I have managed with my extension and using ajax call in the content script to call my server and get an answer back. But in the console I get a message like:
The page at https://www.injectedpage.com displayed insecure content from http://www.mywebsite.com/Script.asp
Is there something I can do to prevent this message appear?
One more question please.
If I distribute the .crx to other people, can they see my code in the .js page? I dont want them to know to which page in my server I post the data I send.
Thank you for reading me. And for your patience with me.
The first issue is due to the fact that the website you're injecting code into is https while your page is http. It's a security warning from Chrome that you can't hide.
Yes they can see your extension's complete code. You can obfuscate it but when you publish your extension you give the user the entire code.
If your extension has a popup thing from the toolbar, right click to inspect element and If it has a background page or something, you can inspect it from the extensions page (developer mode has to be checked)
To see all of the files of every extensions, a user can navigate to Chrome's extensions directory. For example, on Win7 it's
C:\Users\[username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
User could also just rename your crx to zip and extract.
Related
I will try to make this as short as possible. I am making a Chrome extension and I wanted to have an integrated settings tab so users can customize their experience. Now, I want this settings tab to be somewhat of an "extension" to an existing settings tab in a website. Let me explain.
The website I am talking about is Roblox.com, a popular gaming platform. When logged in, you have the ability to visit your settings, which look something like this:
Now, in order to navigate the different setting "tabs," you simply click on a button and it takes you to another change. The URL corresponding to each page is https://www.roblox.com/my/account#!/TAB_NAME, with TAB_NAME being the name of the tab. What I want to do is make my own "tab" where once the player clicks, it will bring them to a settings tab where they can tweak the extension's settings. This would look something like this:
I am fully aware on how to this (inject a button into the list and customize said button), but what I don't know what to do is make it so that once the button is clicked, it will not redirect you to another website, but will simply "switch tabs" like it would with any other setting. There is an extension that already does that called "Roblox+", where it adds a button to the list, and once clicked, it takes you to a similar-looking page with the URL https://www.roblox.com/my/account?tab=rplus#!/info. From my understanding, since the tab name isn't a header, the URL does not change, which allows for a custom webpage. Now, if you were to paste that URL in a browser without the extension, then it would simply redirect you to the "Account Info" tab (although the URL remains). Here is how the Roblox+ extension settings page looks like:
Now, from what I can assume, what happens is that right after the normal account information page is loaded, it removes all the HTML elements that are related to the account information tab and re-creates the entire page using custom HTML elements. That is something similar to what I want to do. Regardless of this, I do have one question. Is it possible to somehow "overwrite" a certain domain so that, let's say, the URL https://www.roblox.com/my/account#!/my_plugin_settings led to my custom page (even if that means that the page is made from an HTML file) instead of where it was supposed to lead? If that isn't possible, would it be better to create a custom settings page outside of the Roblox website or somehow inject my own into the current settings?
This is the question that I have. Hopefully I explained it well. If someone could assist me on this, then that would be amazing. Thank you for your time and help, I truly appreciate it.
I’ve been placing a page action on the options page of my Chrome extension. options.js calls chrome.runtime.connect({"name":"someName"}), and background.js has
chrome.runtime.onConnect.addListener(function(port) {
chrome.pageAction.show(port.sender.tab.id);
});
Unfortunately, in the new options_ui with the recommended default (and someday mandatory) "open_in_tab":false, the Sender's tab won't be set. Is there a way to get the tab id in order to show the page action?
I could use tabs.query to get the chrome://extensions/ tab, but that requires the tabs permission, which I currently don’t need. Active tab seems like it would work, but it doesn’t provide the tab id and isn’t enabled by opening an option dialog (source).
(Why do I want the page action on my options page? The extension works with a website that is only available ~7-10 weeks per year. I’d like my users to be able to interact with the extension the rest of the time, so that they can get used to the process. But I don’t want to adjust the displayed extension permissions just to do so. I can accomplish this by having the options page pretend to be the website in question.)
I am generating a pdf on the server that I would like browsers to attempt to open in-tab (those browsers that can do so) instead of downloading.
I was pretty sure that this is a matter of having or not having some header but I can't find it. Is it possible to control whether the user's browser displays or downloads your asset?
Acrobat Reader X have a checkbox under Edit > Preferences > Internet to enable or disable in-browser view, regardless of the status of the browser plugin.
If that check is ok, or you have a more recent version, you can check if the plugin is active in you browser, every browser have different plugin.
A fast check is to open a local pdf file in your browser, something like file://localhost/C:/dir1/.../file.pdf, if Adobe Reader have the right check and the plugin is working the file will be showed in the browser otherwise, even if it is a local file, the browser will ask a folder to download it.
So in my specific case I was sending the wrong content-type (thanks #admdrew for pointing me in the right direction) due to coding a constant wrong.
However, the answer is that there is indeed a header - at least when working with pdfs that will suggest to chrome at least whether it should open or download a file. This header is Content-Disposition. In my case setting it:
Response.Headers["Content-Disposition"] = #"attachment; filename="foo.pdf"
triggered a download, while omitting it triggered in-page opening.
In addition, the above link states
If this header is used in a response with the application/octet-
stream content-type, the implied suggestion is that the user agent
should not display the response, but directly enter a `save response
as...' dialog.
Though I found using Content-Type: application/pdf worked ok in both cases.
I am building a Browser Action type extension for chrome. The end result is that a user clicks the extension button, and starts to download a file from a known domain.
I have seen some similar answers but they all tell you how to generate the file (as I understand), whereas I have the file ready on the server.
I tried adding an A (link) element in the popup html, and having the user right click and "save as", but this option is not available in the extension popup. I have tried navigating the extension popup to the file's URL (location.href), but it shows a page not found error.
How can I just let the user download the file? Preferably when clicking the extension button but a second click inside the extension's html is acceptable solution.
Found the answer in this recent thread: CHROME ext/app - single click for image download
Just using the download manager api (I always thought it was just to access the downloads list).
I am making an extension for chrome. It fetches data from webpages and emails it via local email client. I have a toolbar button which user has to click to invoke the script.
My script works for a few selected urls. I want my toolbar button to change icon based on whether the url is among our list or not. For example for site1 it should be redicon.png and for site2 it should be blueicon.png. I can change button icon using chrome.browserAction.setIcon. But the problem is that this API does not work in content script. It works fine in the background.js file but not in content.js. Kindly tell me how to achieve this.
I know using pageAction instead would do the trick but my client requirement is that the toolbar icon should change rather than appear and disappear.
What you need to read about is message passing. You are right, content scripts have limited chrome API. However, you can contact background page from content script and tell it to execute anything from chrome API for you. First, you need to create a listener on a background page that will be waiting for messages and then send a message from a content script.