I am writing an extension and have this call in my background page:
chrome.webRequest.onBeforeRequest.addListener(function(details) {console.log(details)}, {urls: ["<all_urls>"]}, ["blocking"]);
However whenever I run it I get this error in the dev tools for the background page:
Error during webRequestInternal.addEventListener: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest.
Even though my permissions in my manifest look like so:
"permissions": [
"cookies",
"http://*/*",
"https://*/*",
"tabs",
"history",
"webRequest",
"webRequestBlocking"
]
What the heck is going on here? Here's the web request docs http://developer.chrome.com/stable/extensions/webRequest.html.
Works good for me with following code, why do you want to do it in a background page in specific?
Screen Shot
Manifest.json
{
"name":"My First App",
"description":"This is First App",
"version":"1",
"manifest_version":2,
"permissions": [
"cookies",
"http://*/*",
"https://*/*",
"tabs",
"history",
"webRequest",
"webRequestBlocking"
],
"icons":{"16":"icon.jpg"},
"background":{
"scripts": ["background.js"]
},
"browser_action":{
"default_popup":"popup.html",
"default_icon":"icon.jpg"
}
}
popup.html
<html>
<head>
<script src="popup.js"></script>
</head>
<body>
</body>
</html>
popup.js
chrome.webRequest.onBeforeRequest.addListener(function(details) {
console.log(details);
}, {urls: ["<all_urls>"]}, ["blocking"]);
Background.js
function doNothing(){
}
I had a similar problem when I was writing my first Chrome extension:
My solution was to remove the extension, fix the manifest.json and add the extension again. Just deactivating it and re-activating it won't do the trick.
I loaded the extension into Chrome and started to debug. When I found an error in the code, I deactivated the extension, fixed the bug an activated the extension again. This worked fine to fix code errors. But when I tried to use the webrequest module in a blocking fashion I always got "Error during webRequestInternal.addEventListener: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest.". No matter how I changed the manifest.json.
Going to manifest version 2 instead of 3 fixed this issue for me.
Related
I am currently working on a Chrome extension which has a script that needs to access global properties of the page. To do so, I came up with an approach very similar to Method 1 in this Stack Overflow answer, the only difference being that instead of inserting a new script element directly in the document, the extension creates an ìframe with a src attribute pointing to a HTML document that already contains such a script tag. This approach is convenient in my use case as this newly created iframe and HTML document are also used for other purposes, but this is not relevant to the minimal reproducible example showcased here.
Here's the code responsible for creating the iframe, executed via a content script content.js:
const iframe = document.createElement("iframe");
iframe.setAttribute("src", chrome.runtime.getURL("inject.html"));
document.body.insertBefore(iframe, document.body.firstChild);
Here is a simplified version of inject.html:
<!DOCTYPE html>
<html>
<body>
<script src="inject.js"></script>
</body>
</html>
Here is inject.js (which in reality contains code accessing the global properties of the page):
console.log("Loaded!");
Finally, manifest.json sets both inject.js and inject.html as web accessible resources and injects content.js in all pages:
{
"name": "Example",
"version": "0.0.1",
"author": "Pyves",
"content_scripts": [
{
"all_frames": true,
"matches": [
"<all_urls>"
],
"js": [
"content.js"
]
}
],
"web_accessible_resources": [
"inject.html",
"inject.js"
],
"manifest_version": 2
}
The extension is in particular targeting GitHub raw pages (for instance https://raw.githubusercontent.com/PyvesB/JavAssembly/master/README.md), which happen to have a sandbox Content Security Policy. So far this setup has been working like a charm, however since updating my Chromium-based browsers from version 63 to 64 earlier this month, the extension is no longer fully functional. inject.js is blocked, with the following error message in the browser's console:
Blocked script execution in 'chrome-extension://xxxx/inject.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Am I missing something here? How can I once again inject extension scripts in sandboxed frames in Chromium 64+?
As per permissions documentation, if we have activeTab perimissions, we need not specify the URL based permissions
Any of the following URLs match all hosts:
http://*/*
https://*/*
*://*/*
<all_urls>
Note that you may be able to avoid declaring all host permissions
using the activeTab permission.
But this is working only once, second time getting error (extension UI is open while we try second time), if we launch the popup again by clicking extension icon it works fine.
Unchecked runtime.lastError while running tabs.executeScript:
Cannot access contents of the page.
Extension manifest must request permission to access the respective host.
Following are details
manifest.json
{
"manifest_version": 2,
"name": "Getting started example",
"description": "This is hello world example",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"permissions": [
"activeTab"
]
}
popup.html
<html>
<head>
<title>Getting Started Extension's Popup</title>
<script src="popup.js"></script>
</head>
<body>
<div>Hello World!</div>
<input type="button" id="refreshPage" value="Refresh Page"/>
</body>
</html>
popup.js
document.addEventListener('DOMContentLoaded', function() {
function refreshPage() {
chrome.tabs.executeScript(null, {
code: 'window.location.reload(true)'
}, function(){
console.log("Page refershed");
});
}
document.getElementById("refreshPage").addEventListener("click", refreshPage);
});
If we add "*://localhost/*" (this works for localhost), there is another way to specify for all hosts *://*/* (not sure if this is right and secure way), refresh button is working multiple times without relaunching popup UI. Is there a difference between activeTab vs URL based permissions and any specific way is recommended over another due to specific reasons?
The activeTab gives permission temporarily until the tab is navigated or closed. My guess is that by reloading the tab when hitting refresh revokes the activeTab permissions. Avoid using window.location.reload or specify the url match for the domain you are trying to execute a script on.
https://developer.chrome.com/extensions/activeTab
The activeTab permission gives an extension temporary access to the
currently active tab when the user invokes the extension - for example
by clicking its browser action. Access to the tab lasts until the tab
is navigated or closed.
I'm building my first chrome extension, and I'm running into a very basic problem.
My extension has a background script running all the time, that redirects the url of a webpage to a local web page if certain conditions are met.
chrome.tabs.update(e.tabId,
{url: "popup.html"});
Popup.html is loaded into the tab. This works fine, but I want to include some javascript in popup.html.
I'm able to include a popup.js file, but trying document.addEventListener doesn't work, because document is null.
Also, when I try to include jquery.js, I get
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
I tried updating the manifest file properties to this, but it didn't seem to help:
"content_scripts": [
{
"matches": ["http://*/*", "https://*/*"],
"js": ["background.js", "jquery.min.js", "popup.js"]
}
],
"permissions": [
"tabs", "http://*/*", "https://*/*",
"webNavigation"
],
"background": {
"scripts": ["background.js", "popup.js", "jquery.min.js"]
}
I looked into this document http://developer.chrome.com/stable/extensions/contentSecurityPolicy.html but it didn't have any solution. Any ideas?
I, that error says you are running a inline script directly in a tag in your HTML document, or in a event handler like onclick="myCode();". Content Security Policy prevent you to do so.
I don't know if it's you who wrote that script, or if it is some external framework. Nevertheless, you should assure you don't have inline code in popup.html, or you should relax your Content Security Policy allowing inline scripts with 'unsafe-inline'.
Remember that when relaxing security policy, you are relaxing SECURITY, and your code is more vulnerable to attacks. Do it with debug purpose, but try to remove it from your release version.
I have a chrome extension that has a reference to the jquery file.
this is my popup html (only the head tag):
<head>
<title>My Extention</title>
<script type="text/javascript" src="http://www.MySite.com/Resources/JS/JQuery/jquery-1.7.2.min.js"></script>
<script type="text/javascript" src="MyExtensionScript.js"></script>
</head>
so in "MyExtensionScript.js" i thought i could use jquery but apparently the $ function is not defined.
This is my manifest.json file:
{
"name": "My Test Extension",
"version": "1.0",
"manifest_version": 2,
"description": "Test version of My Extension",
"browser_action": {
"default_icon": "test.ico",
"default_popup": "Test.html"
},
"permissions": [
"cookies",
"tabs",
"<all_urls>"
]
}
in version 1 of the manifest it worked, but now it doesn't. I tried to use the "web_accessible_resources" and add to them "http://www.MySite.com/Resources/JS/JQuery/jquery-1.7.2.min.js" but that didn't work also. any ideas?
also, i have a script injected to the current page and returning me a message (in my case some html source of the current page), will this behavior be affected by the transition to manifest version 2?
Thanks all :)
EDIT: I have a web application that enables cross domain scripting (using JSONP). In my extension i had a script calling a web service in my site with $.getJSON. now it doesn't work. i'm pretty sure that it has to do with the new manifest version but how can i enable again the cross domain scripting?
You need to use a jQuery file stored locally in your extension, rather than referenced from your site.
This is due to Chrome's strict Content Security Policy that only allows local scripts to be executed, with no inline code.
Web Accessible Resources are files inside your extension that may be accessed from the web, rather that resources your extension can access that are on the web. For example, if you wanted to change the background image of a page using an image stored in the extension, you have to add that image to the list in web_accessible_resouces in your manifest.
The change of manifest version should not affect your content scripts, unless they do something that is no longer allowed. You can see what else has changed from the Chrome manifestVersion docs.
I just include jquery in my content scripts. just make sure to load it before your script.
{
"manifest_version": 2,
"default_title": "Babble",
"version": "1.2",
"description": "Chat in your language with friends in their language",
"default_locale": "en",
"default_icons": {
"16": "img/icon16.png",
"48": "img/icon48.png",
"128": "img/icon128.png"
},
"content_scripts":[
{
"matches": ["http://mail.google.com/*", "https://mail.google.com/*"],
"css" : ["css/style.css"],
"js" : ["js/jquery.js" , "js/translate.js" , "js/jquery.cookie.js"]
}
]
}
I am learning how to extend Google chrome and I have run into the following problem:
I have the following manifest file:
{
"name": "My First Extension",
"version": "1.0",
"description": "The first extension that I made.",
"background_page": "background.html",
"browser_action": {
"default_icon": "icon.png",
"popup": "popup.html"
},
"permissions": [
"tabs",
"http://*/*",
"https://*/*"
]
}
My background.html file just injects some simple JavaScript into the page:
<script>
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
chrome.tabs.executeScript(null, {code:"alert(\"hi from background CODE\");"});
});
</script>
My popup.html file is just simple HTML:
<body>
Sup Playa
</body>
The dialog box from background.html never gets displayed. popup.html functions as expected.
However when I comment out popup.html from the manifest file, the script in background.html works.
What am I doing wrong? Why aren't both the dialog box and the popup showing up?
As it says in the docs:
onClicked event will not fire if the browser action has a popup.
So if you assign any html file to your popup "popup": "popup.html" (rather than just a button without body), onClicked event isn't fired.
You can just put your code right into popup.html (it has same privileges as a background page) if you want something to be executed each time it is opened:
chrome.tabs.executeScript(null, {code:"alert(\"hi from background CODE\");"});