Chrome browser extension adding HTTP Message Signature on all outgoing requests as defined by RFC 9421. Specification is in draft-meunier-web-bot-auth-architecture.
- Chrome Manifest v3 extension
- RFC 9421 compatible
Signatureheader - CRX extension server
To use this extension with Cloudflare's verified bots program, you need to configure the signature-Agent header https://developers.cloudflare.com/bots/reference/bot-verification/web-bot-auth/#43-construct-the-required-headers
export SIGNATURE_AGENT_URL=https://yourdomain.com
Compile the code of the extension:
npm run build:chromeBundle and sign the Chrome extension:
npm run bundle:chromeThis command creates the folder dist with both the unpacked and packed (.crx) Chrome extension.
This extension requires the webRequestBlocking permission, which in turn requires of an Enterprise policy to be configured on Chrome.
Follow these steps to configure Chrome with such a policy and force it to install the extension locally. First, run in another terminal:
npm run start:configThis starts a server at http://localhost:8000 for installing extension locally.
Then, copy the policy file in the correspondent system path:
On Linux:
mkdir -p /etc/opt/chrome/policies/managed
cp policy/policy.json /etc/opt/chrome/policies/managed/policy.jsonOn MacOS:
mkdir -p /Library/Managed\ Preferences/
cp policy/com.google.Chrome.managed.plist /Library/Managed\ Preferences/You can confirm the policy is installed by navigating to chrome://policy and make sure to reload the policies.
Extensions installed by an Enterprise policy do not enable the DevTools by default. To enable the DevTools, open the system's policy file and add the following entry:
"DeveloperToolsAvailability": 1
Once the new policy takes effect, you can navigate to chrome://extensions where you should see an Inspect views label in the extension's box,
and a service worker link on the right of the label. Clicking the link will open the DevTools of the extension. If the link is absent,
try reloading the policy under chrome://policy.
This software has not been audited. Please use at your sole discretion.
This project is under the Apache 2.0 license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be Apache 2.0 licensed as above, without any additional terms or conditions.