Plugins for browsers are needed when we can not inject the necessary lines of code directly into the page (code) or the application does not offer the possibility to load the script (like SharePoint Extensions do). Extension waits until a GRAVITY enabled URL is hit with the browser, setups the correct backend URL and loads additional scripts on that page.
Developers and System Engineers can use the option page of the plugin to force reset the config for faster testing or to logout the current user. Also verbose logging can be turned on/off for debugging.
For one hour one can also brute-set a backend URL, just in case someone wants to test something on another backend but does not want to create all the configs therefor.
The graphic below explains the first stage of the plugin. Using DNS entries it is possible to use the same plugin for either local or global config servers. Most customers trust the global config server, but of course one can have his own.
Using the Public Plugin in an On-Premise environment
The plugin coming from the browser store is configured to automatically grab the configuration from “config.gravity.global”. In order to use the public available browser plugin in an On-premise environment you need to configure a CNAME DNS entry point to your On-Premise GRAVITY App.
NAME TYPE VALUE
config.gravity.global. CNAME config-gravity.scapp.io. //public cloud configuration
config.gravity.global. CNAME config-your.gravity.domain.host. //On-Premise DNS configuration
Dedicated On-Premise Plugin
For Google Chrome we provide two specifc On-Premise plugin who connect to a host name not a URL. The host names are 'config-gravity-global' and 'env1-config-gravity-global'. In that way the certificate don't need to be replaced for 'config.gravity.global'. In that way you might deploy different plugins for different environment (Testing / Production).
NAME TYPE VALUE
config-gravity-global. A yourhost-ip
env1-config-gravity-global. A yourhost-ip
After a config is found (first paragraph below), the plugin is injecting the scripts into the site which starts GRAVITY.
Data in transit
Data is transmitted over https to and from our config server. The URLs are safely hashed. See next chapter.
Data in operation and rest
To check if an URL is GRAVITY enabled we need to compare two URLs. Two factors make sure no one ever sees these URLs besides the user, his local machine and plugin respectively.
They are client side compared by the plugin
They are transmitted and compared hashed (SHA-256), so not even when having the payload one can see or decode which URLs are GRAVITY activated or which URLs exist.
If a URL matched, the config is stored plain text, but since someone already got the URL right it is irrelevant. The URL is stored in the plugins own local storage together with a time to live. If it expires (checked on every page change), the procedure starts from the beginning.
Block GRAVITY extension from accessing certain hostname
You may use the information from this Microsoft Edge Enterprise Doc to develop a strategy to limit the extension's access, to sites where GRAVITY needs to to be used.