Edge Chromium extension issue "Package is invalid: 'CRX_REQUIRED_PROOF_MISSING'"

[docfallingapart]

When you try to load the crx in Edge Chromium is complaining with the message "Package is invalid: 'CRX_REQUIRED_PROOF_MISSING'."

However, a work around is loading the unpacked version of the extension from the zip download I got from https://github.com/erickutcher/httpdownloader/files/2546243/HTTP_Downloader_Chrome_Extension.zip.

[erickutcher]

Yeah it doesn't like loading extensions that aren't directly from the Chrome Web Store. I'm not paying Google to host my extensions so the only way to get around it with their products is to load the unpacked version.

[JamoCA]

Are you able to submit your Chrome Extension directly to Microsoft and skip Google altogether? Here's instructions on how to submit.
https://docs.microsoft.com/en-us/microsoft-edge/extensions-chromium/publish/publish-extension

NOTE: After Edge was released, I've ceased using Google Chrome on my all my Windows & iOS devices.

[erickutcher]

It might take me some time to get that working since I can't install the latest Edge on my current system to test things. I'm sort of stuck with the version of Windows 10 that I have because the second I do an update that requires a restart, the whole system will break. Until I get my new machine built (still waiting for the prices of some components to drop), I can't really mess with Edge.

[erickutcher]

Microsoft wants me to write up a privacy policy just to get it published in their store. All I want to do is test a signed extension... WHAT!? I'm not going to waste my time with that kind of nonsense. Chrome and its derivatives are dead to me.

[smaragdus]

@erickutcher

I don't use Edge and I don't intend even to try it but I wonder- can't you write a two-line privacy policy or use a ready-made one? Something like that the extension does not collect any data at all?

[smaragdus]

@erickutcher

I read an excellent account of another developer's mishaps in dealing with extension stores, I am tempted to quote it here:

The reality of dealing with CWS is that we rarely know much more than you do. Whatever actions they take, the review process is intentionally designed so that there is little to no recourse for developers. When updates are submitted, they go through an automated review process. If it passes, it may be available in a couple hours. If not, it gets flagged for manual review, which could take days, weeks, or even months.

Google had yet another embarrassing scandal recently, so they've been enacting stricter policies across the board. Besides the fact that the same exact update was approved for beta, it's not a huge surprise that any update is getting flagged for manual review under the current circumstances. What doesn't make any sense, is that they unpublished the previously approved version of stable.

We've sent a couple complaints. We got a canned response from CWS a few days ago which kinda pretends it's from a real person, but doesn't even address the removal, or give any kinda concrete explanation about anything. It was probably automated. Our best guesses as to any issues they might have had with that particular update have already been addressed, but they won't allow us to submit a new update till the pending one is manually reviewed.

Bottom line, CWS does whatever the hell it wants, whenever the hell it wants, and there's essentially no meaningful communication about most of these decisions. Stable is still sitting in the dashboard, unpublished, pending review. The only time you'll ever receive any feedback from an actual human being, is when they perform a manual review and request changes. Whenever they get around to the manual review, they'll either approve and republish, or request changes. If changes are requested, we'll be allowed to submit a new update and wait indefinitely for another manual review.

AMO is better with communication, but generally even more strict about insignificant details. Opera's extension gallery is an absolute joke. They never publish any update submitted, but approve almost instantaneously if we message a mod. Every extension gallery is a nightmare to deal with in their own, unique ways. Rest assured, if we're having issues with any of them, we are trying to rectify the situation. If the issue drags on for an extended period of time, it's almost certainly because we're waiting on them.

Source

[marcussacana]

This is a pain in the ass, Isn't there a way to disable the unpacked extension in devloper mode alert at least?

[smaragdus]

@marcussacana

This is a pain in the ass, Isn't there a way to disable the unpacked extension in devloper mode alert at least?

As far as I know- no. But the Chromium clone I use- Cent Browser, does not show such warning.

[smaragdus]

I found a very simple Privacy Policy which can be used as a prototype, excerpt:

Privacy Policy

• This extension does not collect any user data
• This extension does not sync any data to any remote server
• This extension does not monitor the user
• This extension does not communicate with any remote servers

There might be even better examples, it is just that I discovered this one.

[superusercode]

https://gitlab.com/KevinRoebert/ClearUrls/-/blob/master/PRIVACY.md ClearURLs solved this by adding a privacy policy markdown file to the github repo

ClearURLs protects and respects your privacy. 
We do not collect any of your usage data. Furthermore ClearURLs has no home server nor embed any kind of analytic hooks in its code.

The only time ClearURLs connects to a remote server (gitlab.io) is to update the rules file and the associated hash file. You can replace the default update address with your own address at any time in the settings.

The project and the rule file is currently hosted on gitlab.com, which is owned by GitLab Inc. and thus is unrelated to ClearURLs.

[erickutcher]

I've actually been submitting some really terrible privacy policies to Microsoft just to see what sticks. They take their sweet time reviewing things.

Vivaldi and Opera don't have issues with the extension, but Chrome and Edge want developers to jump through hoops. I can stomach Edge since Microsoft isn't forcing people to pony up money just to list an extension, but I refuse to pay anything to Google.

[smaragdus]

@erickutcher

I can stomach Edge since Microsoft isn't forcing people to pony up money just to list an extension, but I refuse to pay anything to Google.

Does this mean that one day the Firefox extension may land on Firefox Store? I am asking because as far as I know Mozilla does not charge developers for publishing extensions on their store.

[erickutcher]

Mozilla wants a privacy policy too. At least they don't require me to host it.

Microsoft rejected my latest one. Apparently "excessive profanity" is unacceptable. They still have an issue with it not describing how "personal information" is collected. https://docs.microsoft.com/en-us/microsoft-edge/extensions-chromium/store-policies/developer-policies#152-maintain-a-privacy-policy

[erickutcher]

Here's a link to the Edge extension: https://microsoftedge.microsoft.com/addons/detail/hfahlnincgclabgdmpkpdddnmbnjbicb

[smaragdus]

@erickutcher

Congratulations! I don't use Edge and I will never do (I hope so) but I am glad that the extension was published.

[erickutcher]

Yeah I'm going to stick with Firefox until it annoys me. So far I haven't had too many issues with it.

And it looks like I can close this issue. Didn't expect to. Ha!

[JamoCA]

Please consider adding an "Download Edge Extension" button to the HTTP Downloader detail page

NOTE: Even though the extension works with both Edge & Chrome, the Edge Store only allows the Edge browser to download the extension.

[erickutcher]

I'm going to hold off until I get a beta going for the latest version of the program. I'm doing a big revamp to support a site manager and it'll involve some changes that might inconvenience some.