Securing XHR requests from Figma plugins

Oliver_Nassar · May 16, 2022, 11:32pm

Thanks for the great platform to build on! Would it be possible for the developers to add in some extra security for XHR requests originating from Figma plugins?

Specifically, I’d like a way to verify that XHR requests (eg. searching our API) is legit coming from a Figma plugin. Whether that’s intercepting requests and sending along headers, or else being able to pass along Figma data from the figma client side API that I can then verify via a server side requests.

Would love some guidance on this

Tim_Hawkins · March 6, 2023, 1:09pm

Did you figure out a solution to this Oliver? I’m working on the same problem

Oliver_Nassar · March 6, 2023, 3:24pm

I haven’t unfortunately

Tim_Hawkins · March 6, 2023, 4:20pm

thats frustrating. did you hear back from anyone at figma at all?

Oliver_Nassar · March 6, 2023, 4:33pm

I haven’t unfortunately.

Tim_Hawkins · March 6, 2023, 4:55pm

ah well. thanks anyway!

Oliver_Nassar · March 6, 2023, 5:08pm

I’ll let ya know if I find anything else.