This would work great. My use case only requires authenticating extensions on publicly available chrome browser. Apart from extension auth, server backend will check for user login cookies. This would provide the required level of protection against malicious fake extensions.
Any clue when this feature will get done? Thanks, Sachin On Dec 17, 10:19 pm, Arne Roomann-Kurrik <[email protected]> wrote: > Erik pointed me > athttp://code.google.com/p/chromium/issues/detail?id=30530whichwould > allow you to prevent other Chrome extensions from accessing your > web service by checking the referrer on any request coming into your web > server. > > This won't prevent someone from writing other types of software that abuse > your service, but could limit the case where copied extensions use the > original extension's web service without permission. > > The inherent difficulties in verifying signed requests, as well as the > possibility for users to run modified copies of Chrome or pull any > certificates Chrome uses to sign from memory makes me think that we should > avoid a signing-based solution. > > ~Arne > > > > On Thu, Dec 17, 2009 at 1:11 AM, Adam Barth <[email protected]> wrote: > > Thats an interesting idea. One question: how could you tell if the > > request was sent by a fake client (e.g., someone with a customized > > version of Chrome that lies about which extension sent the request). > > Does that matter for your use case? > > > Adam > > > On Wed, Dec 16, 2009 at 1:54 AM, sachin <[email protected]> wrote: > > > Hi, > > > > I was wondering if there is way to authenticate a request coming from > > > an extension. Idea is to validate that the request was sent by "my" > > > extension rather than any other fake/copied extension. > > > > I was wondering if chrome can provide an api for making XHR, but in > > > addition sign the request with gadget url and some secret, such that > > > the signature could be verified from server side? > > > > Regards, > > > Sachin > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > "Chromium-extensions" group. > > > To post to this group, send email to > > [email protected]. > > > To unsubscribe from this group, send email to > > [email protected]<chromium-extensions%2Bunsu > > [email protected]> > > . > > > For more options, visit this group at > >http://groups.google.com/group/chromium-extensions?hl=en. > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Chromium-extensions" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<chromium-extensions%2Bunsu > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/chromium-extensions?hl=en. -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
