I want to put Chrome Extension on my personal server and download and install it through a browser. However, if you receive and download crx as a response from the server, the error crx_required_proof_missing occurs. Is it impossible to put it on a personal server and proceed?
I created a crx file according to the document, uploaded it to the node server, received it from the browser, and proceeded with the download.
Chrome 75 has introduced some changes, where if an extension is downloaded using a direct URL, then it tries to be smart and figure its metadata which then contains the type which says that it's an extension and Chrome tries to install it immediately - which fails for custom extensions which are not in the Chrome Extension store.
So, if a CRX file is downloaded directly, Chrome figures out the file's content-type to be 'application/x-chrome-extension' which then triggers the auto-installation (and fails for custom extensions).
But if the same file is downloaded indirectly from a website, the website (in our case) sets the file's content-type to `application/octet-stream' which is a generic one and Chrome doesn't try to auto-install it.
So first make sure that the content-type with which your server offer the file is application/x-chrome-extension
Related
In our application, we have a users downloading PDF through a AJAX call -- basically we have a table listing a lot of PDF files and when the user clicks on a filename, an AJAX call is made to a Servlet which serves the file as reponse.
The Content-Length is set for the response along with other required params (Content-Disposition, Content-Type etc). We have observed that for a specific set of users, the download fails with a Network Error. The download is initially initiated and begins but after some time the download just stops processing and this error is thrown. This has been the behavior with both IE and Chrome.
Initially, the content-length was not provided and hence defaulted to chunked transfer but this has been changed now. Even with chunked transfer we did have the same issue.
We have run through the steps provided in Chrome documentation (clearing cookies etc) but there has been no respite. We did run through the net-exports feature in Chrome and they have the following as the last few lines as -
t=237104 [st=161960] DOWNLOAD_ITEM_INTERRUPTED
--> bytes_so_far = "0"
--> interrupt_reason = "NETWORK_FAILED"
t=237104 [st=161960] -DOWNLOAD_ITEM_ACTIVE
The users who are unable to download are able to download PDF from other sites. If we host a static PDF in our site, the users are able to access it as well.
Any pointers on what would need to be our next lookout?
(The users connect to a web server Apache HTTPD)
Thanks,
Aravind
I had the Network Error issue while downloading the PDF files from Jasper.
I followed the below steps to fix the downloading issue with the Chrome.
Enter the chrome://settings/content/pdfDocuments?search=pdf into the
address bar of the Chrome.
Turn ON the option "Download PDF files instead of automatically opening them in Chrome"
Change PDF MIME Type in Web Server or Response Headers from application/pdf to application/octet-stream
This problem is when is enabled gzip compression and/or HTTP/2
Enable http/2 for SSL connections is a hugely valuable performance setting. However http2 expects the reported size to match what the webserver reports for streamed content.
The problem occurs in Cloudflare to.
I am having a Microsoft Edge specific JS error, which is in a callback that jQuery uses. The callback lives in a file that is pulled in remotely from a CDN. When I open Edge's debugger and try to open that file, it does not appear in the list, and neither do any other remote JS files, only files that are local to the website.
I can in fact find these remote files in the chrome debugger, is this an Edge bug or is there some kind of setting I do not know about that hides remote files?
I'm doing file upload which checks file mime type in browser. It's uses jQuery File Upload Plugin and works good everywhere except one user.
For some reason file.type (html5 file api) returns "invalid/octet-stream" for pdf file (usually it's "application/pdf"). Pdf file is simple and can be opened at this pc without any problems.
Environment: Windows 7 and Firefox 40. Not reproduced in chrome or explorer.
Try deleting (or renaming/moving, for testing purposes) the file MimeTypes.rdf in the affected Firefox's profile folder.
(Under Windows this can usually be found under a path similar to c:\Users\[name]\AppData\Roaming\Mozilla\Firefox\Profiles\[some id].default - or just search for "MimeTypes.rdf".)
If the PDF upload works afterwards, you encountered a Firefox bug that was first reported in 2007 (basically the same here, reported in 2006). In a nutshell, any web site from which the user ever downloads a file has the potential to corrupt the MimeTypes.rdf file in regards to the extension of the downloaded file - maliciously or accidentally/unknowingly.
Things you can do:
Vote for the Firefox bug!
Quick fix to get it working for the one user right now: Have the user delete their MimeTypes.rdf file. Firefox will create a new, "fresh" one at the next start, but this will clear all MIME type / application associations that the user has created over time. Also, this will only help until the user downloads the next PDF file from some other web site that corrupts the MimeTypes.rdf file again.
Use the "user agent" header to determine if the file is uploaded from Firefox. If so and the MIME type doesn't match anything you wish to accept, double-check the file name's extension and accept the file anyway if the extension matches your accepted file type(s) (".pdf" in your case).
Please I am new to building Chrome Extensions. After the user installs the extension, I want them to configure it by specifying a directory where the app can save files. I want to do this by opening a save file dialog so they can browse to the folder of their choice. How do I do this?
The answer is that there is no means in the Chrome Extension API to write files outside of the sandboxed file system provided by Chrome. This could theoretically be done by writing an interface in C and then call that, but so far I have not yet seen a successful implementation.
I am asking from a security standpoint. I know a downloaded HTML file can send out files as long as it knows (or can guess) where they are stored.
A new Google Chrome change (can be tested by downloading the Chrome Canary Build) will depend on the OS to warn users about opening files like EXE files and others, but Windows does not warn about HTML files. It seems that with Chrome you cannot just get the html of an iframe of a directory. You can only do it for a single file.
Related: Are there files on a PC that are always same path/name and contain sensitive information?
Edit: I am deleting the related question. It seems that on the current version of Firefox you can only access files in the same directory and in IE you can only access files after disabling security and in Chrome only if it is accessing itself.
I know a downloaded HTML file can send out files as long as it knows (or can guess) where they are stored.
Nope: This is exactly why JavaScript can't access file contents, nor populate file upload fields, regardless of what context the page is running in.
A HTML page could open a directory listing in an iframe, but due to the same origin policy, it can't access its contents. Barring security holes, it is therefore safe to download and open a local HTML file.
i would say yes. a downloaded file can still have links to online source and content - unless you mean the file would be on a non-internet-connected machine...
Same origin policy says that you can only access content of iframe if it has the same protocol, same domain. Firefox and Chrome has additional hardening though. Still, there are some problems in IE and Opera. I was talking about it at my blog and you may read corresponding post.
http://p0deje.blogspot.com/2010/09/opera-and-access-to-file-uri.html