Notifications in a Browser Extension
-
How hard would it be to turn this into a
substitutecomplement of the notifications menu?
(assuming one's willing to trust it one's cookie and CSRF token)
-
As in, have it show notifications from the forums as well, regardless of the tab you have opened?
Doable... I should even be able to
stealborrow a lot of code from SockBot and not have to write it anew. Either that, or get it from the tab itself if open, I'm pretty sure you can hook into background tabs? That wouldn't require logging in nor constant polling (I could probably just hijack the notification event for my porpoises).If more people would be interested I could take a look. A new topic with the proposal and discussion would probably be a good idea too.
-
Ok, getting the cookie should be trivial and not need an open tab.
A valid CSRF token can be taken from am open tabs's DOM:
<meta content="VGhpcyBpcyBOT1QgbXkgQ1NSRiB0b2tlbiA9UA==" name="csrf-token" />
-
There's a "proper" way to get it, too.
That's how even I got far with my API I started on, logging in and grabbing notifications. So I know how to do that bit of the workflow.
I'm flagging for a split here, want to keep this topic mostly for release notification and tech support.
moved - bz
-
This would definitely be useful
-
There's a "proper" way to get it, too.
GET /session/csrf.json
not too hard.
Or, you could use a content script and just call
Discourse.ajax
which handles that for you and has auto-retry for CSRF failures.You can use postMessage() or XHR or fetch() to chrome-extension:// to give data back to the extension.
-
of course, the .json is required for this one endpoint
normally it's optional if you set the
X-Requested-With
header toXMLHttpRequest
because you'll get JSON back from the endpoint for XHR requests....
-
GET /session/csrf.json
That's what I meant, yes.
Or, you could use a content script
Which requires the page open somewhere. Which is fine, but might as well not make it depend on that.