Problem with chrome.declarativeNetRequest by using redirect to extension resources
638 views
Skip to first unread message
Tahtu
Aug 5, 2022, 9:00:56 AM8/5/22
to Chromium Extensions
My first post here. Please forgive me, if I make something wrongly.
I'm working on a Chrome extension to block images from web pages. I realize this with chrome.declarativeNetRequest to add rules with something like this:
{
"action": {
"type": "redirect",
"redirect": {
"extensionPath": "/a.jpg"
}
},
"condition": {
"urlFilter": "*",
"resourceTypes": ["image", "media"]
}
}
This fails because of a "strict-origin-when-cross-origin" problem in Chrome 103. If I'm right, Chrome does not allow me to redirect to a Chrome extension image.
But it's allows a redirect to a third party domain with:
{
"action": {
"type": "redirect",
"redirect": {
"url": "https://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png"
}
},
"condition": {
"urlFilter": "*",
"resourceTypes": ["image", "media"]
}
}
Why it's not allowed to redirect into an extension resource, but into a third party domain. Imho, extension should be more trustful than other domains.
Is this a bug in Chrome?
And what is the sense to implement "extensionPath", if it's doesn't work?
The documentation of it is available here:
https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#type-Redirect
I'm working on a Chrome extension to block images from web pages. I realize this with chrome.declarativeNetRequest to add rules with something like this:
{
"action": {
"type": "redirect",
"redirect": {
"extensionPath": "/a.jpg"
}
},
"condition": {
"urlFilter": "*",
"resourceTypes": ["image", "media"]
}
}
This fails because of a "strict-origin-when-cross-origin" problem in Chrome 103. If I'm right, Chrome does not allow me to redirect to a Chrome extension image.
But it's allows a redirect to a third party domain with:
{
"action": {
"type": "redirect",
"redirect": {
"url": "https://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png"
}
},
"condition": {
"urlFilter": "*",
"resourceTypes": ["image", "media"]
}
}
Why it's not allowed to redirect into an extension resource, but into a third party domain. Imho, extension should be more trustful than other domains.
Is this a bug in Chrome?
And what is the sense to implement "extensionPath", if it's doesn't work?
The documentation of it is available here:
https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#type-Redirect
Eric Lawrence
Aug 5, 2022, 9:28:22 AM8/5/22
to Tahtu, Chromium Extensions
Can you explain exactly what you mean when you say: "This fails because of a "strict-origin-when-cross-origin" problem in Chrome 103."
Is a.jpg listed in your manifest's webAccessibleResources?
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/c0a8c443-1a19-45c4-af49-803d7f2f6af7n%40chromium.org.
Nils Hoyer
Aug 5, 2022, 9:35:47 AM8/5/22
to Eric Lawrence, Chromium Extensions
> Can you explain exactly what you mean when you say: "This fails because of
> a "strict-origin-when-cross-origin" problem in Chrome 103."
Chrome identifies, the the resource should be redirected to a resource inside the Extension path. But it does not load it from them, and shows the "strict-origin-when-cross-origin" problem inside the developer tools as the reason not to show it.
> a "strict-origin-when-cross-origin" problem in Chrome 103."
> Is a.jpg listed in your manifest's webAccessibleResources?
wOxxOm
Aug 5, 2022, 10:08:56 AM8/5/22
to Chromium Extensions, Tahtu, Chromium Extensions, bay...@gmail.com
You need to declare this resource in web_accessible_resources in manifest.json.
I suggest you open an issue on https://crbug.com and suggest removing this requirement because it doesn't make sense intuitively even though there is a technical explanation under the hood.
Nils Hoyer
Aug 5, 2022, 11:43:45 AM8/5/22
to wOxxOm, Chromium Extensions, bay...@gmail.com
> You need to declare this resource in web_accessible_resources in
> manifest.json.
Thank you for your suggestion. Unfortunately, it doesn't help too.
> manifest.json.
> I suggest you open an issue on https://crbug.com and suggest removing this
> requirement because it doesn't make sense intuitively even though there is
> a technical explanation under the hood.
wOxxOm
Aug 5, 2022, 12:30:02 PM8/5/22
to Chromium Extensions, Tahtu, bay...@gmail.com, wOxxOm
Declaring in web_accessible_resources works, I've just checked. Make sure you've reloaded the extension after editing manifest.json and that the image URL is covered by your host_permissions. BTW your rule is missing an id but I guess it's due to copypasting here.
Tahtu
Aug 5, 2022, 11:38:52 PM8/5/22
to Chromium Extensions, wOxxOm, Tahtu, bay...@gmail.com
The missing "
web_accessible_resources" was the solution inside the manifest.json file:
"web_accessible_resources": [
{
"resources": [ "*.gif", "*.jpg", "*.png", "*.swf" ],
"matches": [ "*://*/*" ]
}
]
The "host_permissions", I've added before.
Thank you for the hint with the "id", I've added them too.
Reply all
Reply to author
Forward
0 new messages