OAuth in Chrome extension broken in recent Chrome builds

StackOverflow https://stackoverflow.com/questions/20304814

Question

Our Chrome extension has worked flawlessly for months, but broke recently due to oauth failures. We're using our own oauth endpoint (via doorkeeper). The behavior is crazy--when you click the extension button the whole window gets minimized, and when you bring it back to the foreground and accept the oauth prompt the extension popup freezes on the screen, and stays there even when you switch tabs. It doesn't auth, and subsequent calls to the endpoint have 'access_token=undefined' in the querystring. Closing the whole set of tabs is the only way to get rid of the frozen window.

The extension ouath is from https://github.com/borismus/oauth2-extensions. I've read of similar problems in recent version of Chrome caused by different requirement for the manifest--ours is below. The extension works fine if I remove auth entirely.

Have been beating my head against this for days, any help greatly appreciated.

{
  "name": "An extenstion",
  "version": "0.5.4",
  "manifest_version": 2,
  "description": "Desc here...",
  "icons": {
    "16": "img/icon16.png",
    "48": "img/icon48.png",
    "128": "img/icon128.png"
  },

  "homepage_url": "http://foo.com/button",

  "browser_action": {
    "default_title": "Foo Button",
    "default_icon": "img/icon_no_auth.png",
    "default_popup": "popup.html"
  },

  "background": {
    "page": "background.html"
  },

  "content_scripts": [
    {
      "matches": [ "http://foo.com/robots.txt*" ],
      "js": [ "oauth2/oauth2_inject.js" ],
      "run_at": "document_start"
    }
  ],
  "permissions": [
    "tabs",
    "https://foo.com/*"
  ],
  "web_accessible_resources": [
    "oauth2/oauth2.html"
  ],
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://ssl.google-analytics.com; object-src 'self'"
}

Update: popup.html had been including a file called tracker.js, which contained the code below. Removing it fixed the freezing issue, per my comment below.

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-xxxxxx-1']);
_gaq.push(['_trackPageview']);

(function() {
  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
  ga.src = 'https://ssl.google-analytics.com/ga.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
Was it helpful?

Solution

Per suggestions in the comments, the solution I eventually found.

Turns out the freezing business was being caused by Google Analytics tracking code. Popup.html had been loading a file called tracker.js, which contained the code I just added as an update to the original question. Removing it fixed the 'freeze' issue, and adding the web_accessible_resources block to the manifest fixed the oauth redirection issue.

Not sure what Chrome changed to cause this, but I'm guessing something around stricter rules for content injection.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top