I have an extension that I'd like users to install along with my app. The app's purpose is very simple: use raw sockets to interact with a remote service and pass some messages to the extension. As far as I know, raw sockets are not available to extensions.
I'd like to avoid forcing users to install two separate packages from the Chrome Web Store. Is there a way to package both into one unit?
If not, what would be the recommended practice in this case?
The target platform is Chromebook/Chrome OS.
Thanks.
I don't think this is possible, otherwise there would be no reason to have both (apps and extensions).
But you can encourage your users to install extension from your app and vice versa.
And you can send messages between extensions and apps so you can ping to check if it is installed or use management permission to check.
It's impossible, each extension or apps has an unique extension_id.
and has single manifest.
But I think it is pretty good idea :)
I think it should be supported from webstore side.
Related
Given the crackdown on VPNs in China, I was wondering if there is a user-friendly way of allowing Chinese users to install and update Chrome web extensions?
Distributing the CRX of the extension for users to install manually, as others have suggested, is tolerable (though not ideal), but I would particularly like to avoid the requirement for users to re-install the extension whenever an update is available.
As far as I can tell from the docs, it is not possible to publish an extension in the Web Store with an "update_url" parameter in the manifest that doesn't point to https://clients2.google.com/service/update2/crx. Is there any way of distributing an external Chrome extension to these users with a private "update_url"that will allow auto-updates?
Edit
I have read the relevant documentation on alternative distribution methods/hosting/packaging etc that seem to suggest that https://clients2.google.com/service/update2/crx is the only valid update URL. However, since there are a large number of Chrome users in China I am curious if there is a viable solution to the problem of distributing extensions and updates to them - this seems like quite an important issue and it's one that, as far as I can tell, is not explicitly addressed in the docs.
As far as official docs go, you have Alternative Extension Distribution Options:
All Chrome extensions must be distributed either directly from the
Chrome Web Store, using inline installation, or using the mechanisms
described below. Failure to comply with one of these distribution
methods constitutes a violation of the Chrome extension policy and may
result in the extension and/or the software distributing it to be
flagged as unwanted software.
Usually, users install their own extensions from the Chrome Web Store
or some other site via inline installation. But sometimes you might
want an extension to be installed via other means. Here are two
typical cases:
I want to build desktop application that will use node.js and express to "render" the gui in a browser.
Since the client will have access to my application, is there any easy method to embed everything in my exe ?
I don't like the idea of having so many folders in my application folder, this makes it easy for everyone to modify and steal the source code.
The two popular solutions for delivering web-based cross-platform applications are:
NW.js
Electron
I prefer NW.js because it has better backward compatibility, particularly on OS X. They have different feature sets, so you may want to play around with both to see which one meets your needs.
I want to build a cross-platform helper app that lets my users scan the desktop filesystem and find/upload the original, hi-res version of a JPG image they have previously uploaded. The scan may try to match by filename, EXIF data, or by comparing visual attributes using computer vision algorithms.
I read the following and get a little frightened:
Security considerations
Including an NPAPI plugin in your extension is dangerous because plugins have unrestricted access to the local machine. If your plugin contains a vulnerability, an attacker might be able to exploit that vulnerability to install malicious software on the user's machine. Instead, avoid including an NPAPI plugin whenever possible.
My other option is to build a download/install native desktop app that runs in the background. But this approach is would also have unrestricted access to the local machine + my servers via the internet.
Both approaches require the user to download/install native code - but the NPAPI plugin has the promise of easier access and a common framework. So are the security issues the same or is one approach generally preferred over another?
Essentially, both plugins and a regular app have the same kind of access - so installing either one requires quite a bit of trust. There is a difference in attack surface however: while an application is normally something that can only be started by the user, a plugin is accessible to every website (restricting access to selected websites is possible but this protection itself can fail). Also, if you want to package an NPAPI plugin in a Chrome extension you have to consider that Chrome Web Store requires manual review before accepting such extensions (and distributing extensions from your own site is pretty hopeless with the changes made in Chrome 21). But it can potentially provide a better user experience. All in all: not an easy choice to make.
Does anyone know of any article/publication on the security architecture of Metro app?
For example, can the metro app call an external service. If it can,
under what condition. Will it prompt the user first? And if so will
they be able to change their restriction later and how?
Cross domain scripting in a website is usually considered a big
no-no. But if I were to turn the same code into a metro app (since
presumably they're both written in Html 5 + js), does it mean I can
make ajax calls to any server irrespective of their domain? Is it
even possible to port a website into an app? If so how easy is that?
What about accessing local file system? Or does it have to go
through the contracts to do so?
And this is kind of related but if I were to write a website (not an
app). And the site was opened using Metro IE10, can it subscribe
into the metro specific js events? I guess I'm trying to figure out
how to save cost by doing as little development as possible. I
prefer a website that can target multiple platforms and only target
specific platform for the features that absolutely require it - also
not to thrilled with the idea of having to go through microsoft in
order to publish my app.
Any help appreciated.
Metro applications can call into web services located on other machines, but their ability to interact with the local machine is severely limited.
Similarly, accessing arbitrary parts of the local filesystem is not permitted. If your application has the documents (or music or photos) library permission, it can access the files in those libraries.
I want to use the Web Platform Installer to perform installations and manage dependencies, but because we store version information in a database, the options for discovery that are supported by the WPI won't work for us.
Based on what I've learned so far setting up a custom feed, I don't even know how you would inject any sort of custom logic into the application, but I thought I'd better throw a question out here before I give up.
Is it possible to add custom logic for how the Web Platform Installer discovers which services have been installed?
Thanks!
As far as I've been able to tell, this is not possible. We ended up coming up with a custom solution to fit our needs.
For those interested, chocolatey (http://nuget.org/List/Packages/chocolatey) is another great utility for custom installations.