HTTP request to server-side api of the plugin. On the server to protect against spoofing

Probably failed to invest the necessary meaning in the title.
More fully the problem looks like. Spell a plug-in for chrome that works with server api. How to be so perverted and probably to determine on the server that the requests he sends this plugin. To sift through other requests.
October 8th 19 at 00:58
2 answers
October 8th 19 at 01:00
No way.

Just to complicate the life of "podelyatsya" you by sending a request via HTTPS, an encrypted POST without parameters, binary-only body, and putting the wrong HTTP-headers (if you come right — so fake, let it sit wondering why, puny humans). Reply server also needs out of the box (always with a code of 200), binary response.

But still hack, if necessary.
Oh, to make a request to encoder Flash to securely obfuscate it and insert this thumb drive into pulgin. I want him to suffer. - antonette.Gislas commented on October 8th 19 at 01:03
October 8th 19 at 01:02
Why not use OAuth?
What's oauth?
Again. Imagine that there is some api, which can be accessed via http. Slutsa requests and return responses. You need to skillfully distinguish the api sent from the chrome plug-in requests from all the rest. Any parameter sent in the request can be peeped. In fact, you can completely duplicate any request not from the plugin. - antonette.Gislas commented on October 8th 19 at 01:05
> In fact, you can completely duplicate any request not from the plugin.
Well. Cannot be protected. And each plugin will have a unique "label" that is based on your api (this data can be trusted). If the behavior of the plugin will differ from the average (=> someone using the api not the plugin) it can be banned.
What more is there to recommend? To use https? To obfuscate the plugin code? Use NaCl? To write bad code to make life difficult for wanting to dig in the guts of the plugin? - Miller.McKenzie commented on October 8th 19 at 01:08

Find more questions by tags Google ChromeJavaScript