I've created a SPA that is launched as a chrome app (a kind of kiosk browser).
This setting remove every navigation tool (nav bar, ulr bar, tab selection, options, etc.) from the browser.
I'm also disabling F12 and the mouse right click action (in JS) because I don't want that the user have access at the DevToll.
I'm doing all these also (and mainly) because at the moment my JWT is stored in the Session Storage.
My questions are:
1) Is there any other way to access at DevTool that I'm not aware of?
2) Is there any chance that someone can access at the Session Storage and read the content with all these precautions?
Thanks.
Related
When I create a Google Workspace application, I'm asked for a "Unversal Nav Url" and icon that gets added in the google apps menu:
Unfortunately, when visiting my link from the menu, my application URL is simply opened up in a new tab with no additional information (for example: query string parameter).
Does google allow for any specific options which would allow my application to receive a hint when opened from this menu? Or is my only option to create a SAML 2.0 application, which then doesn't have the same discoverability as a "Marketplace" app?
I'm creating a packaged Chrome app for the Chrome web store ... how do I enable a "Support" tab on my app page within the store?
I'm reading the documentation on manifest.json, but I don't see any property that enables this support tab.
This is a global setting available in your Dashboard:
After clicking:
Word of advice: don't do it and make some other support link available (which you can set in the item's edit page in the dashboard, and will show up on that tab). The support page function will not notify you anyhow about new questions, and the team is reluctant to even attempt to fix it.
I am developing an addon to securely store / retrieve information including user profiles and passwords (an interface to a password manager). It uses a button (or a hotkey) to take information from entry fields and store it.
However this does not work on those sites which choose to popup an “Authentication Required” panel.
If I add a context menu option to do the same thing this also does not work on that panel.
Can anyone think of a way of triggering a function from that panel?
I am interested in developing an app for Facebook, however, I am quite bothered by the sidebar on the right side of the screen. Is there a way to disable it so that users of my app won't see it? I have attached a pic to explain exactly which sidebar I am referring to:
Click here
If you're hosting your app on facebook.com (apps.facebook.com/something) then you don't get to control the entire browser window, just the iframe which contains your app.
If you need full control of the browser, host your app off-facebook.
I am developing a Facebook iframe application that requires some configuration for each install, such as long/lat and some third-party API keys. I would rather not have to create a new app for each implementation.
Is there any way to allow the user (page owner) to define these settings? Ideally, I'd like to provide additional settings in the "Edit Settings" dialog on the apps admin page (currently the only setting is "Custom Tab Name").
Thanks!
It is possible, but there is no easy/standard way to do this. I would try the following:
Your backend would need to provide the storage for each tab's settings; these would associate a specific tab with a specific page.
In your application's tab iframe add a link that only shows if the user viewing the tab is the user who is associated with the tab. You can do this by looking for the page value in the signed_request and making sure that the user is an admin.
When the user clicks that link, pop up the dialog to let them feed in the custom settings and save that on the server after performing the relevant validation.
On subsequent loads of the tab, look up and use the saved settings appropriately on your server.
You'll need to do some handling for situations where the page settings haven't yet been created, but that SHOULD do what you want.