I am creating a Google Chrome extension (and possible support for Firefox and Safari) that displays a brief summary of the page the user is reading. The extension detects the url from the browser's tab, sends it to the backend app server, which creates a summary and returns the response back. There's some more backend machine learning analysis that is being done on the content (hence the need for backend app server).
During my local testing, I found that my extension is showing summaries for pages which are also behind paywalls e.g. NYTimes. I want to respect the paywalls. So my question is, is there a way for my extension to detect if the url is behind a paywall - and then respect it? I believe this can be achieved through the use of cookies - but I'm not entirely sure how to have a generalized solution.
Related
I am trying to make a chrome extension where I need access to the webcam feed once the user has allowed permission and has toggled on button in the extension popup. The feed should (and the extension) should keep running persistently until the user has stopped the feed via the control in the popup or has exited chrome.
Unfortunately, there's not sufficient information as to how to do this, let alone access webcam from the extension. I did read the related answer where its mentioned to use content scripts but there's no example code for it. (And no documentation as well).
Also, unfortunately I don't have enough working code to give insight of my progress.
Context
I'm working on an ESP32 device that use WifiManager library to set up the device Wifi. This library just create a Wifi Hotspot who redirect to a basic HTML page. This page will be reachable via a smartphone. I want to know the user location when he visits this HTML page.
My Problem
The problem is, that to see this page, he must be connected to the ESP32 Wifi Hotspot so every solution must work without an Internet connection.
Furthermore, I know that there is this API (HTML5 Geolocation), but it didn't work because the server is hosted locally in HTTP. (And I saw a post that said that it must be connected to Internet).
I have also a size constraint. I'm working on a tiny device with already a lot of code so the solution mustn't be to heavy.
So, is there a way to get a smartphone GPS Location via a Javascript script and without using HTML5 Geolocation and without an Internet connection ?
I don't know why you wouldn't want to use JS. It's the only way you can get information from the client in a web app.
The hurdle is, you usually need HTTPS for such sensitive data to be allowed to be sent by the users browser. But how to set your server up for HTTTPS is not a question for StackOverflow.
Sorry that we can't give you a better answer. If you can't do it native you'll have to work with what you've got.
EDIT:
Some browsers need intenet to verify certificates, can't do anything about that. If you don't control the device -> browser.
This is related to this security question regarding what it is that secures credentials inside a single page webapp.
Suppose we are using an app that is not ours and uses JWT Tokens for security. Are we able to log the contents through browser developer tooling or otherwise of the variables that the app uses for state. Specifically could someone log or see the contents of the JWT token that the user obtained post authentication?
Yes, it's entirely possible. Any user can just open the developer console and put breakpoints to see the value of the variables on runtime at a particular instance of time. This is how developers debug their applications.
The front end JS code runs on browser and since that needs to be interpreted, the source code needs to be downloaded on the browser and then run using a JS engine (V8 for chrome, webkit for Safari, Chakra for MS Edge etc.)
To secure your application you need to put as much business logic as possible on your server side code whenever security is concerned. With respect to JWT, I suggest you look at this SO question.
After accessing a webpage with dynamic content, I use the "work offline" functionality of my web browser, and then I play around a bit with the page.
Later on, I turn back to mode "online" in my browser so that my changes can be appropriately stored in the corresponding server.
What can I do to "save" the information related to the webpage when working offline (so that I can close my browser or reboot my PC) and reopen it later (before turning back to "online" again?
Some extra information:
The page in question is a page provided by a remote Kallithea server.
For example, a similar context can be accessed via this link:
https://kallithea-scm.org/repos/kallithea/changeset/9e750b37b391af137aee703532082059ae6a3e25
Currently using Mozilla, but responses for any browser are welcome
You can save your data to the local storage using javascript.
You can also look into service workers if you have to intercept browser request (but they are not available in all browsers). Google also has a project called "Progressive Web Apps" to deliver offline functionality and faster load time: link.
I would like to read the browser's "localstorage" when the browser is off using the OS !
I want to save client data in localstorage and then switch off the browser and the internet and then let an OS program (a windows exe) access and analyse that data and then write new data into that localstorage area so that when the browser restars the new data is in localstorage.
This should be possible because my OS (i.e. windows) can read can delete cookies from the browser "files" ... so presumably once i know the format of the localstorage "file" then the OS is boss of all of its files and so it should be able to alter them !
So: how do i read and write to JavaScript/HTML5/DOM "localstorage" using "client side .exe programs" ?
FAILING THAT: is there any other way that the OS can pass simple data into (and out of) the browser ?
Obviously all of this has both huge potential POWER and huge potential DANGER !
The browser can only become the "virtual OS of the future" if the real OS can interact safely with it !!
Thank You.
Of course an app running locally with the appropriate permissions can access any file on disk. However, the real question is what to do with that file once it's open?
Consider the following:
Each browser (Chrome, Firefox, IE, Opera) is likely to store localstorage data in its own proprietary format. You'd have to reverse engineer those formats.
Since those formats are an implementation detail (not a documented API), they are liable to change. This will break your app and/or corrupt user data.
What happens if you modify those data files while the browser is open (even if the page in question isn't open)? The browsers don't expect their data files to change out from underneath them, so it's likely you'd see strange behavior.
All of this is to say that this is a very bad idea. You're messing with the internals of someone else's application; that's a big no-no.
Have you considered an alternative approach? When I was faced with a similar problem, I simply implemented a very simple HTTP server in my app that was bound to a specific port on 127.0.0.1.
With XHR and the appropriate CORS headers, your browser-based application can communicate with your desktop app in a safe manner.
Here are some other ways:
Embed a web browser control in your application. The web browser control can readily peek into the page, and the page can readily peek into the local storage. The web browser control refers chiefly to Internet Explorer.
You can pass parameters from the web page into an initiated executable (even a batch file) by manipulating the name of the executable. (Use application/bat as Content-Type to invite the OS to run your program when the user downloads it.)
A ClickOnce program initiated from the browser can readily receive data from the webpage.
You can use automation in your program (AutoIt, AutoHotKey) to copy/paste to an from a field on your web page. You can find the window by title as you control the title on the web page side. You can even automate opening a browser, navigating it to a page that dumps the local storage into a text field, and focuses the field.
ActiveX controls (good luck)
I can't speak for similar tricks for OS X or Linux.