Unable to load unpacked extensions
eriq
This is my first round of Chromium development. I am developing on
Ubuntu 11.10 64bit.
I have managed to get the source, compile, and run Chromium. However,
I cannot load unpacked extensions. When I try, I get the following
error:
"Could not load extension from '/my/real/path/extension'. Invalid
value for 'manifest_version'."
I have tried this with a few sample extensions I found attached to bug
reports as well as the "Hello, World!" extension shown on
http://code.google.com/chrome/extensions/getstarted.html
In all if these, there is no "manifest_version" anywhere in the
extension code.
All of these work when I try to load them in a production version of
Chromium (downloaded from the website).
In my compiled version, I am able to successfully get extensions from
the webstore.
I have tried manually setting a "manifest_version" property in the
various extensions manifest.json file, but nothing worked.
I tried various values from 0 to 2 (with and without a trailing ".0")
and even an empty string.
I re-synced the source (about 4 hours after the original sync), but
the problem persists.
Any ideas?
Thanks,
Eriq
Ben Wells
Have a go with this line in your manifest:
"manifest_version": 2,
Note the lack of quotes around the 2.
Cheers,
Ben.
On Dec 9, 1:32 pm, eriq <eriq.au...@gmail.com> wrote:
> Hello all,
>
> This is my first round of Chromium development. I am developing on
> Ubuntu 11.10 64bit.
> I have managed to get the source, compile, and run Chromium. However,
> I cannot load unpacked extensions. When I try, I get the following
> error:
>
> "Could not load extension from '/my/real/path/extension'. Invalid
> value for 'manifest_version'."
>
> I have tried this with a few sample extensions I found attached to bug
> reports as well as the "Hello, World!" extension shown onhttp://code.google.com/chrome/extensions/getstarted.html
Adam Barth
on updating the documentation.
Adam
> --
> Chromium Developers mailing list: chromi...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-dev
Adam Barth
wasn't expecting folks to run into this new requirement before we
released a build with the new behavior.
Adam
eriq
Thanks for the quick update.
Using "manifest_version": 2 works great.
Thanks,
Eriq
On Dec 8, 9:50 pm, Adam Barth <aba...@chromium.org> wrote:
> I should also apologize that the documentation isn't up-to-date. I
> wasn't expecting folks to run into this new requirement before we
> released a build with the new behavior.
>
> Adam
>
>
>
>
>
>
>
> On Thu, Dec 8, 2011 at 9:49 PM, Adam Barth <aba...@chromium.org> wrote:
> > Yes. I just landed a patch to improve the error message. I'm working
> > on updating the documentation.
>
> > Adam
>
> > On Thu, Dec 8, 2011 at 9:29 PM, Ben Wells <benwe...@chromium.org> wrote:
> >> Hi Eriq,
>
> >> Have a go with this line in your manifest:
>
> >> "manifest_version": 2,
>
> >> Note the lack of quotes around the 2.
>
> >> Cheers,
> >> Ben.
>
> >> Chromium Developers mailing list: chromium-...@chromium.org
Jamie Walch
The app works if I run Chrome with the --allow-legacy-extension-manifests flag. Is this change going to affect web-store apps as well? I'm going to look into how to fix our web-app so that it works with a v2 manifest, but if our CWS app is not going to work with recent versions of Chrome, then obviously I need to do so sooner rather than later.
Chromium Developers mailing list: chromi...@chromium.org
Adam Barth
> I'm hitting a similar problem. Setting the manifest_version allows the app
> to be loaded, but it won't run. I get the following error message on the
> console:
>
> Refused to execute inline event handler because of
> Content-Security-Policy.
>
> The app works if I run Chrome with the --allow-legacy-extension-manifests
> flag. Is this change going to affect web-store apps as well? I'm going to
> look into how to fix our web-app so that it works with a v2 manifest, but if
> our CWS app is not going to work with recent versions of Chrome, then
> obviously I need to do so sooner rather than later.
There's a blog post in the works that explains what's happening here
in more detail. We've been waiting for the blog posts about M16 and
M17 to be posted before publishing that post because it concerns M18.
I'll ask if we can publish it sooner since folks like yourself are
running into these issues sooner than we expected.
The short answer to your question is that Chrome will continue to let
users install and run extensions and apps with manifest_versions less
than 2. Currently, on trunk, only unpacked extensions and apps are
required to update to manifest_version 2. We've been discussing
whether to change that to a warning rather than a blocking error.
When you update your extension to manifest_version 2, that causes
Chrome to start enforcing a default Content-Security-Policy, which is
described in the "trunk" version of the extension documentation:
http://code.google.com/chrome/extensions/trunk/manifest.html#content_security_policy
The goal of this change is to help mitigate cross-site scripting
vulnerabilities in extensions. The main change you'll need to make to
your extension is to put your HTML and your JavaScript in separate
files. That means rather than using an inline script block, like
<script> ... </script>, you'll need to use an out-of-line script, like
<script src="..."></script>. Additionally, rather than using inline
event handlers, like <button onclick="...">, you'll need to use DOM
APIs, like addEventListener("click", ...).
Please let me know if you have any further questions or run into any
more issues. I'll ask for the blog post to be moved up on the
schedule.
Thanks for your patience,
Adam
Jamie Walch
Adam Barth
> How does the content_security_policy tag work with the permissions tag? It
> seems like I have to specify my XHR sources in both places, correct?
You can also add
connect-src *
to your content_security_policy. The default policy doesn't place any
restrictions on XMLHttpRequest.
Adam
Ryan Hamilton
Adam Barth
there a message in the console that says something about
Content-Security-Policy?
Adam