Reputation: 787
Prevent chrome extension from making ajax calls
I have an asp.net website with client javascript making lots of ajax calls back to the server. Is there any way I can prevent a google chrome extension from calling my ajax endpoints or to detect when they are being made by the chrome extension code and not my own javascript code. So far I have tested using the referer, httponly cookies, but there is no difference between the 2 calls. Any ideas would be appreciated.
Upvotes: 1
Views: 481
Answers (1)
Reputation: 276596
No, there is not.
Chrome extensions have elevated permissions. They 'out-permit' your website JavaScript code and may manipulate and call it.
Even if you add something like an anti CSRF token, an extension could still read it and bypass that protection. They can run JavaScript code on your site and make modifications to your own code on the site on the fly without notifying your or your users.
The only thing you can do is not trust the client with anything critical, treat all requests you receive as hostile and require clients to authenticate before making requests to your server.
(I'm assuming you mean a chrome extension running on your site)
Upvotes: 3
Related Questions
- How to prevent chrome extension to run on chrome://
- how to avoid "enable JavaScript" response through ajax request
- How can I forbid javascript scripts?
- How to avoid "fake" AJAX requests in Chrome extension
- Chrome Extension blocking webRequest doesnt seem to be working at all
- Sending AJAX from Chrome Extension
- Blocking webRequest
- Block and Modify AJAX requests using webRequest
- chrome.webRequest API Blacklist
- jQuery.ajax() sends POST requests as GET in a Chrome extension