This is a pretty general question with a couple examples. I'm fairly new to writing chrome extensions and I seem to keep running into cases that are impossible to test without deploying to the webstore (which takes ~60m each time). This is an impossible workflow. Am I missing something?
Case 1 inline installation
Trying to set up inline installation from my site to a chrome extension. When I run the site locally i get the following.
Error downloading extension: Inline installs can only be initiated for Chrome Web Store items that have one or more verified sites.
But I cannot seem to add localhost website property in chrome's developer dashboard. What is the recommended way to do this in a dev environment. I tried using local.mywebsite.com and adding a local alias for localhost, but now chrome cannot find the verification file you are required to serve...
Case 2 Chrome Extension OAuth
Attempting to use chrome.identity.launchWebAuthFlow to setup user credentials in my extension for my website, but of course the callback url provided https://<ext-id>.chromium.org/provider-cb does not redirect to my local deploy of the extension.
Is there no way to test these things??
Regarding your error "Inline installs can only be initiated for Chrome Web Store items that have one or more verified sites.", you may follow the instructions given in this page.
You need to:
Go to the Webmaster Tools.
Add the site to your sites.
Obtain and embed a verification code into your site.
Complete verification in Webmaster Tools.
Go to your Developer Dashboard (must be under the same Google account) and edit your Web Store item.
Select your site in "Verify that this is an official item for a website you own:"
Here are some references which might help in testing extensions:
Testing browser extensions
How to test chrome extensions?
I have a basic Google Chrome extension which needs to be ported to Firefox. I uploaded the .crx file to the Firefox marketplace and it got accepted but is under review rightnow. I downloaded the the generated xpi file and tried to install it locally but without any success. It tell that the plugin is invalid or corrupted.
Another method that I tried is I ported the extension using chrome-tailor and generated the xpi. I am able to install the extension in this but the content scripts are not injected and the extension doesn't work as expected.
I want to install it in Firefox and test it. I have also set xpinstall.signatures.required to false.
WebExtensions
To test WebExtension based add-ons, they are usually loaded as a "Temporary Installation in Firefox"
That MDN page describes how to temporarily install a WebExtensions (i.e. similar code to Chrome) in Firefox. The gist of it is:
Navigate to about:debugging
Click the button "Load Temporary Add-on"
Use the file selection dialog to select the manifest.json file, or packaged .xpi file for the extension.
Note on testing WebExtensions:
The WebExtensions API is still in development. For now, you are probably best off developing and testing your WebExtension add-on with Firefox Developer Edition, or Firefox Nightly. You should also make careful note of what version of Firefox is required for the functionality you desire to use. This information is contained in the "Browser compatibility" section of the MDN documentation pages.
Firefox Add-on SDK
To test Firefox Add-on SDK based ad-ons, use jpm run. You might want to take a look at this answer to "jpm run does NOT work with Firefox 48, or later"
This question already has answers here:
Check whether user has a Chrome extension installed
(17 answers)
Closed 5 years ago.
I have Chrome extension published on Chrome web store.
Now I want to implement Inline installation from page on my website.
I was following thischrome tutorial.
So I added my website as verified site for my Chrome extension and inline installation is working fine.
The issue which I have is how to check does user already have my extension installed.
I want to first check does user have extension installed and if so don't show installation button and otherwise to show it.
In chrome tutorial for inline installation there is explanation how to check is extension already installed by checking chrome.app.isInstalled
But this is always returning false, even if extension is installed.
I cannot find any detail explanation of using this property. I am wondering how it even conclude which extension I am checking? Does it conclude from chrome <link> in head:
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/itemID">
Any help, how properly to check does user have my extension installed or not?
I saw a security video on YouTube, I don't have a link anymore, but I think it was a DefCon talk, or something... it shows how Chrome allows access to extension resources from a browser URL if the resource is included in the extension list of web_accessible_resources in the manifest.json. This probably isn't a good thing...
So potentially you could:
Create an image that says something like the extension is installed and active.
Add this image to your extension, and include it in the manifest.json under the web_accessible_resources list.
Then link to it on your webpage. The image will only be visible if the extension is installed and enabled.
<img src="chrome-extension://{extension-id}/extension-enabled.png">
Use javascript to check and see if the image loaded. If it didn't, replace it with a url showing that the extension is disabled or not-installed.
Since the version 35 of Google Chrome, the execution of any extension installed outside of the Google's PlayStore is blocked and cannot be enabled from the extensions menu.
The auto-installation of non-store scripts was removed two years ago but downloading the script and performing a drag & drop on the extensions menu still allowed the installation, so it was still possible to create and share scripts for Google's Chrome. But now everything is locked.
Is it possible to manually add permissions to your independant scripts ?
Is it possible to white-list a personnal website ?
Is there any other solution ?
I know that this restriction does not apply for dev and canary release channels but the scripts are purposed to be used by users with enough knowledge to know what they do, without forcing them to change their browser. The native support support is rather interresting on Chrome (even if completly locked now), so a solution without a third party plugin (ie : Tampermonkey) is better.
Thank you
The only way there seems to be left, short of installing an extension like Tampermonkey or getting a different browser, is starting the Chrome browser with the --enable-easy-off-store-extension-install flag.
Edit: Unfortunately, Google removed this flag from Chromium in April.
However, if the user (or any program) starts Chrome without this flag even once, the scripts will be disabled automatically. You can't re-enable them, even with the correct flag; your only option is to uninstall them and re-install then in the easy off-store extension install mode.
So, your options are:
Start Chrome with the --enable-easy-off-store-extension-install flag every time. If you have pinned Chrome to the task bar in Windows 7, the way to change the command line arguments for this shortcut is described here.If you have set Chrome as the default protocol handler for the HTTP and HTTPS protocols (which is the case if you made Chrome your default browser), you can modify the registry so this flag is set every time a program tries to open an HTTP or HTTPS URL with the default program.Also make sure you set this argument for file extensions Chrome is configured to open, such as .xht, .htm and .xhtml.
You can do this with the following .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
#="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --allow-easy-off-store-extension-install -- \"%1\""
Make sure the path to Chrome is correct when you install this.
Install an extension such as Tampermonkey to manage your user scripts.
Install a different browser, either developer builds of Chrome or a completely different browser, such as Opera (which has native support for user scripts) or Firefox (with Scriptish).
Blocking Chrome updates before you receive version 35 and risk getting hacked.
Switching to a different operating system, as extensions are only blocked on Windows.
If your computer is part of a Windows domain, you can install extensions using Group Policy.
Turn your user scripts into bookmarklets.
I realize this is probably not what you want to hear, but as Google continues to restrict honest developers because of a few bad players there are no better options.
Edit: there is one more approach that I've found to be working, namely hijacking an installed extension with the correct permissions:
Find and install an extension that has permission to run a content script at the web page you want it to run at. For example, the Note Anywhere extension has permission to inject a user script when a document has loaded for any HTTP or HTTPS URI.
Go to the extensions page to find the ID of the extension.
Open the folder where Chrome stores the extensions. On Windows, this is %localappdata%\Google\Chrome\User Data\Default\Extensions.
In manifest.json, find the name and location of the injected script. Overwrite the contents of this file with your user script. (In the case of the extension chosen as an example, this is asset/stickies.js.
Remove any content of the extension not referenced in manifest.json. Replace any referenced scripts and HTML pages that you aren't using with emtpy files.For the extension mentioned above, I'd remove anything except for the icons, the content script, asset/stickies.css and background.html and replace the latter two with an empty file.
Go to the Chrome extensions page and disable and then re-enable the extension.
Make a back-up of your work in case the extension is updated.
Make a note somewhere that the extension in the extensions list has its contents replaced with your user script.
EDIT : I validate this solution because it's what helped me particularly on this problem. A much richer answer is the list of workarounds submited by user2428118. Even if they did not solved my specific problem, they should be considered.
I finally could find an answer to my question thanks to the link posted by yoz, and the fact is that you can still enable a script unrelated to the PlayStore, without any third party plug-in, but as you'll see : it might be better to use TamperMonkey (even if it might imply little adaptations, it's 200% easier).
The solution is to import the unpacked user-script in developer mode.
Step By Step Explanation
Create your user script myscript.user.js as usually
Include it in a directory and create a file named manifest.json. You'll get this structure (can be zipped for distribution) :
myscript/
manifest.json
myscript.user.js
The manifest.json is a file required to import your script as a Chrome extension in developer. It describes your user script. Here is the related documentation, but the minimal code for our purpose is :
{
"manifest_version":2,
"version":"1.0",
"name": "MyScript",
"content_scripts": [
{
"js": ["myscript.user.js"],
"matches": ["http://domain.com/"]
}
]
}
Now that you have your directory with your user script and manifest.json, you can import it as an unpacked extension (a packed one will be disabled after Chrome's restart). To achieve this, simply check the "developer mode" and choose "Load Unpacked Extension...". Navigate to the directory created at step 2 and select it : that's "all".
Pros
Native solution
Natural for you if your developing your script on Chrome (obviously this wasn't my case :P)
Your script is now treated like a "real" extension.
Cons
Oh, god... I'm missing the one-click install : even if the user only has to achieve the step 4 it's still a pain.
Looks less "professional" because the user has to enable the developer mode
No longer "cross-browser" distribution since the Google Chrome's script has to be packed in a special way
The original directory cannot be (re)moved without breaking the script
A warning will be triggered every single time Chrome is opened to ask if you are sure that you want to use developer mode
Conclusion
I liked the way user-scripts had native support on Chrome : every third party plugin has some small variations (ie : datas or xhr handling). But the cons are to numerous and to important (especially the two last ones)... Even if enabling a non-PlayStore script is possible in a native way, it became such a pain that I recommend to adapt the script for a plugin such as TamperMonkey. After all, Chrome was an exception since every other browser require a plugin, now these plugins are the only way.
I still feel a bit disappointed, so if anyone happens to find a better solution (still hoping for some white-lists) I would enjoy to offer some bounty.
EDIT : Please note that user2428118 provided a list of other interesting workarounds. Even if they did not solved my specifif problem, they should be considered.
EDIT : manifest fixed
The continuation of solution number 1 from #user2428118 answer.
To ensure that you ALWAYS starts Chrome with --enable-easy-off-store-extension-install flag you, can use (additional to editing all shortcuts in menu start etc.) this registry file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\http\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
[HKEY_CLASSES_ROOT\https\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
Replace C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe with actual path to chrome.exe in your system.
Unfortunately, aside from extensions like Tampermonkey, there don't seem to be good workarounds, given the way your script is generated differently for each user.
This is the best explanation I've found:
http://www.chromium.org/developers/extensions-deployment-faq
I'm using an embedded plugin in my web app to enable scanning (Dynamsoft's webscanning plugin). I'm serving an xpi to firefox users and a crx to chrome users. When viewing the page without the plugin installed, Firefox will try to download the plugin and the user will need to click "manual install" to install it. Chrome will make no attempt to donwload the plugin (this is by design, according to http://code.google.com/p/chromium/issues/detail?id=15745)
I would like to use javascript to detect wether the plugin is installed or not (preferrably before trying to load it through the embed tag). If no plugin is installed, I want to provide an explanation and a link to the correct plugin to the user. Both browsers install their respective plugins without any problem if the user clicks at a download link instead of just trying to load through the embed tag.
So, does anybody know a way detect wether a plugin is installed using javascript?
Have you had a look at window.navigator.plugins?
..and the equivalent reference for webkit plugins-
The Apple reference for the WebKit DOM appears to have disappeared. navigator.plugins does work for me in Safari & Chrome. See a jsfiddle here: http://jsfiddle.net/2EaKD/
Sounds to me like a potential security hole, if a website (something remotely) could access your plug-ins (something locally). So I guess this is not possible.
Your addon can monitor which pages are opened by the user. If it is your page, you can make your addon set a global variable in that page and your page's JavaScript should be able to detect this.