如何安全地识别http请求中的chrome扩展名?
[英]How to identify a chrome extension in a http request, securely?
问题描述
I am trying to send a ajax request to a web server from a chrome extension. 
我正在尝试从chrome扩展程序向Web服务器发送ajax请求。 In the backend I am trying to identify that the request came from that extension and that extension only. 在后端,我试图确定请求来自该扩展和仅扩展。
I could send the request with a specific key, but anyone who looks into the extension can view that key and attempt to send requests to my server in other ways outside the extension. 我可以使用特定密钥发送请求,但是查看扩展程序的任何人都可以查看该密钥并尝试以扩展外部的其他方式向我的服务器发送请求。
I'm wondering if there is some secure id that an extension will have that can't be accessed by viewing the extension source files. 我想知道是否有一些安全ID,通过查看扩展源文件无法访问扩展。
Or is there other ways i can secure this http requests? 或者还有其他方法可以保护这个http请求吗?
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 2016-03-19 22:46:52
I'm wondering if there is some secure id that an extension will have that can't be accessed by viewing the extension source files.
Basically, no - even if you could somehow obfuscate a token in the code, it would still be trivial to inspect by using Dev Tools to examine the final network request. 基本上,没有 - 即使你能以某种方式混淆代码中的令牌,通过使用开发工具来检查最终的网络请求仍然是微不足道的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.