Chrome extension get Cookie when "change site data" - cookies

Regarding getting Cookie from my chrome extension, it works perfectly when the chrome setting "On all sites".
But when I set "On [current site]" or "When you click the extension" in chrome extension setting, I couldn't get any cookies..
https://support.google.com/chrome_webstore/answer/2664769?hl=en
"Let extensions read and change site data"
※ When I keep opening the url where I want to get the cookie, it's success...
I tried to look for the solution, but there were nothing.
{
"name": "myapp",
"version": "1.0.0",
"description": "desc",
"permissions": [
"contextMenus",
"tabs",
"cookies"
],
"host_permissions": [ "https://wanna-get-cookie-this-domain.com/*" ],
"background": { "service_worker": "service_worker.js" },
"content_scripts": [
{
"js": ["scripts/contentscript.js"],
"matches": ["https://*/*"]
}
],
"manifest_version": 3
}
service_woeker.js
chrome.contextMenus.create({
id: "testapp",
title: "title",
contexts: ["all"],
type: "normal"
});
chrome.contextMenus.onClicked.addListener(function(info, tab) {
chrome.windows.create({
url: `/views/popup.html`,
type: 'popup',
focused: true,
width: 395, height: 230
});
})
chrome.runtime.onMessage.addListener(function (request, sender, sendResponse) {
if (request.type == "getCookie") {
chrome.cookies.getAll({}, function(cookies) {
console.log(cookies);
// "On all sites" works.
// "On [current site]" or "When you click the extension" doesn't work
// even after I clicked and enabled the extension.
});
}
return true;
});
views/popup.html
<html>
...
<script src="/scripts/popup.js"></script>
</html>
scripts/popup.js
// After user clicked, below code
chrome.runtime.sendMessage({type: 'getCookie'}));
Thanks,

This is a bug:
the cookies API is only checking the host permissions, and not checking tab-specific permissions, since the request isn't associated with a tab.
Until it's fixed you'll have add the host permissions for all sites in manifest.json:
"host_permissions": ["<all_urls>"]
Note that your content script already runs on all https sites (why not all sites though?), which means that your extension is already requesting the "broad host permission" under the hood, so adding the same pattern to host_permissions doesn't increase the internal permissions of your extension, it's more of a cosmetic requirement to allow the use of chrome API in the non-content scripts like the background script.

Related

Power BI Embedded on LOCALHOST

I know that one of the major steps in power bi embedded is to give your app permission to it (I have an existing app in azure ad) but what if I'm just trying to get it working on localhost!
Here's my code: and nothing is working. Getting 403 currently.
**for testing purposes, I retreived my access token via: https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/reports-generate-token-in-group#code-try-0
<PowerBIEmbed
embedConfig={{
type: 'report', // Supported types: report, dashboard, tile, visual and qna
id: 'myreportId',
embedUrl:
'https://embedded.powerbi.com/appTokenReportEmbed?reportId=myreportid',
accessToken:
'xxx',
permissions: models.Permissions.All,
tokenType: models.TokenType.Embed,
viewMode: models.ViewMode.View,
settings: {
panes: {
filters: {
expanded: false,
visible: false,
},
},
background: models.BackgroundType.Transparent,
},
}}
eventHandlers={
new Map([
[
'loaded',
function() {
console.log('Report loaded');
},
],
[
'rendered',
function() {
console.log('Report rendered');
},
],
[
'error',
function(event) {
console.log(event.detail);
},
],
])
}
cssClassName="report-style-class"
getEmbeddedComponent={embeddedReport => {
console.log({ embeddedReport });
// this.report = embeddedReport as Report;
// window.report = this.report;
}}
/>
It seems like you are using the wrong tokenType
You need to use tokenType: models.TokenType.Aad
For more information regarding tokenType, you can check this documentation: https://learn.microsoft.com/javascript/api/overview/powerbi/embedding-solutions
If this does not resolve the problem, there may be other causes of error 403.:
• The user has exceeded the amount of embedded token that can be generated on a shared capacity.
• The Azure AD auth token expired.
• The authenticated user isn't a member of the group (workspace).
• The authenticated user isn't an admin of the group (workspace).
• The authenticated user doesn't have permissions. Permissions can be updated using refreshUserPermissions API
• The authorization header may not be listed correctly. Make sure there are no typos.
Reference:
https://learn.microsoft.com/power-bi/developer/embedded/embedded-troubleshoot

DialogFlow fulfillment for Facebook Messenger Webview

Button to open web view on Facebook Messenger keeps opening a browser, on mobile and desktop
I've created Facebook Messenger Bot, created a Test Page and a Test App, currently receiving webhooks from every message on DialogFlow, which respond correctly to the first message, in which i return a DialogFlow card, with a button, this button supposed to open a webview, but keeps opening a browser tab, on mobile and desktop, now, i'm aware for open a webview on desktop the are some modifications to the code that need to be made but mobile should be working by now and that is not the case. I'm following this flow:
https://cloud.google.com/dialogflow/docs/images/fulfillment-flow.svg)
This the webhook response sent from my Django instance to DialogFlow:
"fulfillmentMessages": [
{
"card": {
"title": "aaa bbb ccc",
"platform": "facebook",
"subtitle": "card text",
"imageUri": "https://ucarecdn.com/6a3aae10-368b-418f-8afd-ed91ef15e4a4/aaaa_bbb_ccc.png",
"buttons": [
{
"type": "web_url",
"text": "Get Recipe",
"postback": "https://assistant.google.com/",
"webview_height_ratio":"compact",
"messenger_extensions": "true"
}
]
}
}],}
This is the view for responding to postback button:
#csrf_exempt
def get_recipe(request):
"""
"""
response = render(request, "recipe_item.html")
response['X-Frame-Options'] = 'ALLOW-FROM https://messenger.com/ https://www.facebook.com/ https://l.facebook.com/'
response['Content-Type'] = 'text/html'
return response
And this is the Messenger Extensions SDK been installed on the HTML for the view corresponding to the webview:
<html>
<head>
<title>Choose your preferences</title>
</head>
<body>
<script>
(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {
return;
}
js = d.createElement(s);
js.id = id;
js.src = "//connect.facebook.com/en_US/messenger.Extensions.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'Messenger'));
window.extAsyncInit = function() {
// the Messenger Extensions JS SDK is done loading
MessengerExtensions.getSupportedFeatures(function success(result) {
let features = result.supported_features;
if (features.indexOf("context") != -1) {
MessengerExtensions.getContext('375919546670588',
function success(thread_context) {
// success
document.getElementById("psid").value = thread_context.psid;
// More code to follow
},
function error(err) {
console.log(err);
console.log(err.message);
}
);
}
}, function error(err) {
console.log(err.message);
});
};
</script>
...
</body>
</html>
The end result should be a web view been opening when Get Recipe button is pushed
EDIT: i just try sending this custom payload to DialogFlow and no webview, button keeps opening browser instead.
{
"fulfillmentMessages": [
{
"payload": {
"facebook": {
"attachment": {
"type":"template",
"payload":{
"template_type":"button",
"text":"Try the URL button!",
"buttons":[
{
"type":"web_url",
"url":"https://www.messenger.com/",
"title":"URL Button",
"webview_height_ratio": "full"
}
]
}
}
}}
}]}
Ladies and Gentleman, i'm happy to announce, problem solve, well at least shows a webview, now i'm going to to try show my on view, i try showing a random website (https://www.messenger.com/), and changing again the custom payload to be send to DialogFlow from my Django instance:
{
"fulfillmentMessages": [
{
"payload": {
"facebook": {
"attachment": {
"type":"template",
"payload":{
"template_type":"button",
"text":"Try the URL button!",
"buttons":[
{
"type":"web_url",
"url":"https://www.messenger.com/",
"title":"URL Button",
"webview_height_ratio": "tall"
}
]
}
}
}}
}]}
Basically, the difference is the change on webview_height_ratio from full to tall or compact, this last two are working, but when i set it to full just open a browser, next:
- Try with my custom view for the webview
- Make all this work on desktop
I'll be in touch!!! i can't say how happy i am, sounds corny, but i don't care, i have been stucks on this for about 36 hours.
I made extension works a month ago with Dialogflow but I gave up the idea because of the latest messenger update that no longer supports beginShareFlow :
https://developers.facebook.com/docs/messenger-platform/webview/sharing/v4.0
Starting August 15, 2019, updated versions of the Messenger app will
no longer support Begin share flow on Messenger extension SDK. As a
workaround, developers can provide a way, to copy a link within the
webview, that people can use to share in Messenger conversations.
Refer to June 10, 2019 Announcement
I had few differences with your json :
button.put("webview_height_ratio", "full"); // <compact|tall|full>",
button.put("messenger_extensions", true);
button.put("webview_share_button", "hide");
Regards,

Getting a limit response from Loopback, when no authentication is provided

I can't find a way to do it in the docs, and I have looked into as well here on Stack Overflow. I want to show a user a limited view of my JSON response from the API, before they have logged in.
So, as an example, I have a e-book I want to sell online. I want them only to see a preview link (epubFile.notAuthoried) of the book when not logged in, and the full link (epubFile.authorized) of the book when logged in. Both links are represented in the same table.
[
{
"title": "string",
"subTitle": "string",
"isPublished": true,
"publicationDate": "2017-10-20T11:07:31.258Z",
"epubFile": {
"notAuthorized": "filename-noauth.epub"
"authorized": "filename-auth.epub"
}
"id": "string",
"createdOn": "2017-10-20T11:07:31.258Z",
"updatedOn": "2017-10-20T11:07:31.258Z"
}
]
Is it even possible to filter out fields from the API Endpoints in loopback?
Or do I need to build a new custom API Endpoint?
first you'll have to set the permissions on your find and findById methods to $everyone so that both authorized and unauthorized users can call them
{
"name": "eBook",
"base": "PersistedModel",
[...]
"acls": [
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property":["find", "findById]
]
}
Next, you'll have to hook into the remote methods and modify the response depending on if hte user is logged in or not
const previewProperites = ['title', 'subTitle', etc...]
Ebook.afterRemote('find', (ctx, ebooks, next) => {
// pseudo code
if(!ctx.options.accessToken){
// no user logged in, only keep preview properties
ebooks.forEach(book => {
// get the properties of the book
var eBookProperties = Object.keys(book.__data);
eBookProperties.forEach(bookProp =>{
if(!previewProperties.some(pProp => pProp === bookProp)){
// ebook property not in preview list, so remove it
delete book.__data[bookProp]; // .__data is where loopback keeps its actual data
}
});
});
}
next();
}

Suggesting an action to consumer in HATEOAS

I'm working on a web service API using the HATEOAS REST representation.
My client can create an item (e.g. a stub of a blogpost):
POST /item
204 Created
Content-Type: application/vnd.foo.item+json
{
"id": 42,
"title": "Lorem Ipsum",
"status": "STUB",
"body": "Very long text."
"_links": {
"self": {
"href": "/item/42"
},
"activate": {
"href": "/item/42/activate"
},
}
}
After that the client can activate the item following the activate link (e.g. go live with the post). So it makes another call to the API:
POST /item/42/activate
200 Ok
Content-Type: application/vnd.foo.item+json
{
"id": 42,
"title": "Lorem Ipsum",
"status": "ACTIVE",
"body": "Very long text."
"_links": {
"self": {
"href": "/item/42"
},
"permalink": {
"href": "/item/42/permalink"
}
}
}
Up to here it is fine. But the problem is that I'm looking for a way to tell the client a suggestion about the next action to do (it's backend business logic).
In my case could be:
Bring the user to post page following the permalink
Bring the user to a shop cart to buy post extra features (visibility, more images, homepage positions and so on...)
Tell the user that the post is pending content review
I don't have an idea on how I could encapsulate this information in HATEOAS.
I was thinking to something like:
POST /item/42/activate
200 Ok
Content-Type: application/json
{
"suggested-action": "check-censure-panel",
"censure-reason": "censored (gambling)",
"_embedded": {
"foo.item": {
"id": 42,
"title": "Lorem Ipsum",
"status": "ACTIVE",
"body": "Very long text."
"_links": {
"self": {
"href": "/item/42"
},
"permalink": {
"href": "/item/42/permalink"
}
}
}
}
But the problem is that every suggested action is heterogeneous for extra attributes, another example may be:
"suggested-action": "go-to-checkout",
"product-order": 424242100,
They don't have a common interface, so I can't make a a vnd.foo.suggestedAction+json type.
What is the best way to design this response?
The next action is a state transition, and you seem to be using HAL so any state transitions should be presented as HAL.
Clients of your app need to react to what state transitions your app provides. So one very simple thing you could do is send a Location header to the next resource the app should present. You could even 302 redirect them there instead of 200'ing them with the updated resource.
You could provide the next action as a link...and not necessarily a HAL link. You could do it as a Link header (https://www.rfc-editor.org/rfc/rfc5988) but i think that would be weird, i just bring it up to knock home the point that your app needs to tell your client about a link.
You seem to want to use custom media types, but you could use profile links (https://www.rfc-editor.org/rfc/rfc6906) and mix in a profile into your vnd.foo type. You can stick to your vnd.foo type and just have it defined that there is an optional suggested-action link relationship. The problem in your example is you're defining it with data fields, but use a link:
{
"id": 42,
"title": "Lorem Ipsum",
"status": "ACTIVE",
"body": "Very long text."
"_links": {
"self": {
"href": "/item/42"
},
"permalink": {
"href": "/item/42/permalink"
},
"x:suggested-action" : {
"href" : "/path/to/best/action"
}
}
the client can follow that link, present the user with an option to follow that link, or ignore it. In the middle case, it's nice if your app provides some context to the user, like a title field:
"x:suggested-action" : {
"href" : "http://path/to/check/censure/panel",
"title" : "Check Censure Panel"
}
Also you can give a hint as to the resource the app can expect:
"x:suggested-action" : {
"href" : "http://path/to/check/censure/panel",
"title" : "Check Censure Panel",
"type" : "vnd.censure.panel/json"
}
I personally don't like doing that as i like my client to react to whatever i send them, but it's useful when you give multiple suggested actions:
"x:suggested-action" : [
{
"href" : "http://path/to/check/censure/panel",
"title" : "Check Censure Panel",
"type" : "vnd.censure.panel/json"
},
{
"href" : "http://path/to/checkout",
"title" : "Start Checkout",
"type" : "vnd.checkout/json"
}
]
now the app can decide based on well defined media types which of the suggested actions it wants to do, present, or ignore.

Getting cookie information from chrome extension

I've tried to look this up but nothing really helped me. I have created a chrome extension and I need to check a cookie value from a given site.
this is my manifest file:
{
"name": "MyExtension",
"version": "1.0",
"description": "First version of My Extension",
"browser_action": {
"default_icon": "bmark.ico",
"popup": "extension.html"
},
"permissions": [
"tabs",
"cookies",
"http://www.example.com"
]
}
in my html file this is my code:
chrome.cookies.get({ url: "http://www.example.com", name: 'user' }, function (cookie) {
alert(cookie != null);
});
the result is false (my cookie is null). according to the google API that means that there isn't such a cookie BUT.... when I look in chrome to see my cookies (chrome://settings/cookies) I can see the cookie I was looking for. Any one knows why the chrome.cookies.get function doesn't work for me?
OK, i figured it out. i was missing the following permissions in the manifest.json file:
"http://*/*",
"https://*/*"
apparently they are needed to access the cookies.