Secure native application messaging with a browser application

摘要

A system for securely mediating messages between a native application and a browser application on a computing device includes running the browser application and a browser process that controls access by the browser-based application to the native resource. The browser process may use a data file distributed with the native application to allow or deny communications between the browser-based application and the native application. When communications are allowed the browser-based application accesses the native resource via the native application. In one implementation, the browser process may initiate a native messaging host and send communication requests to the native messaging host. The data file may be downloaded with the native application or separately from the native application from a site that distributes the native application or a site controlled by the developer of the native application. The data file identifies browser-based applications allowed to communicate with the native application.

主权项

1. A method for mediating a communication request between a native application and a browser-based application on a computing device, the method comprising:
receiving, using at least one processor, the communication request from the browser-based application, wherein the request specifies a native application messaging host; determining, using the at least one processor and based on a manifest file associated with the native application messaging host and distributed with the native application, whether the browser-based application is authorized to communicate with the native application by identifying whether the browser-based application is identified in the manifest file and determining that the native application messaging host specified in the communication request is associated with the manifest file; and forwarding, using the at least one processor, the communication request to the native application messaging host when it is determined that the browser-based application is authorized, and in response to determining that no manifest file is associated with the native application messaging host, sending a response to the browser-based application indicating the communication request was in error.