-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chrome.scripting.executeScript allFrames doesn't resolve on CSP-restrictive pages. #715
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
I added host_permissions *://*/* and the same behavior happens. Do you have
a repo or gist with an extension working like this? Or does specifying
specifically mozilla's domain work different than the wildcard?
…On Sun, May 22, 2022, 12:39 PM guest271314 ***@***.***> wrote:
Observe the error in ServiceWorker context
Unchecked runtime.lastError: Cannot access contents of the page. Extension manifest must request permission to access the respective host.
Add to manifest.json
"host_permissions": ["https://developer.mozilla.org/"]
Since DOM element is not observable in ServiceWorker context, adjust func
and callback to
chrome.scripting.executeScript(
{
target: {
tabId: tab.id,
allFrames: true,
},
'func': function() {
return document.activeElement.tagName;
},
'args': [],
},
(args) => {console.log('callback', args[0].result)});
—
Reply to this email directly, view it on GitHub
<#715 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACY4ANWIZZE3GHQ6KCSFYTVLJPLFANCNFSM5WG62C6A>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
I am building a keyboard (IME is only available on Chrome OS) so I need it
to work on any inputable on any site. I know inputable can be set to
context menu, but for accessibility I need to support at least two ways of
opening the extension (shortcut or clicking the action)
I will try your example out. Thanks!!!
…On Sun, May 22, 2022, 3:35 PM guest271314 ***@***.***> wrote:
I added host_permissions *://*/*
"host_permissions": ["*://*/"]
achieves the expected result.
—
Reply to this email directly, view it on GitHub
<#715 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACY4AOZQTCSVPEF3XIXIUDVLKEBHANCNFSM5WG62C6A>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
@guest271314 I tested your zip, the "callback" log is never logged. I'm on Chrome version 101.0.4951.64... so I'm guessing it was fixed at some point between 101 and 104. I'll keep this bug open until 104 is stable |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Yes, on the service worker context, the "click" is logged (before
executeScript) and the callback line is never reached.
…On Mon, May 23, 2022 at 6:14 PM guest271314 ***@***.***> wrote:
the "callback" log is never logged.
How do you know the callback is not fired? Are you checking for the
callback to be fired in ServiceWorker context? The callback does not
propagate to the target Web page.
—
Reply to this email directly, view it on GitHub
<#715 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACY4APMFX573AKQPIIFVLLVLP7LFANCNFSM5WG62C6A>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Tomás Roggero
https://tomasroggero.com
|
This comment was marked as off-topic.
This comment was marked as off-topic.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
chrome.scripting.executeScript
callback is never called (if using promises, the promise never resolves) when the page in which it's executed contains iframe with certain CSP headers that seem restrictive / safer.To Reproduce
And then click the extension icon on a site like https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
Expected behavior
The Promise should throw or the callback should be called.
** Notes**
I'm suspicious of Content Security Policy but I did not try using Charles (or similar proxy) to override header by header to know which one is messing up the extension. This may even be a bug using MV2, Chrome Input Tools also doesn't work on the Mozilla site.
The text was updated successfully, but these errors were encountered: