Browser Extensions

Owned by Dominik Meyer (Unlicensed)
Last updated: Jul 14, 2023 by Christoph Müller
4 min read



Client Requirements

For client requirement; please see gravity.client.requirements

Need

Plugins for browsers are needed when we can not inject the necessary lines of code directly into the page (code) or the application does not offer the possibility to load the script (like SharePoint Extensions do).
Extension waits until a GRAVITY enabled URL is hit with the browser, setups the correct backend URL and loads additional scripts on that page.

Extension Option

Developers and System Engineers can use the option page of the plugin to force reset the config for faster testing or to logout the current user. Also verbose logging can be turned on/off for debugging.

For one hour one can also brute-set a backend URL, just in case someone wants to test something on another backend but does not want to create all the configs therefor.

Functionality

The graphic below explains the first stage of the plugin. Using DNS entries it is possible to use the same plugin for either local or global config servers. Most customers trust the global config server, but of course one can have his own.



Using the Public Plugin in an On-Premise environment

The plugin coming from the browser store is configured to automatically grab the configuration from “config.gravity.global”. In order to use the public available browser plugin in an On-premise environment you need to configure a CNAME DNS entry point to your On-Premise GRAVITY App.

NAME TYPE VALUE -------------------------------------------------- config.gravity.global. CNAME config-gravity.scapp.io. //public cloud configuration config.gravity.global. CNAME config-your.gravity.domain.host. //On-Premise DNS configuration

Dedicated On-Premise Plugin

For Google Chrome we provide two specifc On-Premise plugin who connect to a host name not a URL. The host names are 'config-gravity-global' and 'env1-config-gravity-global'. In that way the certificate don't need to be replaced for 'config.gravity.global'. In that way you might deploy different plugins for different environment (Testing / Production).

NAME TYPE VALUE -------------------------------------------------- config-gravity-global. A yourhost-ip env1-config-gravity-global. A yourhost-ip

After a config is found (first paragraph below), the plugin is injecting the scripts into the site which starts GRAVITY.



Security

Data in transit

Data is transmitted over https to and from our config server. The URLs are safely hashed.
See next chapter.

Data in operation and rest

To check if an URL is GRAVITY enabled we need to compare two URLs. Two factors make sure no one ever sees these URLs besides the user, his local machine and plugin respectively.

  1. They are client side compared by the plugin

  2. They are transmitted and compared hashed (SHA-256), so not even when having the payload one can see or decode which URLs are GRAVITY activated or which URLs exist.

If a URL matched, the config is stored plain text, but since someone already got the URL right it is irrelevant. The URL is stored in the plugins own local storage together with a time to live. If it expires (checked on every page change), the procedure starts from the beginning.

Block GRAVITY extension from accessing certain hostname

You may use the information from this Microsoft Edge Enterprise Doc to develop a strategy to limit the extension's access, to sites where GRAVITY needs to to be used.

For Google Chrome, blocking by runtime host is simpler within Chrome Browser Cloud Management than in GPO. It requires no JSON and is as simple as entering the URL that you want to block in the extension settings. See Google's documentation "Managing Extensions in Your Enterprise" chapter "Prevent extensions from altering webpages".

Feature list

  • Client Side GRAVITY detection

    • Reduces a lot of network traffic

    • More performant in detecting if current URL is GRAVITY-enabled since there is no request anymore

    • Config lifetime checker fetches new config updates regularly

  • Debugging module

    • Faster and easier first and second level support

    • Handy mechanics to manually set a backend

    • Ability to reset plugin to installation state or logout the current user on rare occasions

    • Optional logging: Browser Console logging can be turned off and on

SaaS and On-Premise Plugin Download

 

SaaS Versions

SaaS Versions

On-Premise Versions

On-Premise Versions

 

Internet Explorer 11



End of Support

Please be aware that we don't support the Internet Explorer 11 Plugin anymore.

We left the content here for nostalgic reasons. Because we all loved the Internet Explorer – for the first two hours.



To install the IE 11 Plugin execute the MSI attached to this site, then open Internet Explorer and allow new extension in popup.

To access the debugging control in Internet Explorer 11, please type ‘about.gravity’ in the URL field.



All the GRAVITY configuration for IE 11 is stored in to the Windows Registry. The settings can be found under:

Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\gravity