How to update the Content Security Policy in a Chrome app? - google-chrome-app

I see in Chrome's documentation that the content security policies for Chrome Apps can't be relaxed. However, I'm wondering: can the content security policy be updated to make it more restrictive? If so how is that done?
The manifest.json for Chome Apps does not include a field for content_security_policy like the manifest.json for extensions does.

Related

Google assistant's privacy policiy error is showing in google assistant quiz

Google Assistant is showing that my privacy policies are invalid ,while i was creating a quiz in Google Assistant
my privacy poliy document is as follows
https://docs.google.com/document/d/1C6G50XX5lOtdjFZTk2Qc9wkSqPKSeaM95Ydw0lt1zGI/edit?usp=sharing
Your Privacy Policy document is not available to the public. You need to change the permissions on the document so everyone can read it.
Once you've done so, you can test to make sure you can see it without logging in by, for example, testing it with Chrome in Incognito Mode.
Apart of the fact that as Prisoner said, your policy needs to be public, also be aware that your policy matches your actions language. I had that mistake so i had to set up a policy for english and one in spanish.

How should I deal with the Facebook app privacy policy URL in developers page?

I'm trying to import fb-login function and there are some features which need to be inspected by facebook such as job status, education, etc.
And they're saying that they requires privacy policy URL. So, I made a facebook page, which I will use as a landing page for my app, and wrote down the Privacy Policy to the Note.
After that, I copied the note's url and pasted it to the Privacy Policy URL box. I tried to save and proceed, but than error message comes up,
Facebook URL: Facebook URL cannot be crawled
So, my question is this: Is it unavailable to use facebook page to submit the privacy policy URL? This is my first time importing fb-login, so I just don't know what should I do and what shouldn't I do.
This should work ( Kind of a trick to fool FB ;) )
Create a free privacy policy here.
Upload your privacy policy (the one you just created) to your google drive account.
Select the uploaded privacy policy file and click on Get Shareable link. Copy and paste the generated link into your facebook app's Privacy Policy URL input box and click on save changes.
Thanks ☺️
This is likely the problem.
After that, I copied the note's url and pasted it to the Privacy
Policy URL box. I tried to save and proceed, but than error message
comes up, 'Facebook URL: Facebook URL cannot be crawled'
Instead of using a Facebook note, you're likely required to host that privacy policy yourself publicly. Given that Facebook can be a silo and hide pages whenever they like from the public web, you'd be well advised to move it to a site of yours.
This also seems to be Facebook's requirement:
Provide a publicly available and easily accessible privacy policy that
explains what data you are collecting and how you will use that data.
You may use Account Information in accordance with your privacy policy
and other Facebook policies. All other data may only be used outside
your app after you have obtained explicit user consent.
Include your privacy policy URL in the App Dashboard.
Link to your privacy policy in any app marketplace that allows you to.
Comply with your privacy policy.
How can you do that?
There are a few options:
host on your own site
host on sites that allow to create public and persistent pages (just a thought, github?)
use a dedicated tool for privacy policy creation and hosting like iubenda
Hope this helps (p.s. I work for iubenda)
Facebook has provided a link to test your URL which will show you that your URL is as per their standard or not.
Test your URL here:
https://developers.facebook.com/tools/debug/sharing/
Working
go to this link https://developers.facebook.com/apps
then click Basic tab setting
scroll down till you see +add platform tab and click it
remove all allowed platform link android web....NB makes sure you have the details saved somewhere else ..like on notepad
then go to top and switch the mode from off to live.
your app will be live
then go down again to add platform and add your plaform like android or web
The URL to your Privacy Policy must be public and accessible. That's both a requirement from Facebook and law (see California Business Code and CalOPPA in the US). Here's Facebook Developer Policy:
If you received the Facebook URL: Facebook URL cannot be crawled try to also not block bots access to the Privacy Policy page, i.e. Facebook Link Preview could crawl it or Google bot.
Some of the previous suggestions are not for free as for now. One of the free options I found:
https://www.iubenda.com/en/start-generating
Be sure to select Facebook app, NOT Mobile app, and click "Start Generating"
For those looking for a free solution, I used https://www.termsfeed.com/privacy-policy-generator/ and it was validated in the Meta API in less than 2 minutes.
This site will offer a paid professional solution, but the free one worked like a charm.
Don't worry about hosting. the site gives you a hosted url
Go to Dashboard, Click on the Application
Go to Settings --> Basic at Sidebar
Remove apps if there is any under Add platform
Add policy URL and Turn the status to LIVE
and then you can add apps of your choice for live apps

Where does the Chrome web store "Support" tab come from?

I'm creating a packaged Chrome app for the Chrome web store ... how do I enable a "Support" tab on my app page within the store?
I'm reading the documentation on manifest.json, but I don't see any property that enables this support tab.
This is a global setting available in your Dashboard:
After clicking:
Word of advice: don't do it and make some other support link available (which you can set in the item's edit page in the dashboard, and will show up on that tab). The support page function will not notify you anyhow about new questions, and the team is reluctant to even attempt to fix it.

How can I approve an association between a chrome app and a domain?

I am trying to associate a new domain with my chrome app. I've tried uploading the new manifest file, but the Web Store dashboard says:
This hosted web app specifies one or more URLs that are not matched by sites you own. If this app will be published for anyone to access, you must verify ownership of or association to sites to match all of the URLs listed below.
Unmatched app urls:
https://www.mydomain.com/
To verify your ownership of these websites, add the necessary websites using Google Webmaster Tools and return here to complete this step.
If the site already has an owner, you may request they grant you an association which allows you to publish apps and extensions to the Chrome Web Store on behalf of the site. You may request an association in the verified website section below.
In Google Webmaster Tools, I see the following message:
https://www.mydomain.com/: Chrome Web Store associate request received
March 21, 2014
You requested permissions to publish apps and extensions to the Chrome
Web Store on behalf of https://www.mydomain.com/. You will receive a
message telling you when your request has been approved.
In the verified website section, I see:
https://www.mydomain.com/: The association request placed 3/21/14 11:51 AM is pending action by the site's owner. If you know who the owner is, you should contact them and ask them to approve it for you. If you don't, there is nothing else you can do to make this happen more quickly.
What do I need to do in order to get this association approved? The Web Store makes it sound like I need to do something in Google Webmaster Tools, but Google Webmaster Tools makes it sound like there's nothing to be done.
I was able to resolve this issue by specifying https://mydomain.com rather than https://www.mydomain.com.

Chrome App - Options to change URL for hosted apps

I am creating a hosted app for chrome web browser. I want to include an option for this app so that user can specifiy the URL that the app opens by default. For example, they may want the app to open http://myapp.com/username or http://myapp.com/somethingelse.
Following this, I added "options_page": "options.html" to my manifest file and added options.html. However, I couldn't load the app. My browser said:
Could not load extension from '/home/cookiemon/path/to/myapp'. Invalid value for 'options_page'. Hosted apps must specify an absolute URL.
Does this mean, for hosted apps, I can only include a URL to a page on a web server?
Yes. Hosted apps aren't much more than bookmarks with slightly enhanced capabilities. Moreover, they're legacy app types that will likely be deprecated. If you want your app to work offline, build a Chrome App.