Re: [crx] What data should be checked to know if an HTTP request came from a chrome extension

[Jackie Han]

If the extension is yours, you can add an additional url parameter to indicate it comes from your extension.

For example, https://mysite/?from=myextension

On Fri, Jun 18, 2021 at 7:03 AM Siegfred Balona <siegfre...@lanexus.com> wrote:

What I'm trying to do is distinguish whether a user's action came our web app or from our chrome extension.

Is there a better a way to detect if an HTTP request came from a chrome extension, other than checking if the request headers contain an "origin" property set to "chrome-extension//<some-id>" ?

Thank you very much.

- Sieg Balona

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/7e502794-2a26-4f2a-801c-4420d229e055n%40chromium.org.

[Siegfred Balona]

Thank you very much!

That is really helpful.

[hrg...@gmail.com]

The question was already answered but there's a false assumption in the question that demands clarification.

Chrome doesn't send any data to the server that could be used to identify whether the request comes from a browser extension. There won't be any header whatsoever that you can check.

In general, cross-origin requests initiated by extensions look to the server as if they were initiated by typing the URL in the address bar (i.e. no origin and no referer).