'<all_urls>' is not a recognized permission - google-chrome-extension

I request a permission by this code:
chrome.permissions.request({permissions:["<all_urls>"]},function(granted){
if(granted) {
;;
}
});
But I'm getting this error:
Unchecked runtime.lastError while running permissions.request: '<all_urls>' is not a recognized permission.
Is this a bug?


<all_urls> is an origin permission. You have to request the optional permission using "origins" instead of "permissions":
chrome.permissions.request({origins: ["<all_urls>"] }, function(granted) {
// ...
});

Related

Issue with Keycloak and nestjs

I have been trying to include Keycloak authentication with my NestJS app and this is driving me crazy. I keep getting an error
"WARN [Keycloak] Cannot validate access token: Error: Grant validation failed. Reason: failed to load public key to verify token. Reason: connect ECONNREFUSED ::1:8080"
My Keycloak.json file is:
{
"realm": "my-realm",
"auth-server-url": "http://localhost:8080/",
"ssl-required": "external",
"resource": "test",
"verify-token-audience": false,
"credentials": {
"secret": "my-secret"
},
"policy-enforcer": {}
}
This is being imported in Apps.module.ts as:
KeycloakConnectModule.register('./dist/keycloak.json', {
policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
tokenValidation: TokenValidation.ONLINE,
}),
I am using Keycloak version 19.0.1 and nest-key cloak-connect v 1.9.0.
When I tried debugging. Grant-manager.js's public key is undefined. I checked with the well-known config and jwks-uri was defined as:
http://localhost:8080/realms/my-realm/protocol/openid-connect/certs
Any ideas on what might be wrong?

Trouble generating an Intent with delegateDirective from a TouchEvent handler (Alexa)

I need to confirm deleting a task from a button event. For this reason, I want Alexa to ask for confirmation, and therefore I need to generate a DeleteTaskIntent from my code.
I have tried this:
return handlerInput.responseBuilder.addDelegateDirective({
name: 'DeleteTaskIntent',
confirmationStatus: 'NONE',
slots: {
idTask:{
name: 'idTask',
value: idTask,
confirmationStatus: 'NONE'
}
}
}).getResponse();
In my TouchEventHandler, but after checking the request in the requestEnvelope, I see this:
request: {
type: 'System.ExceptionEncountered',
requestId: 'amzn1.echo-api.request.9c2cf5f4-2f2c-419c-898c-05bd5f096810',
timestamp: '2022-02-23T11:30:08Z',
locale: 'es-ES',
error: {
type: 'INVALID_RESPONSE',
message: 'Directive "Dialog.Delegate" cannot be used in response to an event'
},
cause: {
requestId: 'amzn1.echo-api.request.0494d80d-c6ac-41d6-b3a2-dffd97f427b5'
}
}
And the error
{
"name": "AskSdk.GenericRequestDispatcher Error"
}
also appears, which suggests that no handler can handle this case.
Any idea about what I'm doing wrong when trying to generate the Intent?

Use ms-rest-azure to authenticate with azure-keyvault?

I have a node project and I am using these libraries:
import { KeyVaultClient } from "azure-keyvault";
import * as msRestAzure from 'ms-rest-azure';
Here are the link to them:
https://www.npmjs.com/package/azure-keyvault
https://www.npmjs.com/package/ms-rest-azure
I am trying to use the azure-keyvault to get secret in my vault.
let vaultClient = new KeyVaultClient(credentials);
vaultClient.getSecret(secretURI)
.then(function (result) {
CLogger.log("error", "Result: "+JSON.stringify(result));
return result.value.toString();
})
.catch(function (error) {
CLogger.log("error", "Error occurred while getting the secret "+secretName+": " + JSON.stringify(error));
throw "Error occurred while getting secret. Check log files" ;
})
I am using ms-rest-azure to get the credentials (tokens). This is mainly because I need to both login using ServicePrincipalSecret and MSI. As far as I can tell the adal library doesn't support MSI login.
import * as msRestAzure from 'ms-rest-azure';
msRestAzure.loginWithServicePrincipalSecret(clientID, clientKey, domainID)
And I am indeed getting a login token correctly:
{
"environment":{
"validateAuthority":true,
"name":"Azure",
"portalUrl":"https://portal.azure.com",
"publishingProfileUrl":"http://go.microsoft.com/fwlink/?LinkId=254432",
"managementEndpointUrl":"https://management.core.windows.net",
"resourceManagerEndpointUrl":"https://management.azure.com/",
"sqlManagementEndpointUrl":"https://management.core.windows.net:8443/",
"sqlServerHostnameSuffix":".database.windows.net",
"galleryEndpointUrl":"https://gallery.azure.com/",
"activeDirectoryEndpointUrl":"https://login.microsoftonline.com/",
"activeDirectoryResourceId":"https://management.core.windows.net/",
"activeDirectoryGraphResourceId":"https://graph.windows.net/",
"activeDirectoryGraphApiVersion":"2013-04-05",
"storageEndpointSuffix":".core.windows.net",
"keyVaultDnsSuffix":".vault.azure.net",
"azureDataLakeStoreFileSystemEndpointSuffix":"azuredatalakestore.net",
"azureDataLakeAnalyticsCatalogAndJobEndpointSuffix":"azuredatalakeanalytics.net"
},
"authorizationScheme":"Bearer",
"tokenCache":{
"_entries":[
{
"tokenType":"Bearer",
"expiresIn":3599,
"expiresOn":"2018-02-06T22:00:45.439Z",
"resource":"https://management.core.windows.net/",
"accessToken":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNT...",
"isMRRT":true,
"_clientId":"51dc31c8-27e7-4a05-9d6b-62c0710c2ad3",
"_authority":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
}
]
},
"clientId":"51dc31c8-...",
"domain":"3a41ae53-...",
"secret":"k7JlWcPdpK...",
"context":{
"_authority":{
"_log":{
"_componentName":"Authority",
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
},
"_url":{
"protocol":"https:",
"slashes":true,
"auth":null,
"host":"login.microsoftonline.com",
"port":null,
"hostname":"login.microsoftonline.com",
"hash":null,
"search":null,
"query":null,
"pathname":"/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"path":"/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"href":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
},
"_validated":true,
"_host":"login.microsoftonline.com",
"_tenant":"3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"_authorizationEndpoint":null,
"_tokenEndpoint":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0/oauth2/token",
"_deviceCodeEndpoint":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0/oauth2/devicecode",
"_isAdfsAuthority":false,
"_callContext":{
"options":{
},
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
}
},
"_oauth2client":null,
"_correlationId":null,
"_callContext":{
"options":{
},
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
},
"_cache":{
"_entries":[
{
"tokenType":"Bearer",
"expiresIn":3599,
"expiresOn":"2018-02-06T22:00:45.439Z",
"resource":"https://management.core.windows.net/",
"accessToken":"eyJ0eXAiOiJKV1QiLCJhbGciOi...",
"isMRRT":true,
"_clientId":"51dc31c8-27e7-4a05-9d6b-62c0710c2ad3",
"_authority":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
}
]
},
"_tokenRequestWithUserCode":{
}
}
}
But I am getting a 401 error, what am I doing wrong?
{
"statusCode":401,
"request":{
"rawResponse":false,
"queryString":{
},
"url":"https://myVault.vault.azure.net/secrets/mySecret/?api-version=2016-10-01",
"method":"GET",
"headers":{
"x-ms-client-request-id":"95251650-6fcc-467b-8cd7-a23bf22a7a3c",
"accept-language":"en-US",
"Content-Type":"application/json; charset=utf-8",
"user-agent":"Node/v6.11.2 (x64-Windows_NT-10.0.16299) ms-rest/2.3.0 ms-rest-azure/2.5.2 azure-keyvault/2.0.1-preview Azure-SDK-For-Node"
},
"body":null
},
"response":{
"body":"",
"headers":{
"cache-control":"no-cache",
"pragma":"no-cache",
"expires":"-1",
"server":"Microsoft-IIS/8.5",
"www-authenticate":"Bearer authorization=\"https://login.windows.net/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0\", resource=\"https://vault.azure.net\"",
"x-ms-keyvault-region":"westus2",
"x-ms-request-id":"75929ac8-f1ed-441d-9ed0-82ab23c86be5",
"x-ms-keyvault-service-version":"1.0.0.839",
"x-aspnet-version":"4.0.30319",
"x-powered-by":"ASP.NET",
"strict-transport-security":"max-age=31536000;includeSubDomains",
"x-content-type-options":"nosniff",
"date":"Tue, 06 Feb 2018 21:00:45 GMT",
"connection":"close",
"content-length":"0"
},
"statusCode":401
}
}

In your token, the resource is wrong.
You should use https://vault.azure.net instead of https://management.core.windows.net/.
This is mainly because I need to both login using
ServicePrincipalSecret and MSI. As far as I can tell the adal library
doesn't support MSI login.
Yes, msRestAzure.loginWithServicePrincipalSecret(clientID, clientKey, domainID) does not support MSI login, but you could use msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'});
More information about this see this link.

How to overload built-in Solr permissions

I tried to combine a predefined permission with a custom permission in Solr's security.json. That does not seem to work with Solr 7.1.0.
security.json:
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"user1":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
"user2":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"user1":"admin","user2":"user"}
"permissions":[{"name":"shard-management","role":"*","path":"/admin/collections","params":{"action":["CREATESHARD", "DELETESHARD"]}},
{"name":"collection-admin-edit","role":"admin"}],
}}
This configuration tries to assign collection-admin-edit permission to user1 and give access to CREATESHARD and DELETESHARD to user2. (Password is "SolrRocks" for both users, btw)
Effectively, user2 cannot call DELETESHARD:
o.a.s.s.RuleBasedAuthorizationPlugin This resource is configured to have a permission {
"name":"collection-admin-edit",
"role":"admin"}, The principal [principal: user2] does not have the right role
o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic dXNlcjI6U29sclJvY2tz context : userPrincipal: [[principal: user2]] type: [ADMIN], collections: [TeamSlide, TeamSlide,], Path: [/admin/collections] path : /admin/collections params :indent=true&action=DELETESHARD&shard=TestShard&collection=TestColl&wt=json
Same result when changing the order of permissions. Any way to solve this?

GET chrome-extension://< soundcloud's stream url > net : : ERR_FAILED

So I'm trying to stream soundcloud with soundmanager2, but i got this error from my background event page:
GET chrome-extension://api.soundcloud.com/tracks/155143944/stream?
client_id=d47c763873f2jan403dac26b62e3a820 net::ERR_FAILED chrome-
extension://api.soundcloud.com/tracks/155143944/stream?
client_id=d47c763873f2jan403dac26b62e3a820:1
T/tracks/155143944-0.7370116342790425: HTML5 error, code 4 soundmanager2.js:1191
T/tracks/155143944-0.7370116342790425: Failed to load / invalid sound? Zero-length
duration reported. (chrome-extension://api.soundcloud.com/tracks/155143944/stream?
client_id=d47c763873f2jan403dac26b62e3a820) soundmanager2.js:1189
Here is my code:
Manifest:
"permissions": [
"tabs",
"*://soundcloud.com/*"
],
"background": {
"scripts": ["soundmanager2/script/soundmanager2.js", "soundcloud_SDK.js",
"background.js"],
"persistent": false
},
Background.js:
SC.initialize({
client_id: "d47c763873f2jan403dac26b62e3a820"
});
soundManager.setup({
url: 'soundmanager2/swf',
onready: function() {
SC.stream("/tracks/155143944", function(sound){
sound.play();
});
}
});

This seems like an issue with protocol-relative URLs.
Look in the source files for strings like //api.soundcloud.com/ and put https: in front of it.
And maybe also location.protocol + '//api.soundcloud.com/' -> https://api.soundcloud.com/.

Resources