Firefox: WebRequest API vs Deceptive Page - javascript

I'm developing a Firefox add-on which does block the malicious URLs. The problem is that sometimes Firefox render its own deceptive warning page and sometime it allows the extension to render its own warning page.
How can I bypass the deceptive page warning programmatically?
The above behaviour is working fine on Chrome.

Abdul Basit.
The easy way is with the privacy WebExtension API, here the documentation on the Mozilla Developer Network (MDN):
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy
Access and modify various privacy-related browser settings. To use the
privacy API, you must have the "privacy" API permission.
You can already use services.safeBrowsingEnabled for Chrome, Opera, Edge, but Firefox not yet.
You can play around with the request status code 400, because it is related to the deceptive request routing.
Good luck.

Related

How to log XHR request in Network Tab in Chrome even when dev tools is not opened?

Chrome Console always keeps logs, no matter if the dev tools are opened or not. I want same for network tab.
Is it possible to log XHR requests in Chrome even when developer tools are not opened? If not, is it possible in other browsers?
You could use a proxy outside of the browser such as Fiddler for this. It's great, and the author of the tool even responds to questions about it on Stack Overflow!
https://www.telerik.com/fiddler
(I don't work for Fiddler, but it was there for us in the days before browsers had dev tools)
It sounds like you want some logging. Chrome has a bunch of internal things it stores, you can check out chrome://chrome-urls/
Specifically chrome://net-export/
Also chrome://net-internals/#events may be of interest. These things work across tabs, so imo it's nicer than having 20 chrome consoles open =p
https://dev.chromium.org/for-testers/providing-network-details
Unfortunately, it is not possible to log XHR request in Network Tab in Chrome when developer tools are not opened. And I do not know which another browser supports it.
Alternative solution
But you could try the following extensions for Chrome:
ApiRequest.io Ajax Capture Debugging Tool. Capture API Requests and Responses in browser and share via a link. Makes collaborative debugging and issue solving easier.
Tamper Chrome (extension). Allows the user to modify requests as they happen.
Live HTTP Headers. Monitor all HTTP/HTTPs traffic from your browser. Live HTTP Headers logs all HTTP traffic between your Chrome browser and the Internet.
And about "ApiRequest.io Ajax Capture Debugging Tool" you could read this developers article:
How we captured AJAX requests from a website tab with a Chrome Extension
Some of this extensions you could find for another browsers too.

chrome.webRequest and safari

I'm trying to port a Chrome/Firefox extension for Safari. But the extension use a lot a feature of those browsers that doesn't seem to exist in Safari : chrome.webRequest (https://developer.chrome.com/extensions/webRequest).
The chrome.webRequest let you get information about every http requests sent (event from others tabs.).
I know that Safari has a very basic safari.application.addEventListener for navigate and beforeNavigatebut Chrome give a lot more information (like responseHeaders) and other events (like onBeforeRedirect or onErrorOccurred).
Is there a way to achieve that with pure js or with the safari js-extension API ?

How do i send browser messages even if website closed? [duplicate]

My goal is to send Gmail-style desktop notifications in Chrome or Firefox from a web app (let's call it X) that is NOT currently open in the browser, without requiring the user to install an app or extension. It's okay if the user needs to grant permission to receive notifications from X, and it's okay if the browser needs to be open for the notification to appear, as long as X doesn't need to be open in the browser. A solution that doesn't require any browser window to be open would also work.
I just spent the day digging into this, and so far I think I've learned:
Since OSX Mavericks, it has been possible to do this in Safari 7+ via Safari Push Notifications.
The Web Notifications API works in Chrome/Firefox, but requires the user's browser to be open to X.
Twitter sends similar web notifications without asking the user for permission first, but requires the user's browser to be open to Twitter.
There are lots of references to possible Growl implementations, but as far as I can tell, all of them require the user to install Growl and/or a Growl-enabled app to work.
I could be wrong about any of my statements above - I'd love to hear it! - and I'm open to any other solution too. Any ideas?
Thanks for reading.
You can send push notifications even when your web page is not active using Service Workers, the Notification API for service workers and the push API for server-initiated notifications (or scheduled notifications).
As of June 2016, Service Workers are supported in Chrome, Firefox and Opera. See the status at https://jakearchibald.github.io/isserviceworkerready/
See the following links for related discussions, status of implementation and specifications.
Service workers are enabled by default since Chrome 40, Firefox 33, and Opera 24. See the HTML5Rocks tutorial and MDN.
Push notifications: Chrome 42+, Firefox 44+
You can do exactly what you are looking for using the W3C Push API.
If you want to build everything from scratch I suggest to start reading this tutorial by Google. It is for Chrome, but Firefox works in a very similar way.
However it's a lot of work and the "standard" is still evolving: I suggest that you use a service like Pushpad (I am the founder).

Difference in launching Angular JS application in Chrome and Safari?

Team,
I am working on Angular JS application. When I want to test the app, I used to just launch the application directly into the browser from file system. The url would be like
file:///Users/easwar/AngularApp/index.html
When I need to launch the app in Chrome, I need to open the browser from terminal using the below command
open -a Google\ Chrome --args --disable-web-security -–allow-file-access-from-files
to avoid the below error.
"XMLHttpRequest cannot load , Cross origin requests are
only supported for protocol schemes: http, data, chrome,
chrome-extension, https, chrome-extension-resource."
But surprisingly in Safari the app works fine without doing anything like this.
I would like to find what is the difference between these browser behaviors? Why its working in Safari and its not working in Chrome without a tweak?
In short: google chrome doesn't like local cross calls.
More found here: Cross origin requests are only supported for HTTP but it's not cross-domain .
It's Googles privacy and security policy: they try to avoid as much risks as possible, and local file calling seems to be one of them.
Read more on cross origin requests and how they're handled in Google Chrome here: https://developer.chrome.com/extensions/xhr
If you don't want to use those console commands, you might want to look for a webserver to host it (or a local webserver).

Javascript web application does not show certificate not trusted in Chrome

I have an application using https to do a jsonp call on my server which is self signed.
If I use the corresponding url in the Chrome address bar, then a warning is showing with 'The site's security certificate is not trusted!'. There the user can proceed anyway.
Now in my web application, there is no such warning and the request just remains pending indefinitely. I can see that in Developer tools. I would expect having something showing on chrome similar to the above behavior.
Chrome version is currently 25.0.1364.172.
Is this normal?
What should I do to address this problem?
Thanks!
Unfortunately this is normal. Try to browse via firefox, backup the Certificate and install it in Chrome again.

Categories

Resources