Google Chrome Extension: access padlock/certificate info - javascript

Okay, a bit of an odd question here, but I'm doing a research project about what influences people to make trust decisions when they look at a website, and without going into all the back story here, I am developing a browser plugin for Google Chrome that identifies the elements that people look for the most in a web page and tries to give a trust rating for that page. One major bit of information is the security certificate and that nice green padlock you see in the omnibox.
I am new to Chrome extension programming and I've searched the Javascript Chrome APIs here: https://developer.chrome.com/extensions/api_index, but the omnibox seemed to only allow you to enter search terms. If it isn't possible, are there any alternative ways to see if Chrome trusts the certificate of the current page?
Question: Is there any API for getting info about the state of the padlock icon in the omnibox so that my application can know the state of that padlock icon?

Related

How to show google chrome apps icon in system tray

How to show google chrome apps icon in system tray and also hide the icon from task bar when minimise the window using javascript,jquery,google chrome extension
Here is the Solution https://chrome.google.com/webstore/detail/lightning-reopen/ahphokgmcecbjeipkfkamcdmemghkaph
it is exactly what you're looking for I'm Currently using it and its sole purpose is to put Google Chrome in the system tray and let it run in the background, That's it.
Here is a direct quote from the developers page describing this Google Chrome extension
Keep Chrome open in the background for faster re-opening
Do you have a million extensions installed that take absolutely ages to load when you open a new Chrome window, causing freezes and stuttering? Do you want to get notifications from your browser extensions without having to keep a Chrome window open and cluttering your taskbar? Do you have more RAM than you know what to do with?
If you answered yes to at least one of the questions above then this extension is for you! After installing, Chrome will sit in your notification area and remain open in the background, which means that when you open a new Chrome window all your extensions will not need to re-initialize themselves resulting in a lot faster startup and next to no lag.
For the longest time I've been just installing Dropbox for Gmail on all my machines to get this effect, but taking a look at what permissions it has made me realize that maybe I should not be doing that. I decided to make my own background extension with no permissions, no cryptominers and no API calls "phoning home".
That's right, this extension literally has no way to access any of your personal data anywhere while you're browsing, its only purpose is to let you keep Chrome in the background. Even if at any point the extension were to be compromised you would be prompted for any extra permissions, which you should never agree to. You have my word that this extension will never be sold to any shady extension marketing company looking to inject ads and/or trackers into every page you visit.
This extension is open source, you can find the source code here: https://github.com/SeinopSys/LightningReopen
You can't. That's not a thing that Chrome extensions can do.
There was, at one point, some work towards an API to allow Chrome extensions to display "system indicators" (i.e, system tray icons, menu bar icons, etc). However, this work was abandoned; there is no support for this feature in any current version of Chrome, nor is there likely to ever be.
If you want a system tray icon, you will need to write a native application.

<a href="fb//"> open post/video Link in native App? [duplicate]

Some dev blogs have published information about the "fb://" url scheme for opening various views in the Facebook iPhone App. No matter how much I've searched, I haven't found one word from any official Facebook source about this.
Since the information is public anyways, I'm sure I'm not the only one who'd like to know, whether using this url scheme is officially approved, am I allowed to use it, does it work correctly, and if it's not approved, will it be and what's the approximate schedule for that?
Thanks in advance for any info on this subject!
It's there to support the iOS push notification system (i.e. you get a push notification that says "Friend's Name tagged you in a photo", and you tap on it, it takes you straight to the photo).
I'd assume it's not intended for third party use and therefore subject to change. Hell, Facebook's public-facing APIs are subject to change on a whim anyhow, so I'd be especially cautious about something they hadn't documented.
It's for iOS only. The iOS API lets you define you own URL scheme, so Facebook must have developed their application to register the fb:// URL scheme on iOS devices. It's not a feature that was created by Apple, it's something you, the developer, can make up.
Here are some resources you can investigate
The Facebook iOS SDK
Here on StackOverflow
A tutorial on how it works (not Facebook-specific)
You can use it from your own applications on iOS, but only if the Facebook application is installed. There are, however, plugins and browser extensions out there that mimic the behavior by handling the fb:// schema on your desktop browser.

U2F support without the U2F Chrome extension

I've started fiddling around with U2F and it's looking really promising. Got myself some security keys and started digging into it.
I've managed to create a working register/login demo website which works well using the U2F tokens and the U2F Chrome extension.
However... and this is where my question arises:
I've also enrolled a security key for my Google account and immediately got struck by the fact that it works without using the U2F Chrome extension. As a matter of fact I've done all the Google enrollment and logins without even having the extension installed. How is this possible? I've read (some of) the FIDO specifications and saw that there may be two API levels: high - which is the u2f namespace exposed by the extension and - and low - which involves using MessagePort API. Maybe this is how Google does it? (also tried doing a chrome.runtime.connect(...) myself, but the chrome.runtime object is undefined in my web page)
Any pointer in the proper direction would be appreciated and of great value at this moment, as there aren't many resources available on this young project called U2F.
Chrome is white listing Google domains. Non-Google domains has to use the extension for now. However, this will change "very soon" according to Google -- this is documented here and mentioned by a Google developer in this webinar.
Edit: The extension is no longer required with Chrome 41. You can test it out here (Note: When accessed from and older version of Chrome, or not via HTTPS, the site will fall back to using the extension).

Google trusted store badge not showing in all browsers

The Google trusted store badge in not showing across browsers and platforms.
I can get it to show in Safari Mac but not Chrome or Firefox Mac.
I can get it to show in IE Win and Firefox Win but not Chrome Win.
I went through Google's implementation tips.
Doctype checks out.
Google's Tag Assistant validates on the page.
The test, Test Drive, of the js implementation in Trusted Stores works fine.
robots.txt is also delivered under ssl.
Any ideas?
Google response:
We are writing to you because we noticed a posting your team made asking about the Trusted Stores badge visibility on your site.
I can confirm that your account, qxxxxxxxxxxxxxe.com, is in good standing. The badge is not displaying for half of users due to a few-week experiment we are running with all merchants in the program.
We run experiments from time to time, as we are always looking to improve the user experience with your site and the program. For example, we have made improvements to the badge design and behavior, such as only opening the flyover on click (instead of mouseover).

Chrome: not "remembering" the choice to allow access to microphone

I have a super simple web page that uses the Web Speech API so that I can more easily communicate with my mom (she is deaf). Google's voice recognition is fast enough that I can talk to her in realtime (she reads the vr results).
My site: http://goo.gl/Wm69Mp
We are both using Chrome v30.0.1599.66.
The problem I'm running into is that every time I click on the microphone icon Chrome asks me if I want to allow access.
I click 'Allow' every time. If I look at Chrome's Media Settings for my site I see that the audio behavior is set to "Ask" but I can't seem to change it to "Allow".
Does anyone understand what is going on here?
UPDATE
It looks like I might have to enable https for my choice to remembered. I'd still like someone to verify that for me if possible.
TIA!
-CS
According to Google's Docs, if you select allow on a http URL your preference is not remembered. However if it is a https URL it will remember.

Categories

Resources