jozxyqk
Reputation: 17396
Setting cross origin permissions in the crossrider generated manifest
In a chrome extension, you can set permissions in manifest.json. I assume crossrider generates this file behind the scenes. How can change the permissions generated by a crossrider extension or is it not possible yet?
My extension in particular needs access to image and video data on all pages. This gets denied with a CORS error and I believe setting the proper permissions would solve my problem.
[EDIT]
Here's the core of my code:
try {
//all nodes in the DOM go through this function
var parseNode = function(node) {
//only get img and video tags
var nodeName = node.nodeName.toUpperCase();
if (["IMG", "VIDEO"].indexOf(nodeName) == -1)
return;
//attempt to extract their pixel data
var canvas = document.createElement("canvas");
var context = canvas.getContext("2d");
try {
console.log(node.src, " ", node.clientWidth, "x", node.clientHeight);
canvas.width = node.clientWidth; //may be zero if failed CORS
canvas.height = node.clientHeight;
context.drawImage(node, 0, 0);
var dat = context.getImageData(0, 0, canvas.width, canvas.height);
console.log("Success");
canvas.remove();
return dat.pixels;
}
catch (e) {
console.log("Failed ", node, ": ", e);
canvas.remove();
}
return null;
};
//parse everything currently loaded
var everything = document.getElementsByTagName("*");
for (var i = 0; i < everything.length; i++) {
parseNode(everything[i]);
}
//use a mutation ovserver to parse everything that gets injected later
var parseMutations = function(mutations) {
mutations.forEach(function(mutation) {
if (mutation.addedNodes) {
for (var i = 0; i < mutation.addedNodes.length; i++) {
parseNode(mutation.addedNodes[i]);
}
}
});
};
var observer = new MutationObserver(parseMutations);
observer.observe(document, {
childList: true,
subtree: true
});
}
catch (e)
{
//this has to be here since all browsers are so shit at catching syntax errors in extensions
//not to mention the crossrider extension won't install properly if there's a typo or missing semicolon. so much pain
console.log(e, " ", e.stack); //stack is pretty useless with crossrider code injection
}
On many pages I just get a tonne of these:
DOMException {
code: 18
message: "Failed to execute 'getImageData' on 'CanvasRenderingContext2D': the canvas has been tainted by cross-origin data."
name: "SecurityError"
...
[EDIT]
I've removed the try/catch so the errors print properly. I'm still seeing lots of errors.
Uncaught SecurityError: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': the canvas has been tainted by cross-origin data.
I'm using this page to test with: http://en.wikipedia.org/wiki/HSL_and_HSV
"Run in IFrame" is off.
try {
//all image and video nodes in the DOM go through this function
var parseNode = function(node) {
//attempt to extract their pixel data
var canvas = document.createElement("canvas");
var context = canvas.getContext("2d");
node.title = "FAILED";
console.log(node.src, " ", node.clientWidth, "x", node.clientHeight);
canvas.width = Math.max(1, node.clientWidth); //may be zero if failed CORS
canvas.height = Math.max(1, node.clientHeight);
context.drawImage(node, 0, 0);
var dat = context.getImageData(0, 0, canvas.width, canvas.height);
canvas.remove();
return dat.pixels;
node.title = "SUCCESS";
return null;
};
//parse everything currently loaded
var everything = document.getElementsByTagName("*");
for (var i = 0; i < everything.length; i++) {
var node = everything[i];
var nodeName = node.nodeName.toUpperCase();
if (["IMG", "VIDEO"].indexOf(nodeName) != -1)
(function(n) {setTimeout(function(){parseNode(n);},1000);})(node);
}
//use a mutation ovserver to parse everything that gets injected later
var parseMutations = function(mutations) {
mutations.forEach(function(mutation) {
if (mutation.addedNodes) {
for (var i = 0; i < mutation.addedNodes.length; i++) {
var node = mutation.addedNodes[i];
var nodeName = node.nodeName.toUpperCase();
if (["IMG", "VIDEO"].indexOf(nodeName) != -1)
(function(n) {setTimeout(function(){parseNode(n);},1000);})(node);
}
}
});
};
var observer = new MutationObserver(parseMutations);
observer.observe(document, {
childList: true,
subtree: true
});
}
catch (e)
{
//this has to be here since all browsers are so shit at catching syntax errors in extensions
console.log(e, " ", e.stack); //stack is pretty useless with crossrider code injection
}
Upvotes: 0
Views: 463
Answers (1)
Shlomo
Reputation: 3753
Currently, the Crossrider platform does not provide a mechanism for modifying manifest permissions though there are plans to consider this for future releases.
Hence, you may manually experiment with adding the permission in the CRX file, though bear in mind that it may hinder the ability to support your extension.
[Disclosure: I am a Crossrider employee]
Upvotes: 2
Related Questions
- CORS Chrome Extension with manifest version 2
- How to make a cross-origin request in a content script (currently blocked by CORB despite the correct CORS headers)?
- Chrome Extension - Getting CORS error when trying to fetch() from background script with manifest v3
- Chrome Extension Manifest permissions for same domain
- CORS Chrome Extension with manifest version 3
- CORS and Content policy violation problems - Chrome extension manifest V3
- Injecting content scripts and requesting cross-origin permissions
- Enable cross domain permission in google chrome extension manifest.json
- How can I override javascript files referenced with the crossorigin="anonymous" using a Google Chrome extension?
- Access-Control-Allow-Origin chrome extension persmission not working