Look here....
http://www.chromium.org/administrators/policy-templates
http://www.chromium.org/administrators/policy-list-3#ExtensionInstallSources
http://www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist
I looked into very many Google Chrome extensions and apps in order to find one that matches the following requirements:
runs in a Google Chrome tab
editor for any code, PHP, CSS, HTML
can load and save files (on my computer) and create new ones
works with local files on my computer
Is there any? kodingen, cloud9, shiftedit does not seem to make it on the localhost.
Maybe SourceKit will do?
SourceKit is an extension to your Google Chrome browser which runs in a separate tab. The files are stored in your Dropbox account, so not only can you access the files from your computer - you can access them from anywhere! It uses syntax highlighting like Notepad++ for a limited number of languages (you said php, css, and html - they are all supported). It can load, save, and edit text files locally on your computer if you install the Dropbox Desktop Application. This will also synchronize the files with your online account and thereby make them accessible from anywhere in the world.
That sounded more like a salesman's advertisement than intended.
Both Dropbox and SourceKit are free.
There are four catches as far as I can see:
Dropbox "only" offers 2GB for free, however, you can upgrade at any time if you're willing to pay.
Dropbox Desktop will only synchronize one folder (and all of its contents), but that's really not any different from a web site.
SourceKit will not debug your code, but will it highlight wrong syntax(only for certain languages).
EDIT Does not work offline.
I've tried it out, and it works well.
Sympathy Editor
Sympathy uses the npapi-file-io plugin mentioned in an answer above to allow you to edit local files.
Pros
Allows you to edit local files
Full syntax highlighting
Bookmark local files for easy access
Cons
Uses npapi plugin to read files, which means it has access to all your data
Unavailable on Chrome Webstore
Still under development
Only works on linux/windows as of the moment (not in mac)
If you are interested, you can see the README, or Manual on github.
Disclosure: I'm the primary developer of the extension.
Don't any of these extensions you have mentioned work with the file:/// protocol? They will work for the http:// protocol only if you are going to edit files inside your local webserver.
Instead of writing http://localhost/(...) you write file:///(...), where (...) is the full path.
In UNIX systems it is file:///home/jens/file.txt. In Windows it should be file:///C:\(...).
#Berk Demirkir may be right.
Here are the resources I found that may be of use;
32 Google Chrome Extensions For Smart Designers
Chrome Web Developer Tools No. 7 on the above list
There's no extension for editing local files.
But you can write one!
Acesses to local filesystem cannot be done using Chrome's Extension API.
But you can use HTML5's File API (which is draft) or Local Storage. If none of these storage methods sufficient for you, you can build a NPAPI Plugin. Chrome supports NPAPI Plugins. There's also a project called npapi-file-io in Google Code which aims to access local files from Google Chrome Extension context.
Edit:
Now, there's one usable editor, Symphaty. You can use Capt.Nemo's Symphaty editor.
Edit 2:
NPAPI plugins are phased out from Chrome since version 42. The only alternative would be to use a wrapper native app and communicate using Native Messaging API.
ShiftEdit can be used to work locally, you will need to have XAMPP or equivalent installed.