Chrome-Store-Foxified icon indicating copy to clipboard operation
Chrome-Store-Foxified copied to clipboard

Published 20 hours ago verified publisher icon Noitidart

No longer appearing in Chrome web store

Open hackel opened this issue 7 years ago • 11 comments

I realise this is a constantly changing target, and thank you and everyone involved for your work on this!

It seems that Chrome Store Foxified is no longer able to properly inject itself into the Chrome web store. Even when changing the user agent to Chrome, it simply doesn't show an install button of any kind. I assume Google is trying to block Firefox for some obnoxious reason. I noticed the following possibly relevant console messages:

14:11:13.075 SecurityError: Permission denied to access property "exports" on cross-origin object 1 react-with-addons.js:12 14:11:13.186 Content Security Policy: The page's settings blocked the loading of a resource at data:application/javascript;base64,KGZ1b... ("script-src 'unsafe-inline' https: http: 'unsafe-eval'"). 1 (unknown)

I'm running FF 54.0a2 (latest aurora RIP).

hackel avatar Apr 18 '17 19:04 hackel

Haha @ aurora RIP

I will start the webext port right away. Will get back to you soon.

Noitidart avatar Apr 18 '17 19:04 Noitidart

for some obnoxious reason

Content-Security-Policy is not obnoxious, it's an excellent security mechanism.

Addons like this one could just intercept the store responses and change the policy header

valpackett avatar May 05 '17 12:05 valpackett

@myfreeweb No, intentionally blocking a competitor's browser from installing extensions hosted on your platform is obnoxious. That has nothing to do with CSP itself. Maybe it's a coincidence, but since this used to work just fine, I'm rather sceptical.

hackel avatar May 05 '17 19:05 hackel

The fact that the error is CSP makes me think that it's not intentional. The exact same header is sent to both browsers, they don't even check user-agent! Obviously they prioritize security over supporting Firefox extensions that inject scripts into their website…

valpackett avatar May 05 '17 20:05 valpackett

Thank you all for helping discuss this. For the webextension version, it will not auto-install the extension, I was trying to find a way around this. So I haven't got to this CSP issue yet, so your discussion about it is much appreciated!

Noitidart avatar May 05 '17 23:05 Noitidart

Any word on when this will be resolved?

kjschulz avatar Sep 22 '17 14:09 kjschulz

Yep I'm working on the webext version right now and have not encoutnered the CSP issue yet. I will update this topic as I get a test version out so we can jointly verify. :)

Noitidart avatar Sep 22 '17 15:09 Noitidart

Much appreciated @Noitidart! In the meantime for anyone else, the cli web-ext tool is pretty awesome for any testing you'd like to do, and makes self-signing extensions a breeze.

hackel avatar Sep 25 '17 16:09 hackel

v3 just released, please try it out now :) https://addons.mozilla.org/en-US/firefox/addon/chrome-store-foxified/

Noitidart avatar Nov 06 '17 19:11 Noitidart

It didn't work for me, I get the following when trying to install the LastPass addon: Failed to upload to AMO. Internal server error occured, this extension is likely unsupported by the review system and will even fail manual upload.

Should I click theInstall Unsigned link? Sounds scary :/

kjschulz avatar Nov 06 '17 19:11 kjschulz

Oh thats a bug on addon-server side. Nothing we can do about it. :(

@kjschulz actually "install" is the equivalent of "install unsigned" from a security prespective. Getting it signed, just makes it auto install and stay installed. :)

Noitidart avatar Nov 06 '17 22:11 Noitidart