Re: [crx] What data should be checked to know if an HTTP request came from a chrome extension

129 views
Skip to first unread message

Jackie Han

unread,
Jun 18, 2021, 1:15:35 AM6/18/21
to Siegfred Balona, Chromium Extensions
If the extension is yours, you can add an additional url parameter to indicate it comes from your extension.

On Fri, Jun 18, 2021 at 7:03 AM Siegfred Balona <siegfre...@lanexus.com> wrote:
What I'm trying to do is distinguish whether a user's action came our web app or from our chrome extension.

Is there a better a way to detect if an HTTP request came from a chrome extension, other than checking if the request headers contain an "origin" property set to "chrome-extension//<some-id>" ?

Thank you very much.

- Sieg Balona

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/7e502794-2a26-4f2a-801c-4420d229e055n%40chromium.org.

Siegfred Balona

unread,
Jun 18, 2021, 1:34:08 AM6/18/21
to Jackie Han, Chromium Extensions
Thank you very much!

That is really helpful.

hrg...@gmail.com

unread,
Jun 18, 2021, 7:19:52 AM6/18/21
to Chromium Extensions, siegfre...@lanexus.com, Chromium Extensions, Jackie Han
The question was already answered but there's a false assumption in the question that demands clarification.

Chrome doesn't send any data to the server that could be used to identify whether the request comes from a browser extension. There won't be any header whatsoever that you can check.
In general, cross-origin requests initiated by extensions look to the server as if they were initiated by typing the URL in the address bar (i.e. no origin and no referer).
Reply all
Reply to author
Forward
0 new messages