javascript - Enable a non-PlayStore UserScript with Chrome 35 and above - Stack Overflow

admin管理员组

文章数量:1180462

Since the version 35 of Google Chrome, the execution of any extension installed outside of the Google's PlayStore is blocked and cannot be enabled from the extensions menu.

The auto-installation of non-store scripts was removed two years ago but downloading the script and performing a drag & drop on the extensions menu still allowed the installation, so it was still possible to create and share scripts for Google's Chrome. But now everything is locked.

• Is it possible to manually add permissions to your independant scripts ?
• Is it possible to white-list a personnal website ?
• Is there any other solution ?

I know that this restriction does not apply for dev and canary release channels but the scripts are purposed to be used by users with enough knowledge to know what they do, without forcing them to change their browser. The native support support is rather interresting on Chrome (even if completly locked now), so a solution without a third party plugin (ie : Tampermonkey) is better.

Thank you

Since the version 35 of Google Chrome, the execution of any extension installed outside of the Google's PlayStore is blocked and cannot be enabled from the extensions menu.

The auto-installation of non-store scripts was removed two years ago but downloading the script and performing a drag & drop on the extensions menu still allowed the installation, so it was still possible to create and share scripts for Google's Chrome. But now everything is locked.

• Is it possible to manually add permissions to your independant scripts ?
• Is it possible to white-list a personnal website ?
• Is there any other solution ?

I know that this restriction does not apply for dev and canary release channels but the scripts are purposed to be used by users with enough knowledge to know what they do, without forcing them to change their browser. The native support support is rather interresting on Chrome (even if completly locked now), so a solution without a third party plugin (ie : Tampermonkey) is better.

Thank you

• javascript
• google-chrome
• google-chrome-extension
• userscripts

Share Improve this question Follow edited Jun 10, 2014 at 20:20 Demurgos asked Jun 7, 2014 at 7:44 DemurgosDemurgos 1,68211 gold badge2121 silver badges4242 bronze badges 8

• Oh thanks for the notification, looks like I need to start using the canary channel after all. The change probably is for the best, even though it personally hits me pretty hard as it just makes it harder to get people to test my in development extensions (which already isn't easy) – Winchestro Commented Jun 7, 2014 at 7:54
• 1 @Xan registering a developer account is a hassle. I know it's better than appstore and it's super annoying for reasons, it's still a huge burden. Paying 10$ just so you can distribute your extension for free without any monetization also is kinda sad. Forcing credit card payment and not accepting any other currency (not even their own) is even worse. Also you may not want to publish it, because it's still in development but you want to get some feedback while polishing, especially if you are a new developer. I could go on for hours :) – Winchestro Commented Jun 7, 2014 at 9:49
• 2 I agree on the $10 thing; I was grandfathered in when they established the policy, they have valid reasons for it, but still it's a hassle. As for development version, there are several publishing options available besides "public". Still, it makes TamperMonkey the best route - it's not much extra hassle for the user. – Xan Commented Jun 7, 2014 at 9:53
• 2 I know, but with this new version they went from "Come on, it's easier & safer to use our store" to "Come on, you have no choice" so that's why I'm asking better developers if there's still a workaround. – Demurgos Commented Jun 7, 2014 at 11:26
• 2 The $10 is but the tip of the iceberg. By forcing credit-card payment, they get hard data leading towards your: name, address, phone number, credit score, etc. -- which they can then use for all kinds of tracking and marketing purposes. Companies pay billions for this kind of focused, market data. Google makes you pay them. – Brock Adams Commented Jun 11, 2014 at 22:32

 |  Show 3 more comments

4 Answers 4

Sorted by: Reset to default 13 +50

The only way there seems to be left, short of installing an extension like Tampermonkey or getting a different browser, is starting the Chrome browser with the --enable-easy-off-store-extension-install flag.

Edit: Unfortunately, Google removed this flag from Chromium in April.

However, if the user (or any program) starts Chrome without this flag even once, the scripts will be disabled automatically. You can't re-enable them, even with the correct flag; your only option is to uninstall them and re-install then in the easy off-store extension install mode.

So, your options are:

1. Start Chrome with the --enable-easy-off-store-extension-install flag every time. If you have pinned Chrome to the task bar in Windows 7, the way to change the command line arguments for this shortcut is described here.
   If you have set Chrome as the default protocol handler for the HTTP and HTTPS protocols (which is the case if you made Chrome your default browser), you can modify the registry so this flag is set every time a program tries to open an HTTP or HTTPS URL with the default program.
   Also make sure you set this argument for file extensions Chrome is configured to open, such as .xht, .htm and .xhtml. You can do this with the following .reg file:

   Windows Registry Editor Version 5.00
   
   [HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
   @="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --allow-easy-off-store-extension-install -- \"%1\""
   

   
   Make sure the path to Chrome is correct when you install this.

2. Install an extension such as Tampermonkey to manage your user scripts.
3. Install a different browser, either developer builds of Chrome or a completely different browser, such as Opera (which has native support for user scripts) or Firefox (with Scriptish).
4. Blocking Chrome updates before you receive version 35 and risk getting hacked.
5. Switching to a different operating system, as extensions are only blocked on Windows.
6. If your computer is part of a Windows domain, you can install extensions using Group Policy.
7. Turn your user scripts into bookmarklets.

I realize this is probably not what you want to hear, but as Google continues to restrict honest developers because of a few bad players there are no better options.

Edit: there is one more approach that I've found to be working, namely hijacking an installed extension with the correct permissions:

1. Find and install an extension that has permission to run a content script at the web page you want it to run at. For example, the Note Anywhere extension has permission to inject a user script when a document has loaded for any HTTP or HTTPS URI.
2. Go to the extensions page to find the ID of the extension.
3. Open the folder where Chrome stores the extensions. On Windows, this is %localappdata%\Google\Chrome\User Data\Default\Extensions.
4. In manifest.json, find the name and location of the injected script. Overwrite the contents of this file with your user script. (In the case of the extension chosen as an example, this is asset/stickies.js.
5. Remove any content of the extension not referenced in manifest.json. Replace any referenced scripts and HTML pages that you aren't using with emtpy files.
   For the extension mentioned above, I'd remove anything except for the icons, the content script, asset/stickies.css and background.html and replace the latter two with an empty file.
6. Go to the Chrome extensions page and disable and then re-enable the extension.
7. Make a back-up of your work in case the extension is updated.
8. Make a note somewhere that the extension in the extensions list has its contents replaced with your user script.

EDIT : I validate this solution because it's what helped me particularly on this problem. A much richer answer is the list of workarounds submited by user2428118. Even if they did not solved my specific problem, they should be considered.

I finally could find an answer to my question thanks to the link posted by yoz, and the fact is that you can still enable a script unrelated to the PlayStore, without any third party plug-in, but as you'll see : it might be better to use TamperMonkey (even if it might imply little adaptations, it's 200% easier).

The solution is to import the unpacked user-script in developer mode.

Step By Step Explanation

1. Create your user script myscript.user.js as usually

2. Include it in a directory and create a file named manifest.json. You'll get this structure (can be zipped for distribution) :

   myscript/

   • manifest.json
   • myscript.user.js

3. The manifest.json is a file required to import your script as a Chrome extension in developer. It describes your user script. Here is the related documentation, but the minimal code for our purpose is :

    {
        "manifest_version":2,
        "version":"1.0",
        "name": "MyScript",
        "content_scripts": [
            {
                "js": ["myscript.user.js"],
                "matches": ["http://domain.com/"]
            }
        ]
    }
   

4. Now that you have your directory with your user script and manifest.json, you can import it as an unpacked extension (a packed one will be disabled after Chrome's restart). To achieve this, simply check the "developer mode" and choose "Load Unpacked Extension...". Navigate to the directory created at step 2 and select it : that's "all".

Pros

• Native solution
• Natural for you if your developing your script on Chrome (obviously this wasn't my case :P)
• Your script is now treated like a "real" extension.

Cons

• Oh, god... I'm missing the one-click install : even if the user only has to achieve the step 4 it's still a pain.
• Looks less "professional" because the user has to enable the developer mode
• No longer "cross-browser" distribution since the Google Chrome's script has to be packed in a special way
• The original directory cannot be (re)moved without breaking the script
• A warning will be triggered every single time Chrome is opened to ask if you are sure that you want to use developer mode

Conclusion

I liked the way user-scripts had native support on Chrome : every third party plugin has some small variations (ie : datas or xhr handling). But the cons are to numerous and to important (especially the two last ones)... Even if enabling a non-PlayStore script is possible in a native way, it became such a pain that I recommend to adapt the script for a plugin such as TamperMonkey. After all, Chrome was an exception since every other browser require a plugin, now these plugins are the only way.

I still feel a bit disappointed, so if anyone happens to find a better solution (still hoping for some white-lists) I would enjoy to offer some bounty.

EDIT : Please note that user2428118 provided a list of other interesting workarounds. Even if they did not solved my specifif problem, they should be considered.

EDIT : manifest fixed

The continuation of solution number 1 from @user2428118 answer.

To ensure that you ALWAYS starts Chrome with --enable-easy-off-store-extension-install flag you, can use (additional to editing all shortcuts in menu start etc.) this registry file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""

Replace C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe with actual path to chrome.exe in your system.

Unfortunately, aside from extensions like Tampermonkey, there don't seem to be good workarounds, given the way your script is generated differently for each user.

This is the best explanation I've found:

http://www.chromium.org/developers/extensions-deployment-faq

本文标签： javascriptEnable a nonPlayStore UserScript with Chrome 35 and aboveStack Overflow