So after developing an extension for a few hours, assuming that the chrome.socket API would be available to extensions, I load in my extension and I'm told that the Socket API is only available for 'Packaged Apps'.
Does anyone know what's happening, and whether extensions will get the feature (back, since I think they had access when it was in .experimental)?
From the Chrome docs:
Packaged apps can act as a network client for TCP and UDP connections.
No, extensions do not have access to the socket API, and they aren't likely to ever get it.
Your confusion is understandable, since what Google called "packaged apps" used to be nothing but glorified extensions with an icon on the home screen. However, Google is now driving a much wider divide between extensions and apps.
Extensions used to have a subset of the functionality the apps did, but now there is mutually exclusive functionality in each. Extensions are meant for enhancing normal Web browsing, whereas apps are meant to be used as stand-alone tools that do not interfere with normal browsing. If you look at the API lists for apps and for extensions, you'll see that the list is vastly different: apps have the powerful hardware- and OS-centric APIs like socket, usb, and bluetooth, while extensions have a monopoly on browser-centric APIs like tabs, cookies, and bookmarks.
Related
Looking forward to a free or commercial solution:
During a web page presentation, QA, back-end and front-end
developers need to view network traffic, while scenario is being
played in browser.
With a motto to identify problematic server (Http Api) calls. which
breaks a page.
All network tab history becomes available to all parties realtime.
Looking forward to a solution to sync this history across multiple
users. Possible?
You could use Chrome's remote debugging or you could also develop an extension which will intercept all the networks activity from a browser (The browser/s where the "scenario" is being played needs to have this Extension installed). You can then send this network activity to remote host. You can even create a webpage to view the network activity from any machine.
Chrome extensions have ability to view internet traffic. Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight. You can read more about this here ::: https://developer.chrome.com/extensions/webRequest
There is also a good article which can clear any doubts if you have regarding this ::: https://medium.com/#gilfink/adding-web-interception-abilities-to-your-chrome-extension-fb42366df425
At present, There is no any inbuilt feature available to share the network tab of chrome, FireFox or Edge in real time.
There are some extensions are available in chrome store to sharing the Tab.
You can try to make a test with those and check whether it shows the development tools when you share the tab with other users.
if it works then it can solve your issue.
Otherwise you can try to use calling apps like Skype or Microsoft Teams. with the help of that you can share your desktop or any specific window for example Chrome window to other users in a conference call.
Regards
Deepak
Chrome no longer supports NPAPI, so I need to rewrite my java-applet, e.g. as chrome extension.
Chrome community advices JavaScript API as alternative for access to OS features (see here)
Could you please point me, which exactly API allows to mount webdav disk?
OS access in Chrome apps/extensions is severely limited for security reasons so I think you'd be better off transforming your existing java code into a standalone application which will run in background and communicate with your Chrome extension via native messaging.
You most certainly need to do more research.
There is no feature parity between NPAPI and JS APIs. What's listed in the docs is the extent of JS API capabilities, and it's mostly sandboxed from real OS environment.
To replicate NPAPI capabilities, the closest alternative is (as wOxxOm's answer suggests) Native Messaging. Note that it is mentioned in the deprecation notice you quote. If you need to mount something on the host OS, that's your only option.
Chrome Apps have a different set of APIs available for them, which usually are less restricted in terms of sandboxing. For instance, r/w access to user-specified portions of host OS filesystem is possible.
Lastly, for the sake of completeness, there is a very specific fileSystemProvider API targeting ChromeOS only that allows you to do exactly that, provide a mountable filesystem from a Chrome App.
All that said, if you don'y need to present the WebDAV disk to the host OS but just manipulate some files within the extension, there are pure-JS implementations of WebDAV (not using any platform-specific APIs). It all depends on what you intend to do with the filesystem.
We have been using Worklight to develop hybrid apps to securely integrate with server generated pages. Our approach has been to use WebViews for Android and iOS platforms. Lately we have some folks who prefer using iFrame approach instead, primarily for ease-of-programming reason.
Are there security related concerns of using iFrame instead of WebView in hybrid mobile apps?
The security risks of using iFrames is well known, see for instance the discussions on this stackoverflow question.
Adding to that you have to trust that the iFrame support on each platform (iOS / Android) is properly implemented and consistent.
However, I would not recommend using iFrames on a hybrid app unless you really have to. My reasoning is that a hybrid app is already based on a WebView, so iFrames would be adding one extra layer to it, which adds unnecessary complexity (that also impacts performance and memory footprint)
Not only that, but the iFrame behavior and performance is not as polished as the WebView itself and the platform support is not as consistent, as described by this Phonegap article
Finally, this is a far less common use case and it might be harder to find support to resolve styling, performance and behavior issues with the JavaScript library communities like JQuery Mobile and Dojo Mobile.
Again, this is my personal opinion on the subject.
I know that lastpass extension have a binary component to communicate passwords between browsers (to firefox and IE). What mechanisms can be utilized by chrome extension to communicate with other system processes?
Apparently there's a Native Messaging API coming soon.
Source
Chromium Commit
Youtube Video example
If you need to communicate with the system, then you have basically two options:
You can embed an NPAPI plugin, which, generally, is discouraged when not absolutely necessary (and even then :) ).
Your system process can run a web server with a well-defined API that your extension talks to. This ends up being message-passing writ large, but has the potential of being much more secure, since the processes can be independently sandboxed. WebSockets are pretty useful for this sort of thing, but a lot can be accomplished with simple HTTP requests to 127.0.0.1 via XHR.
gud day!.
i am to develop a system that would simply list all URL accessed in a browser with its response time.
my probtion is alem is this applica standalone program(not a plug-in to a certain browser) written in c++. every time a user browse, the program then performs certain method.
so it is like, my program would listen to the browsers events. i dont know how to create an EVEN SINK implemetation for the above mention event in web browsers like Internet explorer, mozilla firefox and google chrome.
any suggestion, advise or idea i cant get from you for me to be able to start the development. any areas i need to focus in studying.
thanks alot for your time! hope for your response!:)
best regards!
The easiest way to achieve what you need is intercepting network traffic and extracting URLs from HTTP packets.
You can do this in many ways, e.g.:
using WinPCAP/libPCAP libarary
modifying LSP stack
intercepting winsock functions calls
If you're on the Windows platform, I think your best shot is using the MSAA interface, which is supported by all three browsers.
Documentation:
MSDN Overview and C++ API
Firefox statement of support for MSAA
Chrome
You could take a lower-level approach (such as an LSP), but they're much harder to debug.