Answer the question
In order to leave comments, you need to log in
HTTP request to the server api from the plugin. How to protect yourself from spoofing on the server
Perhaps it was not possible to put the right meaning in the title.
More fully the problem looks like this. A chrome plugin is being written that works with the server api. How to be so perverted and for sure determine on the server that it is this plugin that sends requests to it. Weed out other requests.
Answer the question
In order to leave comments, you need to log in
No way.
You can make life a little more difficult for the “forgers” by sending a request via HTTPS, encrypted POST without parameters, only a binary body, and setting the wrong HTTP headers (if the right ones came, it means a fake, let them sit and wonder why, miserable people). The server must also respond non-standard (always with the code 200), a binary response.
But we'll still hack if need be.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question