I develop an url shortener service: https://urlr.me and a webextension for it: https://addons.mozilla.org/fr/firefox/addon/urlr/.
The source code of the webextension is open source and available on github.
I have two main questions :
1 / Today, to know if the request to reduce a link is coming from the site or from the webextension, I use a “origin” parameter in the url. But I think it is somehow not very secure as this is subject to changes by a user if he knows the url (easy to find in the source code). My first question is, do I have a way to ensure at 100% that a request is coming from my webextension.
2 / I want to permit login on my webextension to save links of the webextension user in his URLR. account. What’s the best approach ? Generate a token by user and pass it in the webextension request ? Use a shared cookie ?
I hope that you have understand my questions and that I can have some tracks.
Thank you in advance!
Source: Symfony Questions