Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
We are completely outraged!
Because of some recent changes in the security policy or whatever our addon was DELETED from ALL the users.
There was no warning, no notification, NOTHING.
This was the problem in our Manifest file:
"content_security_policy": "script-src 'self' chrome-extension:// https://; object-src 'self'",
It worked like this for years..
And this is the error when trying to install it:
Failed to load extension from:
Invalid value for 'content_security_policy': Both 'script-src' and 'object-src' directives must be specified (either explicitly, or implicitly via 'default-src'), and both must whitelist only secure resources. You may include any of the following sources: "'self'", "'unsafe-eval'", "http://", "http:// localhost", or any "https://" or "chrome-extension://" origin. For more information, see http://developer.chrome.com/extensions/contentSecurityPolicy.html
When this row is removed it works fine.
We want Google to fix it now. Add-on is a basic part of our product, without it our product is not as useful. We have invested money in it. This is not acceptable for us that Google will just take and remove it from all our users.
How do we contact Google for this? I couldn't find any way to contact them. We want them to fix this issue and reinstall the addon to all the users that had it. We don't care how they are gonna do it. They deleted it, so they should deal with it now.
What is the problem with that line and how do we fix it? our add-on is changing the Chrome new tab and it seems like without it, it stops working.
Please help!
Thanks
What is the problem with that line and how do we fix it? our add-on is changing the Chrome new tab and it seems like without it, it stops working.
chrome-extension:// and https:// is the problem. First off, it's a syntax error. The correct syntax would be https://*.
Second you're supposed to specify a small set of domains that are allowed to run code. You're supposed to specify one or two websites from which scripts can be loaded.
For example: https://domainweloadscriptsfrom.com
Google has a whole section on what is and isn't allowed.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I've tried many times to deploy my Google Assistant project. But it's rejected for the following reason:
Your Action's content could not be accessed due to account restrictions or a paywall. If your Actions require account linking, please add instructions on how to trigger your account linking prompt in the "Testing Instructions” field of the developer console before submitting your Action again. In this case, you indicated in the AoG console that your Action has account linking using Google Sign-In but during testing we weren't able to find an account linking prompt. If your Action does not have account linking, then kindly clear the data in the "Account Linking" section of the AoG console.
I have no idea how to fix this. The project doesn't contain account linking, but I don't know how to clear the data as suggested.
I've searched the entire internet, but couldn't find it.
In your actions on google console you can find the accountlinking settings under Develop > Account linking. In these setting there should be a slider which you can turn off to disable account linking for you project.
I'm working with Firefox and I'm getting a lot of 'Content Security Policy' warnings in the the console,
including :
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").
and
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
I'm getting these warnings on every website, or almost every website, for example, I get a lot of warnings when I go to Gmail, and less here at StackOverflow,where some website show less, and some show more.
I have recently started working with webpack and some more nodejs tools, can this be the source of these warnings?
what can I do to prevent it?
is it a security issue?
thank you!:)
If I understand your question correctly, It appears you're approaching this as a user rather than as a developer.
From the user point of view:
what can I do to prevent it?
nothing, nor should you.
is it a security issue?
No. Quite the opposite, it is security at work protecting your browsing experience.
From the website developer point of view:
what can I do to prevent it?
Read up on the CSP rules put in place for your website(s) and adjust these rules as required to only allow what you need to alow for your website to work. This is a very broad topic.
I found the lack of clarification as to what assets are blocked and why, a major flaw with the Firefox console (V66) in that it didn't give enough specifity as to what CSP rules were crossed and what site assets were blocked. I found using Google Chrome console gave me this information and helped me to clarify my CSP to allow what needed to be allowed.
is it a security issue?
Not directly. This is security at work protecting the website visitor's browsing experience. Once the CSP is set up to allow the authorised parts of your website to work, the other parts that will be flagged by the CSP mechanism can be ignored (as insecure/unsafe things that should be aborted).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've seen this extension in the Chrome Web store, which shows the newest videos of a YouTube channel. I want to modify this extension in order to make it work with a different channel.
How can I get this done?
You've got two options:
Contact the extension's developer, and ask for assistance.
Edit the source code
I'm going to explain how you can modify an extension, and install it, in easy terms.
Getting the source and modifying it
Install the Chrome extension source viewer.
Go to the page in the Chrome Web Store of the extension you want to modify.
Click on the yellow CRX button in the context menu, and choose Download (screenshot).
Extract the zip file.
Read the source code, and change what needs to be changed (in your particular case, I had quickly identified that you wanted to change edit config.js and change the "channel" property). Save the changes.
Using the modified version of the extension.
Visit the Chrome extension page (chrome://extensions/).
Enable Developer mode, by activating the switch in the upper-right corner.
Click on the "Load unpacked extension" button.
Select the folder of your extension (to know which folder is correct, check whether the folder contains a file called manifest.json).
Confirm. You're done.
Unless you've made a mistake in either of these steps (including the modification of the source code), the modified extension should work as intended.
Ethics
Modifying someone else's extension for personal use is not a big deal. However, do not distribute this extension without the original developer's consent. The original author has put lots of efforts in creating the extension, and might even have his/her contact details on it. If you distribute a (modified) copy of the extension, the original author cannot update the extension any more, so s/he cannot resolve bugs.
Even worse, if you turn the extension in a bad shape, users will complain to the original author, because their contact details are on it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am experienced in HTML and JavaScript but have never made a (real) Chrome Extension (other than the "Hello World' tutorial).
What I want to do is make an extension that adds functionality to viewing images. Basically I want a pieice of JavaScript to load when you go to a .jpg, .png, ect. page.
I couldn't get much out of the "Hello World" tutorial or the Docs and I've looked at code from XML Tree, but I'm having trouble understanding it.
I don't know where to go from here.
Since you're experienced in JavaScript and HTML, tell you what the best source is?
http://developer.chrome.com/extensions/getstarted.html
Documentation
The above link (Chrome Extension Documentation) is so simple to read once you get a hang of it. For example, I didn't know JavaScript when I created my first Chrome Extension (Reload all tabs). I recommend you to read the docs (will only take you an hour), and follow the steps that you need.
Make sure you understand the different UI's you can tap to
Browser Actions: You use browser actions to put icons in the main Chrome toolbar.
Context Menus: You use context menus to add items to Chromes context menu.
Desktop Notifications: Use desktop notifications to notify users that something is important.
Option Pages: If you want an options page, this is your guy!
Page Actions: If you want to override certain pages (New Tab, History, Bookmark Manager)
Make sure you realize there are many browser interactions that you can tap into:
Bookmarks: Access to your bookmarks
Cookies: Access to Cookies
History: Access to History
Management: Access to Extension Management
Tabs: Access to your Tabs
Windows: Access to your Windows (which has Tabs).
Make sure you understand the difference between Background Pages and Content Scripts, and their limitations.
Make sure you realize there are some neat functions in the Chrome.* API.
Make sure you understand permissions.
Many more
145 Chrome Questions I answered on Stackoverflow
If you want more examples, I have answered many questions regarding Chrome Extensions that might help you get started (145+ Questions Answered), for example, here are some of the more recent ones:
Content Script Skeleton
Send data from Background Page to Content Script
Communication with the embedding page, Simple fetching of the pages JS variable
Taking Screenshots in Chrome
Walkthrough building an extension
Executing JavaScript when a user clicks on a browser action.
How to capture selected text and send it to a web service
Walkthrough how to create an extension to access Disqus Comment Box
Walkthrough how to highlight the DIV that the mouse if hovering over
Walkthrough how to move to the top of the page extension
Walkthrough how to create a bubble overlay when you select text.
etc and 120 more answers for Chrome Extensions, the above is what I copied from the results on the first page. So a search in Google will get you many results.
Real open source extension I created
If you want to see real source code of the extensions I have written (some are super small, some are super big):
Reload all tabs extension
Open link in a foreground tab extension
HTML5 Haptics Chrome extension
Set Wallpaper extension
Prayer times extension
Facebook friend exporter extension
Proxy Anywhere extension
Resources
If you still want more resources, you can:
Read the documentation.
Read the Official Chromium Extension Mailing list
The unofficial Internet Relay Chatroom #chromium-extensions on irc.freenode.net
Google (Will bring you to Stackoverflow, or Quora)
I hope this helped!
well it’s not that tough to create a chrome extension ,anyone who has a basic understanding of HTML,CSS,Javascript can actually make one!
If you want to make a extension I have wrote an article on Medium it might be useful here's the link
Also I have attached my code on github here’s the link
Keep Learning!
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
I'm stumped. From what we can tell there is nothing wrong with this page and it renders fine everywhere else (IE7/IE8, FireFox, Opera, Safari, etc). The problem is that if it's loaded in IE6 on Windows XP SP3 it just locks up the browser and it has to be force-closed through task manager in most cases. A few of our test computers load it fine, but others just up and die like they joined a cult and drank the punch. We're at our wits end trying to identify the problem, or even what is special about the computers where it works or doesn't work. Any thoughts?
http://www.centerforsight.net/doctors-staff/providerDisplay.cfm?staID=8
Responses like "why are you using ColdFusion" or "because IE6 sucks" won't help me. Our client is stuck with IE6 for the foreseeable future and needs their web site to work in that version. Any insight into the actual problem are greatly appreciated, however. Thanks in advance!
It sounds like that something in the JS files gets locked into an infinite loop on IE. Why don't you try putting in alerts into the JS functions that get called to try and isolate the piece of code that locks the browser.
IE's JS engine is full of bugs and you probably found one.
Try loading it inside IE Tester and see if it offers any clues.
Save a copy of the page on your local machine with Firefox. Loadup the page IE 6, does it hang? If no, find out what firefox is not loading, if yes starting removing stuff from the page. Start removing script tags one by one until you stop it from crashing, when you've tracked down a specific problem, try reposting the question to get a better answer about how to fix the JS issue :)
Maybe it has something to do with Javascript code. IE6's engine is undoubtedly much less well designed than that of other browsers.
It's either javascript or it's waiting to have information dumped from a buffer. If the entire page loads in one giant blob and gets sent (and has a lot to it) it can also overwhelm IE and lock it up. (or at least lock it till the glob gets rendered)
Do they have the latest version of IE6? Have they run Windows Update recently? Maybe there's some obscure bug that is fixed in a patch or service pack.