I've created a site that utilizes the new Web Midi Api, native in Chrome Canary.
Since web midi isn't enabled by default, I would like to simply direct my users to chrome://flags/#enable-web-midi where they can enable midi.
I discovered that using an anchor tag isn't allowed, nor is window.open("chrome://flags"). I'm wondering if there is a Chrome expert out there who could steer me in the right direction.
I want to make this enabling step as easy as possible for my users.
chrome.tabs.create({url: "chrome://flags#enable-web-midi"});
This does not require any permission. (This assumes you are developing a Chrome app, if you are making a normal site, then I don't think it's possible.)
Details on chrome.tabs.create.
Related
I am talking about this notification:
Somehow SoundCloud (the website) makes this notification appear and it has working controls. I do not have the app installed, that notification originates from com.android.chrome. I don't really need to know this to reproduce it, but I'm curious as to how it accomplishes this and perhaps in what other ways you can use it.
This is accomplished with Chrome Media Notifications. https://developers.google.com/web/updates/2015/07/media-notifications
To get the playback controls, and other information on the notification, you can customise them by providing meta data with the Media Session API. https://developers.google.com/web/updates/2017/02/media-session
When Android is programmed, it gets certain features that allow it to communicate with web hosts and websites. The website will have to be built a certain way that allows it to be communicative, but that seems to be what's happening in this situation.
Some dev blogs have published information about the "fb://" url scheme for opening various views in the Facebook iPhone App. No matter how much I've searched, I haven't found one word from any official Facebook source about this.
Since the information is public anyways, I'm sure I'm not the only one who'd like to know, whether using this url scheme is officially approved, am I allowed to use it, does it work correctly, and if it's not approved, will it be and what's the approximate schedule for that?
Thanks in advance for any info on this subject!
It's there to support the iOS push notification system (i.e. you get a push notification that says "Friend's Name tagged you in a photo", and you tap on it, it takes you straight to the photo).
I'd assume it's not intended for third party use and therefore subject to change. Hell, Facebook's public-facing APIs are subject to change on a whim anyhow, so I'd be especially cautious about something they hadn't documented.
It's for iOS only. The iOS API lets you define you own URL scheme, so Facebook must have developed their application to register the fb:// URL scheme on iOS devices. It's not a feature that was created by Apple, it's something you, the developer, can make up.
Here are some resources you can investigate
The Facebook iOS SDK
Here on StackOverflow
A tutorial on how it works (not Facebook-specific)
You can use it from your own applications on iOS, but only if the Facebook application is installed. There are, however, plugins and browser extensions out there that mimic the behavior by handling the fb:// schema on your desktop browser.
I have website link at which I have designed a html/javascript web app. I used iOS and Android app to create an app that encapsulates the web app.
Is there a way to block access to the website link and only allow access to the website link only thru the native apps calling the link.
In short safari, IE, Chrome must not be able to access the link, but the iPhone & Android app should be able to access it.
Is there some way to tell that the app is accessing the site and not the phone or pc browsers.
I am sure there a number of ways to implement this.
Thanks,
It depends on how is the web app implemented. Since native Web Views are pretty much the wrapper for the standard browser (Safari/Chrome), you will find it tough to filter it based on that.
What you can do, however, is to add an extra GET variable (for ex. &ref=youruniquecodehere) or a custom User-Agent, based on which you will be able to identify, whether your application authorized the request (with a proper access code) or if it's a generic request using browser.
However, both of these options can still be bypassed if researched, although it'd require slightly more time. Not sure whether a solution that would work in 100% of cases exists.
Hope that helps, please correct me if I'm wrong.
Notice how Firebug can access the DOM of cross domain iframes and even allow you to modify them? I'm wondering if there is an firefox addon extension or a config setting that will allow a page on our intranet to do this.
Longer explanation:
I have a two "kiosks" in our reception area that the public can use. As we're running in kiosk mode (fullscreen, no chrome), I have created a small web application consisting of a menu and an IFRAME. The menu allows users to browse to approved sites and also perform actions like printing. It also gloms onto requests for popup windows and instead overlays them in a modal iframe rather than allowing the browser and OS chrome to be exposed - breaking the "kiosk" experience.
Obviously, this works perfectly on anything internal because it's all on the same domain. It gets trickier when browsing external sites because the XSS protection kicks in and you can't see the DOM inside the IFRAME.
I have also tried using a web-based proxy server on the same domain (PHProxy for example), which works okay, but there are horrible edge cases where it doesn't work - a big one is the CAPTCHA on our website forms. So that's pretty much not an option for me.
Basically I think the only solution that will work for me is to modify the browser in some way using a security setting or an addon. Any ideas?
Thanks guys very much for you time and consideration. It is VERY much appreciated.
--Iain
There is a way for unpriviledged JavaScript code (loaded from a web page) to request more privileges in Firefox. This is an old, non standard API that prompts the user for permission and if accepted allows the JavaScript to do things normal JavaScript cannot. One of these things is to bypass Same Origin Policy.
Sample code:
try {
// ask user for permission
netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
} catch (e) {
// user refused permission
alert('Permission "UniversalBrowserRead" was denied.');
}
//Should now be capable of bypassing same origin policy if user accepted
Since the kiosk browser does not restart (I suppose) very often, the dialog just has to be accepted once. Not sure this is the most elegant solution but might work, at least for now (the API is old and might disappear).
Here is a link for more details: http://www.mozilla.org/projects/security/components/signed-scripts.html#privs-list
While looking for the exact privilege name I found this page about Security Policies in Firefox. This would be a much nicer solution. I have never used it, so I cannot give more info, but here is the link, might be a good place to start looking:
http://www.mozilla.org/projects/security/components/ConfigPolicy.html
Hope this helps!
I found an addon called CrossDomain. The addon hasn't yet been updated for newer versions of Firefox. In the end, I solved this whole problem by writing an HTA and using the internet explorer rendering engine - which made my IT manager happy :). Here is the link to CrossDomain in case this helps someone one day. Thank you everyone for your submissions.
https://addons.mozilla.org/en-US/firefox/addon/13004/
Why not use Greasemonkey, it will allow you to run your script on any page.
Whats the easiest way to build a simple 'web' application which is a single page, that just refreshes itself (using AJAX or something) to display continuously changing data hosted on various different servers on the internet?
I want to interface with (for example) Twitter, Facebook, Skype, Google Calendar, and any number of other services that have some type of web API.
The application does not need to allow user interaction other than to configure it with the authentication parameters needed to access those services.
It should be able to run full-screen with no UI elements showing, just the pretty information I am displaying.
I started to write an HTML file using Jquery but I am running into "Same Origin Policy" issues. Is there a way around this?
I'd love to just write this in Html/Javascript and run it in Google Chrome, is that possible somehow? I don't know how to get around SOP without hosting my own web server as a proxy to cross the domains.
Is there another alternative that is still pretty easy and simple? I looked into using the Windows Vista Sidebar but apparently you can't have a full-screen gadget.
I figured out that I can use the command line option for chrome:
--disable-web-security
And it will allow me to workaround the same origin policy, and since I am using this for a local application I can put the app in a virtual machine and let it run without too much worry.