My company needs an internal non-public chrome extension to go and fetch prices and lead times on suppliers' websites.
Previously, with manifest v2 extensions, I used to, for each product, automatically open a new chrome tab with chrome.tabs.create(), and execute a script with chrome.tabs.executeScript() which got the info by running a few querySelector on the DOM of the target page on the supplier's website.
But with the advent of manifest v3 chrome extension, which is now mandatory as of next January 1st, I cannot access the DOM anymore.
The problem is that I cannot just execute HTTP GET requests from our server, via CURL or something like that, because the vast majority of our suppliers use sophisticated authentification processes that I don't fully know, which require opening a session in a real browser.
Does someone have any idea of working around this problem ?
Thanks a lot everyone.
You can still get the DOM on the currently open tab. For example with the use of content script.
It is only on the "background" page, there is no more DOM due to the use of a service worker (required in the new Manifest V3).
Use fetch in your service worker.
Source: https://developer.chrome.com/docs/extensions/mv3/migrating_to_service_workers/#:~:text=Workers%20no%20longer%20provide%20XMLHttpRequest%2C%20but%20instead%20support%20the%20more%20modern%20fetch().
fetch('https://www.example.com/data.json')
.then((response) => response.json())
.then((data) => console.log(data));
Manifest V3
"content_security_policy": "script-src 'self'; object-src 'self';connect-src 'self' https://www.example.com;"
I am trying to create a trigger for a script in google spreadsheet and upon trying to save the trigger I am getting the following error:
This app is blocked This app tried to access sensitive info in your
Google Account. To keep your account safe, Google blocked this access.
I don't have G-Suite, I don't have an organization, I am simply using my personal Gmail account. I don't have the special account protection thing enabled. I tried using different scripts, even an empty script.
What could be the problem here? I have used scripts and add-ons in the past, but haven't needed triggers yet. Is there another way to run a script daily or monthly, without this trigger functionality?
There is currently a bug
I recommend oyu to "star" it to increase visibility, so it hopefully gets fixed soon.
Try this:
Unable to open Google xlsx spreadsheet / Also Google Drive permission Blocked
The same solution logic can solve this problem.
[ ]
I want to develop a google chrome extension which replaces url to another if page is not available.I mean it responses
*The server DNS address of the example.com host machine could not be found.
*ERR_CONNECTON_RES
or same as these stuations.
I have searched how extensions work and found these extentions run after DOM is completed.But i believe that there is no impossible thing.
Is there a any code i can add to run the extension before DOM is completed to content.js.
You won't be able to work with just content scripts; those cannot be used on Chrome error pages.
So, you'll need a background page and some API event to listen to for the specific case of network errors.
webNavigation API seems to be a good fit, e.g. webNavigation.onErrorOccurred.
On my website ( https://www.smilinggardener.com/ ), the Google Analytics tracking code isn't visible in the page source code, and Google Search Console can't see it in order to verify my site.
Yet the Google Tag Assistant says it's there, and when I run developer tools and go to 'network', I see the analytics.js file is loaded, and most important, it is tracking visitors.
Any ideas what could be going on?
The analytics code is loaded via an external file.
If you look at your network tab in Chrome there is a column "initiator" (if it isn't there by default you can enable it by clicking the table header and check the respective option). The initiator is the file (if any) that triggered an external dependency.
That in your case the filename contains a complicated id suggests that it is dynamically created by some extension in your CMS.
I found the some strange <script/> tags on a site:
<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/document_iterator.js"></script>
<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/find_proxy.js"></script>
...
I haven't been able to find much information on this, but I highly doubt this is actually related to Google Chrome since this site in particular is still using <table>s for layout, and the source in question was retrieved with curl not a graphical web browser.
So,
What on earth is this?
What is chrome-extension://
Why is it using lifbcibllhkdhoafpjfnlhfpfgnpldfl as a directory name
Why is it pretending to be valid URL to a javascript file?
Why would I need find_proxy or document_iterator
Solved. As far as I know...
chrixian was right, It seems that only on this and a few select other pages, someone had re-saved them from Chrome's source-view with the Skype extension installed.
Thanks everyone for all your help, +1's for all! enjoy!
That is actually Skype Click to Call chrome extension.
Manage and view it using this link
chrome://extensions/?id=lifbcibllhkdhoafpjfnlhfpfgnpldfl
If you are using cURL to get the page, you're getting the HTML as it exists on the server--so I think a safe assumption would be: the author of the page initially saved the page from Chrome, he had an extension installed that inserted these script tages and lastly he didn't remove the script tags for one reason or another before putting the page on the server.
This is added by chrome as the page loads, to inject the extension's Javascript code into the page, so it can access the HTML document.
The Skype extension causes it by inserting all kinds of junk in webpages that you visit.
Do you have the Skype browser extension installed for Chrome?
Just disable the extension.
Chrome, like Firefox, provides developers with an easy API to extend the functionality of the web browser without needing to actually download and build the browser to do so.
They also provide a robust delivery system. In Google's case, it's the Google Chrome Web Store.
Extensions are installed locally on your computer, and use long strings as directory names to reduce the risk of collisions with another extension. In other words, if you and I both named our extensions "mycoolextension", then there would be a problem if a person tried to install your extension and my extension. The long string helps prevent collisions such as this.
The chrome-extension:// protocol is used by the browser to make requests to these local resources. Chrome extensions are developed using HTML5, JavaScript, and CSS, along with an API exposed to allow the local JavaScript to perform actions it would not normally be able to do on the Internet.
When you see these in the Chrome developer tools, it's just the extension doing it's thing, whatever that may be.
If you're seeing these, then you likely installed some extensions from the Chrome Web Store. To view them, go to the Tools menu and select "Extensions". This will show you a list of all installed Chrome extensions and apps.
To learn more about extension development, see the Getting Started Tutorial.
Also, as someone else mentioned, you're using the Skype Call Extension. However, an app using that directory name doesn't appear in the first page of the search results. It might be worth doing some more research to make sure you got that extension from a legitimate source, whether that be Skype or the Chrome Web Store.
If you're seeing it in Chrome developer tools for every request you make, it means it has access to all your websites, which could be benign, like if they're just making phone numbers clickable, or it could be malicious, if it's scraping your bank account info and shipping it off to some third party server. :)
It's a Chrome extension, and chrome-extension:// is a URL for extensions to address their contents via Javascript.
lifbcibllhkdhoafpjfnlhfpfgnpldfl is the unique identifier for the extension. I can't find it with a search, but apparently it might be Skype.
It's not pretending... it is a valid URL. The Javascript file is located in the extension. If you were to look on your harddrive you'd probably find that very file in the extensions folder.
The functions its calling probably are some sort of detection used by the extension to see if it needs to enable itself.
See this for some additional information:
Checking if user has a certain extension installed