Firefox add-on host permission error on tab with PDF file - firefox-addon-webextensions

I couldn't find this exact situation elsewhere: I have a custom add-on, which I'm loading temporarily via the developer menu. In the manifest file, I'm asking for a lot of permissions already:
{
"manifest_version": 2,
"name": "...",
"version": "1.0",
"description": "...",
"homepage_url": "...",
"permissions": [
"file:///*",
"*://*/*",
"<all_urls>",
"activeTab",
"bookmarks",
"contextMenus",
"tabs"
],
"background": {
"scripts": ["background.js"]
},
"browser_action": {
"default_icon": {
"19": "icon.svg"
},
"default_title": "..."
}
}
I have a background script only at the moment, however a small content script snippet gets injected:
(function() {
browser.browserAction.onClicked.addListener(async (tab) => {
let executing = browser.tabs.executeScript(tab.id, {
code: "window.getSelection().toString()"
})
...
try {
let selection = await executing
...
} catch(exception) {
console.log(exception)
}
...
})
})()
The purpose is essentially to get the current selection as text (for now) in order to later upload it to a bookmarking service of sorts.
However, when I have a tab open with a PDF file (https://www.example.com/file.pdf or file:///home/foo/file.pdf), the call of the content script to window.getSelection().toString() fails, with the following error:
Error: Missing host permission for the tab
Is this expected and I'm just missing a particular permission (and which one would that be)? Or is it unexpected and possibly worthy of a bug report?
Also, the call works in the developer console, which is why I'm thinking I'm really missing permissions somehow.

Related

Why is Google App Engine throwing access forbidden errors?

Could really use some help here. I have a GAE NodeJS app in the standard environment. Until a few days ago (09/23) it was running just fine, it would respond to requests as expected, etc.
Today, the app responds with 403's when I try to make any request to my appspot url. I'm 100% certain this is not a code issue, as if I deploy the same code to GAE in another project, it works fine. Furthermore, the only firewall rule is a wildcard to allow all traffic.
Edit: adding the only relevant-looking log entry I see from the project:
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {},
"authenticationInfo": {
"principalEmail": "address#domain.com"
},
"requestMetadata": {
"callerIp": "x.x.x.x",
"requestAttributes": {
"time": "2021-09-23T15:04:05.198927Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "appengine.googleapis.com",
"methodName": "google.appengine.v1.Services.UpdateService",
"authorizationInfo": [
{
"resource": "apps/my-google-cloud-project-id/services/default",
"permission": "appengine.services.update",
"granted": true,
"resourceAttributes": {}
}
],
"resourceName": "apps/my-google-cloud-project-id/services/default",
"serviceData": {
"#type": "type.googleapis.com/google.appengine.v1.AuditData",
"updateService": {
"request": {
"name": "apps/my-google-cloud-project-id/services/default",
"service": {
"networkSettings": {
"ingressTrafficAllowed": "INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB"
}
},
"updateMask": "networkSettings"
}
}
},
"resourceLocation": {
"currentLocations": [
"us-east1"
]
}
},
"insertId": "an-id",
"resource": {
"type": "gae_app",
"labels": {
"project_id": "my-google-cloud-project-id",
"zone": "",
"module_id": "default",
"version_id": ""
}
},
"timestamp": "2021-09-23T15:04:05.131761Z",
"severity": "NOTICE",
"logName": "projects/my-google-cloud-project-id/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "some-operation-uuid",
"producer": "appengine.googleapis.com/admin",
"first": true
},
"receiveTimestamp": "2021-09-23T15:04:05.495890906Z"
}
I don't recall making this change, and I'm not sure what the ingressTrafficAllowed value was before.
Somehow the ingress setting on the GAE service got changed. I believe that issue was fixed by going to GCP console > App Engine > Services > select affected service(s) -> Edit ingress setting from the top, and select the appropriate value.
I say I believe this fixed the issue as I was still getting 403's on my appspot url after doing this, and ultimately I ended up deleting and re-creating the project from scratch, which got everything working again. Clearly there was some misconfiguration somewhere in my project, but GCP does not make it easy to diagnose what the issue might be.

Asp.Net Core Api Authorization

I have an Asp.Net Core / ReactJs aopplication. I'm using Microsoft.AspNetCore.ApiAuthorization.IdentityServer to authenticate the API. However, I'm getting an error, which I believe is down to bad configuration.
If I run this locally, with the following config, everything works, and the app redirects to the log-in screen as expected:
"IdentityServer": {
"Clients": {
"MyApp": {
"Profile": "IdentityServerSPA",
}
},
"Key": {
"Type": "File",
"FilePath": "Assets/selfsignedcert.pfx",
"Password": "password"
}
},
However, if I change the config to the following:
"IdentityServer": {
"Clients": {
"MyApp": {
"Profile": "IdentityServerSPA",
"RedirectUri": "https://localhost:5211/authentication/login-callback"
"LogoutUri": "https://localhost:5211/authentication/logout-callback"
}
},
"Key": {
"Type": "File",
"FilePath": "Assets/selfsignedcert.pfx",
"Password": "password"
}
},
It errors (redirecting to the following):
https://localhost:5211/home/error?errorId=1234...
Looking at the auth request, from the client, they are exactly the same; however the second returns an error, while the first successfully redirects.
Is there something wrong with my config? Alternatively, how can I debug this issue?
Both of your Uris in the non-working configuration point to logout. Is this really what you're trying to do?
In the first configuration, you're not defining any Uris, so they will have the following default values:
The redirect_uri defaults to /authentication/login-callback.
The post_logout_redirect_uri defaults to /authentication/logout-callback.
As documented here
Try changing the second configuration to match the default values to see if that helps.
The client configuration of redirect_uri and post_logout_redirect_uri must be identical to the IDP:
redirect_uri: 'https://localhost:5211/authentication/login-callback',
post_logout_redirect_uri: 'https://localhost:5211/authentication/logout-callback',
Or
redirect_uri: $'{IDPhost_config}/authentication/login-callback',
post_logout_redirect_uri: $'{IDPhost_config}/authentication/logout-callback',

EventGrid Trigger - How to set clienttrackingid from triggerbody?

In a microservice environment where requests span multiple services including eventgrid i'd like to configure an end-to-end logging with correlationid.
Inspired by this blog https://toonvanhoutte.wordpress.com/2018/08/05/end-to-end-correlation-across-logic-apps/
How can i configure the EventGrid triggers clientTrackingId with my correlationnr from Events data payload?
Checkout my definition below which does not work.
If i substitute "#{coalesce(json(triggerBody().Data)?.CorrelationNr, guid())}" with a string value or even "#parameters('$connections')['azureeventgrid']['connectionId']" it works like a charm.
"triggers": {
"When_a_resource_event_occurs": {
"correlation": {
"clientTrackingId": "#{coalesce(json(triggerBody().Data)?.CorrelationNr, guid())}"
},
"inputs": {
"body": {
"properties": {
"destination": {
"endpointType": "webhook",
"properties": {
"endpointUrl": "#{listCallbackUrl()}"
}
},
"filter": {
"includedEventTypes": [
"webhook.sp.updated"
]
},
"topic": "/subscriptions/xxxx/resourceGroups/xxx/providers/Microsoft.EventGrid/topics/WebHookManager"
}
},
"host": {
"connection": {
"name": "#parameters('$connections')['azureeventgrid']['connectionId']"
}
},
"path": "/subscriptions/#{encodeURIComponent('xxx')}/providers/#{encodeURIComponent('Microsoft.EventGrid.Topics')}/resource/eventSubscriptions",
"queries": {
"x-ms-api-version": "2017-06-15-preview"
}
},
"splitOn": "#triggerBody()",
"type": "ApiConnectionWebhook"
}
}
Logic App does not trigger. No Error message.
Please check the description about clientTrackingId, and your logic app no runs history is because your triggerBody() doesn't have CorrelationNr with the definition you show.
Actually your Event Grid trigger has detected the event, it just couldn't run with the logic. You could go to the EVALUATION and check the trigger history. It's because the value is null, then it won't run.
If you use HTTP request trigger, you could set the x-my-custom-correlation-id header. or set any key-value in the json body, then set the clientTrackingId with like #{coalesce(json(triggerBody())['keyname'], guid())}.
And if you are using some trigger without header, you have to point the value with string or other parameter like you said the connectionid or the parameter value you custom like below.
So the point is the clientTrackingId must be set before it runs and value could be obatined.

install from github using composer and no composer.json in github

I try to install the plugin CakePHP-CSV using Composer. I forked it from ProLoser/CakePHP-CSV.
I don't want to install it in Vendor, but in Plugin folder and with the name of Csv and not the default one that is the plugin name. I tried to use the extra in composer.json but what ever I tried it installs it in Vendor folder of the project.
"repositories": [
{
"type": "package",
"package": {
"name": "CakePHP-CSV/Csv",
"version": "dev-master",
"source": {
"url": "https://github.com/sela/CakePHP-CSV",
"type": "git",
"reference": "origin/master"
}
}
}
],
"require": {
"CakePHP-CSV/Csv": "dev-master",
},
"config": {
"vendor-dir": "Vendor"
},
"extra": {
"installer-paths": {
"Plugin/Cvs": ["Plugin/cvs"]
}
}
You need to make your package depend on composer/installers.
From Composer's documentation:
If you are a package author and want your package installed to a custom directory, simply require composer/installers and set the appropriate type. This is common if your package is intended for a specific framework such as CakePHP, Drupal or WordPress. Here is an example composer.json file for a WordPress theme:
{
"name": "you/themename",
"type": "wordpress-theme",
"require": {
"composer/installers": "~1.0"
}
}
And later (I've added italics to the important part):
As a package consumer you can set or override the install path for a package that requires composer/installers by configuring the installer-paths extra. A useful example would be for a Drupal multisite setup where the package should be installed into your sites subdirectory.
Note that extra is simply a place to put arbitrary data:
Arbitrary extra data for consumption by scripts.
This can be virtually anything. To access it from within a script event handler, you can do:
$extra = $event->getComposer()->getPackage()->getExtra();
The second part is very important; something has to retrieve the extra data and do something with it. In this instance that something is composer/installers.
I needed more space for the code so I answer myself. The following code worked and I didn't need to fork the code.
"repositories": [
{
"type": "package",
"package": {
"name": "ProLoser/CakePHP-CSV",
"version": "1.0",
"type": "cakephp-plugin",
"dist": {
"url": "https://github.com/ProLoser/CakePHP-CSV/archive/master.zip",
"type": "zip"
}
}
}
],
"require": {
"composer/installers": "~1.0.0",
"ProLoser/CakePHP-CSV": "1.*"
},
"config": {
"vendor-dir": "Vendor"
}

Install CakePHP Plugin and Helper via Composer

I want to install the following plugin and helper via Composer:
https://github.com/cakephp/debug_kit
https://github.com/loadsys/twitter-bootstrap-helper
Here is my composer.json:
{
"repositories": [
{
"type": "package",
"package": {
"name": "cakephp/debug_kit",
"version": "2.0",
"source": {
"url": "https://github.com/cakephp/debug_kit",
"type": "git",
"reference": "origin/2.0"
}
}
},
{
"type": "package",
"package": {
"name": "loadsys/twitter-bootstrap-helper",
"version": "2.1",
"source": {
"url": "https://github.com/loadsys/twitter-bootstrap-helper",
"type": "git",
"reference": "origin/2.1"
}
}
}
],
"require": {
"loadsys/twitter-bootstrap-helper": "2.1.*",
"cakephp/debug_kit": "2.0"
},
"config": {
"vendor-dir": "Vendor/"
},
"autoload": {
"psr-0": {
"DebugKit": "/cakephp/debug_kit/",
"TwitterBootstrap" : "/loadsys/twitter-bootstrap-helper"
}
}
}
The packages are successfully installed at Vendor/cakephp/debug_kit and Vendor/loadsys/twitter-bootstrap-helper
My issues lies in how to I load them in CakePHP. I have the following in my bootstrap.php:
require APP . 'Vendor/autoload.php';
When I attempt to load the Plugin after requiring the autoload with:
CakePlugin::load('DebugKit');
It can not be found. Similar results with loading the helper in my AppController.php with
public $helpers = array('TiwtterBootstrap');
I am a newbie to Composer and am likely missing something simple or just not grasping how to properly load them from the Vendors folder.
Everything you have done is correct, you just need to add an extra section to instruct composer where to install your plugin. Note the extra "installer-paths" sections
, it needs to point to the relative path where you want you plugin be installed.
{
"minimum-stability": "dev",
"config": {
"vendor-dir": "vendors"
},
"extra": {
"installer-paths": {
"app/Plugin/DebugKit": ["cakephp/debug_kit"],
}
},
"require" : {
"php": ">=5.4",
"cakephp/debug_kit": "2.2.*"
}
}
I was rushed this morning in my comment, here is the "extra" block I added to my composer.json:
"extra": {
"installer-paths": {
"Plugin/DebugKit": ["cakephp/debug_kit"],
"Plugin/TwitterBootstrap": ["loadsys/twitter-bootstrap-helper"]
}
Deleting my composer.lock in order to start over with the install, still didn't put the files into the Plugin folder. However, even if I got that to work, I thought it would be possible for the system to recognize the plugins from the Vendor folder via the composer autoload and perhaps some magic from Cake. That way I could just keep the entire Vendors folder out of my repository for this project and update my dependencies as needed.
I ended up solving my issue by just sym linking to these files from the Plugin folder and my system is recognizing the Plugins.

Resources