Adding Referer header to network calls originating from chrome extension

[Shubham]

Hi team,

I a developing a chrome extension using manifest V3. I am using webextension pollyfill's browser object.

In my content script I am opening an iframe, the code which runs in the iframe is also  extension code. Apparently, network calls originating from iframe doesn't have Referer header with them. For a use case, I need to pass Referer header in the network call. To achieve this I have made  use of "declarativeNetRequestWithHostAccess","declarativeNetRequestFeedback".

The code in my service_worker looks like this:

```

async function addRefererToRequestHeader() {

  const ruleId = 1;

  const rules = [{

    id: ruleId,

    action: {

      type: 'modifyHeaders',

      requestHeaders: [

        {

          header: 'Referer',

          operation: 'set',

          value: 'this-is-a-referer-header',

        },

      ],

    },

    condition: {

      resourceTypes: ['sub_frame'],

      urlFilter: '<all_urls>',

    },

  }];

  try {

    await browser.declarativeNetRequest.updateDynamicRules({

      removeRuleIds: rules.map(r => r.id),

      addRules: rules,

    });

    console.log('Rules added successfully.');

  } catch (error) {

    console.error('Error adding rules:', error);

  }

}

I have included this call in app install handle event.
```
I have these permissions in my manifest:

```

"permissions": ["scripting", "activeTab", "contextMenus", "storage", "tabs", "declarativeNetRequestWithHostAccess",

  "declarativeNetRequestFeedback"],

"host_permissions":[

    "<all_urls>"

  ]

```

I am using chrome://net-export to check for the added header. I have tried finding the header value, 'this-is-a-referer-header', in the log file generated but I couldn't find the value. What am I missing? Is it even possible to add Referer header. If yes, how?

TIA 

[Deco]

Manifest V3 does not support your current implementation for modifying the Referer header with declarativeNetRequest from iframes. This is why you cannot see the value (it isn't taking effect). For your use case, take a look at webRequest.onBeforeSendHeaders to modify the request directly in the content script, this will allow you to modify the request headers, including the Referer. 

Cheers,

Deco

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/be1a85f4-35d0-44ff-81c0-c01289a604fcn%40chromium.org.

[Shubham]

Hi Deco, the network call is not being made explicitly by my code, I am using an internal SDK which makes a network call. Will I still be able to use  webRequest.onBeforeSendHeaders to add the header?

[Deco]

If you do not have access to the SDK then it probably isn't possible to use this, it will require modifying this to implement. You don't have a lot of good options here without the source code for the SDK, you can check if it uses XMLHttpRequest, and if it does override it with XMLHttpRequest.prototype.send. Simply put you are extremely limited if you are relying on this apparent blackbox SDK to implement what you are trying to do. The Referer is considered sensitive, and why your declarativeNetRequest implementation will not work. 

Cheers,

Deco

[wOxxOm]

> Manifest V3 does not support your current implementation for modifying the Referer header with declarativeNetRequest from iframes

The actual functionality is supported, but there's a bug in devtools so the result may not be shown in the network panel.

However, the problem is that your rule's condition is incorrect: it only applies to the request for the iframe's html and not to the requests made inside the iframe.

Assuming your iframe's src points to a web_accessible_resources html, it has chrome-extension:// URL, so the solution is to filter by the extension's id:

    condition: {
       initiatorDomains: [chrome.runtime.id],

       resourceTypes: ['xmlhttprequest'],
    },