Browser Extension - GRAVITY Documentation

# The GRAVITY Browser extension > [!info]- For client requirement; please see [[Requirements Clients]] Plugins for browsers are needed when we can not inject the necessary lines of code directly into the page (code) or the application does not offer the possibility to load the script (like SharePoint Extensions do). Extension waits until a GRAVITY enabled URL is hit with the browser, setups the correct backend URL and loads additional scripts on that page. ![[GRAVITY-System-Overview-High-Level.jpg]] # Extension Options Developers and System Engineers can use the option page of the plugin to force reset the config for faster testing or to logout the current user. Also verbose logging can be turned on/off for debugging. ![[GRAVITY-Extension-Options.png]] For one hour one can also brute-set a backend URL, just in case someone wants to test something on another backend but does not want to create all the configs therefor. # Functionality The graphic below explains the first stage of the plugin. Using DNS entries it is possible to use the same plugin for either local or global config servers. Most customers trust the global config server, but of course one can have his own. ![[GRAVITY-Extension-Architecture.jpg]] ## Using the Public Plugin in an On-Premise environment The plugin coming from the browser store is configured to automatically grab the configuration from “config.gravity.global”. In order to use the public available browser plugin in an On-premise environment you need to configure a CNAME DNS entry point to your On-Premise GRAVITY App. | Name | Type | Value | Description | | ---------- | --------- | --------- | --------- | | config.gravity.global. | CNAME | config-gravity.scapp.io. | //public cloud configuration | | config.gravity.global. | CNAME | config-your.gravity.domain.host. | //On-Premise DNS configuration | ## Dedicated On-Premise Plugin For Google Chrome we provide two specifc On-Premise plugin who connect to a host name not a URL. The host names are 'config-gravity-global' and 'env1-config-gravity-global'. In that way the certificate don't need to be replaced for 'config.gravity.global'. In that way you might deploy different plugins for different environment (Testing / Production). | Name | Type | Value | | ---------- | --------- | --------- | | config.gravity.global. | A | yourhost-ip | | cenv1-config-gravity-global. | A | yourhost-ip | After a config is found (first _paragraph_ below), the plugin is injecting the scripts into the site which starts GRAVITY. ![[GRAVITY-Extension-UML.png]] # Security ## Data in transit Data is transmitted over _https_ to and from our config server. The URLs are safely hashed. _See next chapter._ ## Data in operation and rest To check if an URL is GRAVITY enabled we need to compare two URLs. Two factors make sure no one ever sees these URLs besides the user, his local machine and plugin respectively. 1. They are client side compared by the plugin 2. They are transmitted and compared _hashed_ (SHA-256), so not even when having the payload one can see or decode which URLs are GRAVITY activated or which URLs exist. If a URL matched, the config is stored plain text, but since someone already got the URL right it is irrelevant. The URL is stored in the plugins own local storage together with a time to live. If it expires (checked on every page change), the procedure starts from the beginning. ## Block GRAVITY extension from accessing certain hostname You may use the information from this [Microsoft Edge Enterprise Doc](https://docs.microsoft.com/en-us/deployedge/microsoft-edge-manage-extensions-policies "https://docs.microsoft.com/en-us/deployedge/microsoft-edge-manage-extensions-policies") to develop a strategy to limit the extension's access, to sites where GRAVITY needs to to be used. For Google Chrome, blocking by runtime host is simpler within [Chrome Browser Cloud Management](https://chromeenterprise.google/browser/management/ "https://chromeenterprise.google/browser/management/") than in [GPO](https://chromeenterprise.google/policies/ "https://chromeenterprise.google/policies/"). It requires no JSON and is as simple as entering the URL that you want to block in the extension settings. See Google's documentation "[Managing Extensions in Your Enterprise](https://docs.google.com/document/d/1pT0ZSbGdrbGvuCsVD2jjxrw-GVz-80rMS2dgkkquhTY/edit "https://docs.google.com/document/d/1pT0ZSbGdrbGvuCsVD2jjxrw-GVz-80rMS2dgkkquhTY/edit")" chapter "Prevent extensions from altering webpages". # Feature list - Client Side GRAVITY detection - Reduces a lot of network traffic - More performant in detecting if current URL is GRAVITY-enabled since there is no request anymore - Config lifetime checker fetches new config updates regularly - Debugging module - Faster and easier first and second level support - Handy mechanics to manually set a backend - Ability to reset plugin to installation state or logout the current user on rare occasions - Optional logging: Browser Console logging can be turned off and on # The SaaS Browser Extension > [!info]- For client requirement; please see [[Requirements Clients]] ## Public/SaaS Plugin Download - Version 3.x.x |Browser|Item-ID|Store Link| |---|---|---| |Google Chrome|cgekcnaajgndgpkkkmojgdidgipaplh|[Chrome Web Store](https://chrome.google.com/webstore/detail/gravity-personal-help-sys/acgekcnaajgndgpkkkmojgdidgipaplh "https://chrome.google.com/webstore/detail/gravity-personal-help-sys/acgekcnaajgndgpkkkmojgdidgipaplh")| |Microsoft Edge Chromium|App ID: 8583b2c0-25ac-4943-a1c9-2ea9f83eb793 <br>Store ID: 0RDCKBFZD780 <br>CRX ID: cagndfididnledjnakfhigdkjkmiamlf|[Microsoft Edge Add-On Store](https://microsoftedge.microsoft.com/addons/detail/cagndfididnledjnakfhigdkjkmiamlf "https://microsoftedge.microsoft.com/addons/detail/cagndfididnledjnakfhigdkjkmiamlf")| # On-Premises Extension > [!info]- For client requirement; please see [[Requirements Clients]] Extensions for On-premises can be found in both the Google Chrome Store and the Microsoft Edge Add-On store. However, please note that these extensions are not directly viewable to the public. If you require these browser extensions, kindly reach out to us for further assistance: [[Help and Support]].