Reputation: 1776
Is it possible to only allow a chrome extension to make an http request an no one else?
I want to make a chrome extension that communicates with my server via http requests, but i don't want anyone else to be able to spoof and pretend to be the extension and make the same requests on their own.
But since all of the extension code is accessible to the users, is there any way to do this?
Upvotes: 2
Views: 147
Answers (1)
Reputation: 77513
No, not really. Any sort of client secret is visible upon inspection.
The most you can do is to make some authentication scheme (like OAuth) that assigns individual, temporary, revocable tokens to extension instances. This way, if you catch a stolen token you can revoke it, at least mitigating the unauthorized traffic.
You could even request users to register for your server, to make identification of misbehaving clients easier and re-authentication harder. But that might turn off some users.
Upvotes: 1
Related Questions
- restrict access to chrome extensions
- Secure access to api only from chrome extension
- How to intercept other extensions' requests using Chrome extension API?
- Allow requests only from my chrome extension
- Is it possible to restrict access to Chrome extension using free Google Apps subscription?
- Chrome extension access webrequest headers
- Identify requests made by other extensions?
- Blocking webRequest
- Access to all request from chrome extension level
- How to filter http requests by chrome extension