This question already has answers here:
Check whether user has a Chrome extension installed
(17 answers)
Closed 5 years ago.
I have Chrome extension published on Chrome web store.
Now I want to implement Inline installation from page on my website.
I was following thischrome tutorial.
So I added my website as verified site for my Chrome extension and inline installation is working fine.
The issue which I have is how to check does user already have my extension installed.
I want to first check does user have extension installed and if so don't show installation button and otherwise to show it.
In chrome tutorial for inline installation there is explanation how to check is extension already installed by checking chrome.app.isInstalled
But this is always returning false, even if extension is installed.
I cannot find any detail explanation of using this property. I am wondering how it even conclude which extension I am checking? Does it conclude from chrome <link> in head:
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/itemID">
Any help, how properly to check does user have my extension installed or not?
I saw a security video on YouTube, I don't have a link anymore, but I think it was a DefCon talk, or something... it shows how Chrome allows access to extension resources from a browser URL if the resource is included in the extension list of web_accessible_resources in the manifest.json. This probably isn't a good thing...
So potentially you could:
Create an image that says something like the extension is installed and active.
Add this image to your extension, and include it in the manifest.json under the web_accessible_resources list.
Then link to it on your webpage. The image will only be visible if the extension is installed and enabled.
<img src="chrome-extension://{extension-id}/extension-enabled.png">
Use javascript to check and see if the image loaded. If it didn't, replace it with a url showing that the extension is disabled or not-installed.
Related
I am building a chrome extension and a JS library to allow installing this extension.
There are a couple of ways to ask a user to install the extension:
Inline installation if the site is verified and added to the extension webstore settings.
Redirect to chrome webstore otherwise.
Is there a way to check if the inline installation is supported on the site using javascript beforehand?
The only way I found so far is to trigger inline installation and then fallback to redirecting to webstore:
chrome.webstore.install(extensionUrl, successCallback, function() {
redirectToChromeWebstoreExtensionUrl();
});
This is not ideal because the redirect will be blocked by chrome since it was not triggered by a user.
What I would like to do is to first check if the site supports inline installation and then choose an appropriate method of installation.
I am trying to install an extension in Firefox 45 (same happens with Firefox 49), but Firefox does not allow me to do that, indicating that
This add-on could not be installed because it appears to be corrupt.
The way I am trying to install it is simply by dragging the .xpi file our team developed, into the Firefox window. This extension is based on MozRepl, but with some improvements.
Previously, I tried to install it but I couldn't as it was not signed (extensions in Firefox versions from 43 onwards require signing). I followed every step in order to sign it, according to this post: Signing a XPI. I am almost certain I could sign it correctly, but now the error Firefox displays is different: "This add-on could not be installed because it appears to be corrupt."
It seems that I am not creating the .xpi file correctly, but I am not sure which is the correct structure it should have. I tried different folder structures, but with no success.
Also, I checked the Browser Console to see what error is logged in, but I didn't found it really helpful. Here it is:
Here is a link to the .xpi file in case you want to check its content. Note that I tried moving the files manifest.mf, zigbert.rsa and zigbert.sf outside the META-INF folder, but it didn't work either.
Has anyone stumbled across an error like this when trying to install an add-on? Any ideas of what maybe happening?
The .xpi file must use only "deflate" compression or uncompressed
The zip implementation within Firefox only supports uncompressed files or files compressed with the "Deflate" algorithm. You will need to create the .zip archive using the compression method "Deflate" instead of the "LZMA" which you are currently using. How to do so will depend on the tools you use to create your archive.
Personally, I use a batch file/shell script to create the .xpi file as I describe in detail in my answer to "Firefox extension .xpi file structure: description, contents, creation, and installation". The basics are that I use the zip command line tool which defaults to "deflate" or uncompressed. I use the -1 option to provide the fastest compression. Firefox/Mozilla use .xpi files both to package the files, but to also increase file access speed. The important quality is not a high compression ratio, but that the files can be accessed quickly. Unless Firefox is not an WebExtension and explicitly told to unpack the add-on by the install.rdf option <em:unpack>true</em:unpack> (WebExtensions don't have install.rdf files), the add-on will be installed as the .xpi file and all access to the add-on will be as the .xpi file.
Note: Given that your extension contains .dll files, you may need to have your add-on installed unpacked by using <em:unpack>true</em:unpack>.
Wrong signing method used. It must be signed by Mozilla, not yourself.
While it is not the error you are currently seeing, as soon as you fix the problem with your .xpi format, you will encounter an issue with your extension being signed by the wrong signature. You signed your extension with your own signature. It was not signed by Mozilla. This will not work. It must be signed by Mozilla, not yourself.You mentioned that you followed the directions in the MDN page Signing an XPI. However, as is clearly stated at the top of that page, the directions on that page are outdated and no longer work. You should have followed the link in the note to the page Signing and distributing your add-on. The note at the top of the page states:
Note: These instructions are outdated. For an extension to work in Firefox it must be signed by Mozilla, not by yourself. See Signing and distributing your add-on. [Emphasis added]
There are also a variety of questions here on Stack Overflow which address the signing issue.
Like stated in other answer it happens for unverified/unsigned extension.
But sometimes for testing you might want to use unverified/unsigned extension.
As a hack/workaround to install unverified/unsigned extensions following worked for me on Firefox version 45:
Launch Firefox and hit - about:config
Search for 'xpinstall.signatures.required'
Either double click on the row OR set the value to false and close
Now retry installing the extension and it should work.
I think there is something not clearly documented, I'd like to share my experience.
Developed my extension and zipped all the files
Selected On your own for How to Distribute this Version step and uploaded .zip to AMO
Then, on the next page, I see a signed .xpi file available for download. I downloaded it and tried to install via "about:addons -> Install Add-on from file"
I get corrupt add-on error in this case
After receiving e-mail from amo-editors#mozilla.org, I went to my add-on's page and clicked on .xpi file link there and it worked!
I had this issue when I compressed the folder containing my addon rather then just the files within.
Don't Compress the Parent Folder of your Manifest
For example, on Windows CTRL+Click on your manifest and any other files or subfolders; right click and select Send to > Compressed Folder and you should be good to go.
Note: from the browser console screenshot we can tell this isn't the issue in this case, but even so this is a common problem to the This add-on could not be installed because it appears to be corrupt error.
The message because it appears to be currupt can point to various problems. You can see a more detailed error message in the Browser Console at ctrl+shift+J.
As soon as you edit anything inside an xpi file and try to add it manually to the browser, an extension ID needs to be provided inside the manifest.json if it isn't already, with applications.gecko.id or browser_specific_settings.gecko.id. For example, altering any single character in https://addons.mozilla.org/en-US/firefox/addon/quick-js-switcher/ shows Invalid XPI: Error: Cannot find id for addon in Browser Console, so you add
"applications": {
"gecko": {
"id": "some#example.com",
"strict_min_version": "1.2.3"
}
}
to the manifest.json as well and it works: But only with about:config's xpinstall.signatures.required set to false on Firefox versions that actually respect this setting, which excludes the normal release one because apparently Mozilla hates its userbase. You need FF Nightly or the like, I'm using LibreWolf.
source
This is an answer to a tangential question when the "The add-on downloaded from this site could not be installed because it appears to be corrupt" error message starts appearing when trying to install any Thunderbird add-on. There are some other sites where this tangential question has been asked but the pages got archived:
https://www.reddit.com/r/firefox/comments/7942yu/the_addon_downloaded_from_this_site_could_not_be/ (for FF)
https://support.mozilla.org/en-US/questions/1319105
http://forums.mozillazine.org/viewtopic.php?f=39&t=2739869
Since this question here still allows replies, just wanted to add that this can occasionally start happening for all add-ons if the user's local Thunderbird profile files gets corrupt in some specific way.
In such case, I recommend restarting Thunderbird in "safe mode" with all add-ons disabled via "Help" -> "Restart with Add-ons Disabled...", and then restarting back to the "regular" mode via "Help" -> "Restart with Add-ons Enabled". After that installation of add-ons may work again.
Even though this is not the answer to this specific question, hope this tip is helpful for whoever hits this specific tangential but similar situation.
I had the same problem on firefox 52, just downgrade the addon to a lower version designed for firefox 52 or less will fix this problem.
I have been doing a lot of reading and studying to figure out.
I basically just want my main AngularJS application to run, but also include an embedded Chrome Extension app - in this case, have regularly scheduled alarms (using the chrome.alarm API).
I want all users of my AngularJS app to have automatic access to the Chrome extension app, embedded in the main clientside one with lots of other Angular features.
It seems like I have to manually enable my Chrome app in Developer mode on my browser and even drag my Chrome app specifically to a location in my Chrome browser. I don't understand how end users can just automatically use my Chrome app then.
I need to add here I have never really used jQuery, only AngularJS but AngularJS extensively. My AngularJS app is the frontend, the backend is provided by Rails.
Some advice would be really helpful. I hope I am not downvoted as it is strange how sometimes questions get downvoted and I am not sure why...I don't really know where else to go with this question.
EDIT:
Ok some code to demonstrate:
myangularapp.controller('myappcontroller', function($scope, $http) {
var delayvar = 5;
chrome.alarms.create("arandomalarm", {delay: delayvar});
};
This doesn't just work as part of my AngularJS, I tried creating a manifest.json file in the app/assets folder too. As well as a background.js file there and my-chrome-app.js file. "chrome.alarms" is undefined, but I haven't enabled Developer mode yet. But still, how are end users supposed to use it if just to make me use it I need to do so much specific browser configuration?
You should have a look at Content Scripts and then at Message Passing which explains you how to communicate between a web page and an Chrome extension.
its not possible to automatically install a chrome extension. the user must install it from the chrome store.
you may make it easier for them to install it by providing an inline installation from your webpage. its in the official documentation and you can see an example on this page with the "add to chrome" button:
http://plusfortrello.com (one of my chrome extensions which has inline installation inside that page).
that example button is further customized to display a message instead if the user is not on chrome desktop.
if your extension also has permission to your webpage then you can also detect from your webpage if the extension is already install it (to hide the button, send messages to it and such).
Since the version 35 of Google Chrome, the execution of any extension installed outside of the Google's PlayStore is blocked and cannot be enabled from the extensions menu.
The auto-installation of non-store scripts was removed two years ago but downloading the script and performing a drag & drop on the extensions menu still allowed the installation, so it was still possible to create and share scripts for Google's Chrome. But now everything is locked.
Is it possible to manually add permissions to your independant scripts ?
Is it possible to white-list a personnal website ?
Is there any other solution ?
I know that this restriction does not apply for dev and canary release channels but the scripts are purposed to be used by users with enough knowledge to know what they do, without forcing them to change their browser. The native support support is rather interresting on Chrome (even if completly locked now), so a solution without a third party plugin (ie : Tampermonkey) is better.
Thank you
The only way there seems to be left, short of installing an extension like Tampermonkey or getting a different browser, is starting the Chrome browser with the --enable-easy-off-store-extension-install flag.
Edit: Unfortunately, Google removed this flag from Chromium in April.
However, if the user (or any program) starts Chrome without this flag even once, the scripts will be disabled automatically. You can't re-enable them, even with the correct flag; your only option is to uninstall them and re-install then in the easy off-store extension install mode.
So, your options are:
Start Chrome with the --enable-easy-off-store-extension-install flag every time. If you have pinned Chrome to the task bar in Windows 7, the way to change the command line arguments for this shortcut is described here.If you have set Chrome as the default protocol handler for the HTTP and HTTPS protocols (which is the case if you made Chrome your default browser), you can modify the registry so this flag is set every time a program tries to open an HTTP or HTTPS URL with the default program.Also make sure you set this argument for file extensions Chrome is configured to open, such as .xht, .htm and .xhtml.
You can do this with the following .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
#="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --allow-easy-off-store-extension-install -- \"%1\""
Make sure the path to Chrome is correct when you install this.
Install an extension such as Tampermonkey to manage your user scripts.
Install a different browser, either developer builds of Chrome or a completely different browser, such as Opera (which has native support for user scripts) or Firefox (with Scriptish).
Blocking Chrome updates before you receive version 35 and risk getting hacked.
Switching to a different operating system, as extensions are only blocked on Windows.
If your computer is part of a Windows domain, you can install extensions using Group Policy.
Turn your user scripts into bookmarklets.
I realize this is probably not what you want to hear, but as Google continues to restrict honest developers because of a few bad players there are no better options.
Edit: there is one more approach that I've found to be working, namely hijacking an installed extension with the correct permissions:
Find and install an extension that has permission to run a content script at the web page you want it to run at. For example, the Note Anywhere extension has permission to inject a user script when a document has loaded for any HTTP or HTTPS URI.
Go to the extensions page to find the ID of the extension.
Open the folder where Chrome stores the extensions. On Windows, this is %localappdata%\Google\Chrome\User Data\Default\Extensions.
In manifest.json, find the name and location of the injected script. Overwrite the contents of this file with your user script. (In the case of the extension chosen as an example, this is asset/stickies.js.
Remove any content of the extension not referenced in manifest.json. Replace any referenced scripts and HTML pages that you aren't using with emtpy files.For the extension mentioned above, I'd remove anything except for the icons, the content script, asset/stickies.css and background.html and replace the latter two with an empty file.
Go to the Chrome extensions page and disable and then re-enable the extension.
Make a back-up of your work in case the extension is updated.
Make a note somewhere that the extension in the extensions list has its contents replaced with your user script.
EDIT : I validate this solution because it's what helped me particularly on this problem. A much richer answer is the list of workarounds submited by user2428118. Even if they did not solved my specific problem, they should be considered.
I finally could find an answer to my question thanks to the link posted by yoz, and the fact is that you can still enable a script unrelated to the PlayStore, without any third party plug-in, but as you'll see : it might be better to use TamperMonkey (even if it might imply little adaptations, it's 200% easier).
The solution is to import the unpacked user-script in developer mode.
Step By Step Explanation
Create your user script myscript.user.js as usually
Include it in a directory and create a file named manifest.json. You'll get this structure (can be zipped for distribution) :
myscript/
manifest.json
myscript.user.js
The manifest.json is a file required to import your script as a Chrome extension in developer. It describes your user script. Here is the related documentation, but the minimal code for our purpose is :
{
"manifest_version":2,
"version":"1.0",
"name": "MyScript",
"content_scripts": [
{
"js": ["myscript.user.js"],
"matches": ["http://domain.com/"]
}
]
}
Now that you have your directory with your user script and manifest.json, you can import it as an unpacked extension (a packed one will be disabled after Chrome's restart). To achieve this, simply check the "developer mode" and choose "Load Unpacked Extension...". Navigate to the directory created at step 2 and select it : that's "all".
Pros
Native solution
Natural for you if your developing your script on Chrome (obviously this wasn't my case :P)
Your script is now treated like a "real" extension.
Cons
Oh, god... I'm missing the one-click install : even if the user only has to achieve the step 4 it's still a pain.
Looks less "professional" because the user has to enable the developer mode
No longer "cross-browser" distribution since the Google Chrome's script has to be packed in a special way
The original directory cannot be (re)moved without breaking the script
A warning will be triggered every single time Chrome is opened to ask if you are sure that you want to use developer mode
Conclusion
I liked the way user-scripts had native support on Chrome : every third party plugin has some small variations (ie : datas or xhr handling). But the cons are to numerous and to important (especially the two last ones)... Even if enabling a non-PlayStore script is possible in a native way, it became such a pain that I recommend to adapt the script for a plugin such as TamperMonkey. After all, Chrome was an exception since every other browser require a plugin, now these plugins are the only way.
I still feel a bit disappointed, so if anyone happens to find a better solution (still hoping for some white-lists) I would enjoy to offer some bounty.
EDIT : Please note that user2428118 provided a list of other interesting workarounds. Even if they did not solved my specifif problem, they should be considered.
EDIT : manifest fixed
The continuation of solution number 1 from #user2428118 answer.
To ensure that you ALWAYS starts Chrome with --enable-easy-off-store-extension-install flag you, can use (additional to editing all shortcuts in menu start etc.) this registry file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\http\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
[HKEY_CLASSES_ROOT\https\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
Replace C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe with actual path to chrome.exe in your system.
Unfortunately, aside from extensions like Tampermonkey, there don't seem to be good workarounds, given the way your script is generated differently for each user.
This is the best explanation I've found:
http://www.chromium.org/developers/extensions-deployment-faq
I'm using an embedded plugin in my web app to enable scanning (Dynamsoft's webscanning plugin). I'm serving an xpi to firefox users and a crx to chrome users. When viewing the page without the plugin installed, Firefox will try to download the plugin and the user will need to click "manual install" to install it. Chrome will make no attempt to donwload the plugin (this is by design, according to http://code.google.com/p/chromium/issues/detail?id=15745)
I would like to use javascript to detect wether the plugin is installed or not (preferrably before trying to load it through the embed tag). If no plugin is installed, I want to provide an explanation and a link to the correct plugin to the user. Both browsers install their respective plugins without any problem if the user clicks at a download link instead of just trying to load through the embed tag.
So, does anybody know a way detect wether a plugin is installed using javascript?
Have you had a look at window.navigator.plugins?
..and the equivalent reference for webkit plugins-
The Apple reference for the WebKit DOM appears to have disappeared. navigator.plugins does work for me in Safari & Chrome. See a jsfiddle here: http://jsfiddle.net/2EaKD/
Sounds to me like a potential security hole, if a website (something remotely) could access your plug-ins (something locally). So I guess this is not possible.
Your addon can monitor which pages are opened by the user. If it is your page, you can make your addon set a global variable in that page and your page's JavaScript should be able to detect this.