If you really need to modify headers in a way to violate the CORS protocol, you need to specify 'extraHeaders' in opt_extraInfoSpec. If modified headers for cross-origin requests do not meet the criteria, it will result in sending a CORS preflight to ask the server if such headers can be accepted. Starting from Chrome 79, request header modifications affect Cross-Origin Resource Sharing (CORS) checks. This list is not guaranteed to be complete nor stable. The following headers are currently not provided to the onBeforeSendHeaders event. For example, all headers that are related to caching are invisible to the extension. For this reason, the API does not provide the final HTTP headers that are sent to the network. Internally, one URL request can be split into several HTTP requests (for example to fetch individual byte ranges from a large file) or can be handled by the network stack without communicating with the network. * Note that the web request API presents an abstraction of the network stack to the extension. The web request API guarantees that for each request either onCompleted or onErrorOccurred is fired as the final event with one exception: If a request is redirected to a data:// URL, onBeforeRedirect is the last reported event. ![]() onErrorOccurred Fires when a request could not be processed successfully. onCompleted Fires when a request has been processed successfully. It does not allow modifying or cancelling the request. This event is informational and handled asynchronously. For HTTP requests, this means that the status line and response headers are available. onResponseStarted Fires when the first byte of the response body is received. It does not allow you to modify or cancel the request. A redirection can be triggered by an HTTP response code or by an extension. onBeforeRedirect Fires when a redirect is about to be executed. This can also be used to cancel the request. Take care not to enter an infinite loop by repeatedly providing invalid credentials. Note that extensions may provide invalid credentials. This event can be handled synchronously to provide authentication credentials. onAuthRequired (optionally synchronous) Fires when a request requires authentication of the user. It also allows you to cancel or redirect the request. The caching directives are processed before this event is triggered, so modifying headers such as Cache-Control has no influence on the browser's cache. This event is intended to allow extensions to add, modify, and delete response headers, such as incoming Content-Type headers. Due to redirects and authentication requests this can happen multiple times per request. onHeadersReceived (optionally synchronous) Fires each time that an HTTP(S) response header is received. The event is triggered before the headers are sent to the network. onSendHeaders Fires after all extensions have had a chance to modify the request headers, and presents the final (*) version. This event can be used to cancel the request. The onBeforeSendHeaders event is passed to all subscribers, so different subscribers may attempt to modify the request see the Implementation details section for how this is handled. The event is intended to allow extensions to add, modify, and delete request headers (*). onBeforeSendHeaders (optionally synchronous) Fires when a request is about to occur and the initial headers have been prepared. This event is sent before any TCP connection is made and can be used to cancel or redirect requests. OnBeforeRequest (optionally synchronous) Fires when a request is about to occur. The event life cycle for successful requests is illustrated here, followed by event definitions: Certain synchronous events will allow you to intercept, block, or modify a request. You can use these events to observe and analyze traffic. ![]() The web request API defines a set of events that follow the life cycle of a web request. Policy installed extensions can continue to use "webRequestBlocking". Aside from "webRequestBlocking", the webRequest API will be unchanged and available for normal use. Consider "declarativeNetRequest", which enables use of the declarativeNetRequest API. As of Manifest V3, the "webRequestBlocking" permission is no longer available for most extensions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |