I want to create a P3P agent to add some functionality to the existing agents but I don't know how to start. I know how to plug the policy to my website but what I really want is to develop simple browser that gets the page and compare the policy to the local preferences.
So, is there any library out there or web services to make me able to retrieve the policy and parse it and hence compare it to the user preferences?
Thanks
fans
You can take a look at the code for Privacy Bird. It is a P3P extension for IE. It is open source. It only supports IE6, but it should definitely help you get started. I used to work on it some time ago, but it hasn't been updated in a long time.
http://www.privacybird.org/
Related
We'd like to develop a Google Chrome extension that is managed centrally, e.g. by MS Active Directory Group Policies.
How do we centrally distribute domain/customer specific configuration for such an extension?
Our users are mostly Windows users in the same domain, but we can not assume that they're logged in to any particular G-Suite organisation.
It does seem possible to create Active Directory Group Policies to install a particular extension for all users. That same article does however say:
Unfortunately I was not able to come up with a solution concerning the centralized management of Chrome extension settings. Some extensions, for example The Great Suspender, come with additional options for the user to configure. As said, I was not able to find a way how to manage or configure these centrally.
So now that the extension is installed, how do we configure it?
Since it is our own extension, there is more freedom. I'm thinking with a Group Policy, one could install C:\some\extension-file.json and then run
google-chrome --headless file:///some/extension-file.json
If the extension intercepts that (as e.g. ViolentMonkey does) but only if it is a file:// URL, I guess that could be brought to work. But I'm hoping: Can you come up with something more elegant?
How do we centrally distribute domain/customer specific configuration for such an extension?
chrome.storage.managed is the specific answer for that need. Quoting the docs:
Enterprise policies configured by the administrator for the extension can be read (using storage.managed with a schema).
With that in mind, you have to do the following:
Provide a schema for the storage via the storage.managed_schema key in the manifest. An example is given in the documentation.
Present values expected by the schema via GPO / registry as described in admin docs.
You can verify that the policy-mandated values are loaded by observing chrome://policy.
You can then use chrome.storage.managed as you would any other chrome.storage (though it is read-only), including watching for changes with onChanged.
Does anybody have the same problem? New extension with verified domain and enabled inline install after clicking on button with chrome.webstore.install();cause redirect to chromestore with get parameter ?utm_source=inline-install-disabled
I recently received the following email from Chrome Web Store Developer Support:
In addition to the existing extension-level protection, our expanded
enforcement will also use machine learning to evaluate each inline
installation request for signals of deceptive, confusing, or malicious
ads or webpages. When we find those signals, we'll selectively disable
that one inline installation request and redirect the user to the
extension's page on the Chrome Web Store. This selective enforcement
will not impact inline installation of that extension from other,
non-deceptive sources. Developers will not be notified of this
enforcement, as it happens on an as-needed basis.
Are you serving any ads on your site or doing anything else that might be perceived as a grey area by ML?
If you're being blatantly deceptive, it would appear that you've been found out. If not, and you're genuinely confused, a possible first step would be to scrape your site of any ads or injected content altogether to see if you're able to regain Google's trust.
We have created a Chrome Extension that is a companion to web sites that we host for our customers. These web sites are hosted under our domain name and interact with the extension using external messaging and relying on the sites being configured in the manifest similar to the following (abcdefg.com is a ficticious domain name):
"externally_connectable": {
"matches": [ "http://*.abcdefg.com/*", "https://*.abcdefg.com/*"]
}
This works great in these cases. However, we have a subset of customers that prefer to host the website themselves under their own domain. The problem is that we do not want to update the extension manifest for the published extension to include all of these sites.
Is there any option of distributing a version of the extension (on Windows) where the "externally_connectable" site list can be set upon installation?
Thanks to kzahel for highlighting the obstacles I was facing and thanks to wOxxOm for providing a solution that will work.
Rather than trying to find a way to override the "externally_connectable" matches configuration upon installation, we found the easiest alternative was to avoid external messaging and use messaging via a content script instead.
The following is a copy of the solution posted above by wOxxOm:
chrome extension - alternative to externally_connectable?
Unfortunately there's no way to do this. You'll need to create a custom extension for every customer with their own domain name. Luckily, there is an API for updating the extension, so you would be able to at least update multiple extensions without too much difficulty. However, the 20 extension limit per account would be a little annoying. I think you can get more extension allowed per account by creating a publishing group and assigning the extensions there.
You could if you are willing to have customers install this in developer mode. That would bypass the 20-extension limit.
I was wondering if it's possible to capture a screenshot and/or record my computer screen(s) via a website?
If it is possible, what languages would I need to learn/code? I already have intermediate knowledge of HTML, CSS, JavaScript, jQuery, and PHP.
In other words: I want to have the ability to capture/record my screen (not the website) via using a website (not an application).
Thanks!
This is not possible. Web sites are very deliberately given only restricted access to your computer for security reasons. Imagine the havoc that could result if a malicious web site were able to see and capture what was on your screen--banking information, your confidential e-mails, etc. Even if the user had to give permission for this level of access, it would still be way too easy to trick a user into giving that permission.
The closest I could find/think of was http://www.screencast-o-matic.com/screen_recorder, but even then you have to download a launch plugin. I agree with #DLH. This is for your protection.
My favorite screen recorder is ScreenPresso - it is always running in background, and repurposed the PrtScn button as its launch key.
I'm making an extension for Google Chrome and I use code for autoupdating. This is because the extension isn't yet in Google Chrome webstore. But in a few days I will upload it to the Webstore and Google says you can use the Webstores autoupdating. But if I don't want to use that, will my app still update by my own server, like the way it does now?
Thanks in advance!!
I agree that docs are not very clear about this:
If you publish your extension using the Chrome Developer Dashboard,
you can ignore this page. You can use the dashboard to release updated
versions of your extension to users, as well as to the Chrome Web
Store.
But, I've tested it myself and your update_url setting in manifest.json will be overridden when you publish your extension via Chrome Web Store (CWS). In other words, publishing to CWS means that you can't use self hosted autoupdating anymore.
The reasons for that, that I could think of, may be as follows:
CWS wants to keep track of each extension stats (i.e. number of users using each extension)
privacy concerns (people don't want you to track them when they update extension)
security concerns (each extension update must go through CWS verification process)
If you want to track people (please don't) use Google Analytics on i.e. background page of your extension.