New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENGG-1689] MV3: Expose onBeforeAjaxRequest hook to forward auth header in cross origin redirects #1664
Conversation
Here's the code health analysis summary for commits Analysis Summary
|
browser-extension/mv3/src/service-worker/services/requestProcessor.ts
Outdated
Show resolved
Hide resolved
browser-extension/mv3/src/service-worker/services/rulesManager.ts
Outdated
Show resolved
Hide resolved
browser-extension/mv3/src/service-worker/services/requestProcessor.ts
Outdated
Show resolved
Hide resolved
browser-extension/mv3/src/service-worker/services/requestProcessor.ts
Outdated
Show resolved
Hide resolved
browser-extension/mv3/src/client-scripts/ajaxRequestInterceptor.js
Outdated
Show resolved
Hide resolved
if (Object.values(this.cachedRules).every((rules) => rules.length === 0)) { | ||
return; | ||
} | ||
|
||
await this.forwardIgnoredHeadersOnRedirect(tabId, requestDetails); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should move this in a separate method handleRedirectAuthorizationHeader
. We can add cases too here only and keep other logic separate from each other
private forwardIgnoredHeadersOnRedirect = async (tabId: number, requestDetails: AJAXRequestDetails) => { | ||
if ( | ||
!IGNORED_HEADERS_ON_REDIRECT.some( | ||
(header) => requestDetails.requestHeaders[header] || requestDetails.requestHeaders[header.toLowerCase()] | ||
) | ||
) { | ||
return; | ||
} | ||
|
||
const matchedRule = this.findMatchingRule( | ||
[...this.cachedRules.redirectRules, ...this.cachedRules.replaceRules], | ||
requestDetails.url | ||
); | ||
|
||
if (!matchedRule) { | ||
return; | ||
} | ||
|
||
const ignoredHeaderValues = IGNORED_HEADERS_ON_REDIRECT.map((header) => ({ | ||
name: header, | ||
value: requestDetails.requestHeaders[header] || requestDetails.requestHeaders[header.toLowerCase()], | ||
})); | ||
|
||
const redirectedUrl = this.getRedirectedUrl(requestDetails.url, matchedRule); | ||
|
||
return this.updateRequestSpecificRules(tabId, requestDetails.url, { | ||
action: { | ||
requestHeaders: ignoredHeaderValues.map((header: { name: string; value: string }) => ({ | ||
header: header.name, | ||
value: header.value, | ||
operation: chrome.declarativeNetRequest.HeaderOperation.SET, | ||
})), | ||
type: chrome.declarativeNetRequest.RuleActionType.MODIFY_HEADERS, | ||
}, | ||
condition: { | ||
// Exact URL is not used because for replace rules, a marker query param is add which changes the URL so exact URL doesn't match | ||
urlFilter: `|${redirectedUrl}`, | ||
resourceTypes: [chrome.declarativeNetRequest.ResourceType.XMLHTTPREQUEST], | ||
tabIds: [tabId], | ||
requestMethods: [requestDetails.method.toLowerCase() as chrome.declarativeNetRequest.RequestMethod], | ||
excludedInitiatorDomains: ["requestly.io", "requestly.com"], | ||
}, | ||
}); | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we will need this logic more large number of cases in future. Lets create a folder for this as separate out logics
- requestProcessor
- index.ts
- redirectAuthHeader
- initiatorDomainHeader
private forwardIgnoredHeadersOnRedirect = async (tabId: number, requestDetails: AJAXRequestDetails) => { | ||
if ( | ||
!IGNORED_HEADERS_ON_REDIRECT.some( | ||
(header) => requestDetails.requestHeaders[header] || requestDetails.requestHeaders[header.toLowerCase()] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare both headers in lowercase.
There might be case when we stored header in lowercase in IGNORED_HEADERS_ON_REDIRECT and the actual header is in uppercase. This logic will fail then
|
||
const ignoredHeaderValues = IGNORED_HEADERS_ON_REDIRECT.map((header) => ({ | ||
name: header, | ||
value: requestDetails.requestHeaders[header] || requestDetails.requestHeaders[header.toLowerCase()], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use both lowercase header keys
const ignoredHeaderValues = IGNORED_HEADERS_ON_REDIRECT.map((header) => ({ | ||
name: header, | ||
value: requestDetails.requestHeaders[header] || requestDetails.requestHeaders[header.toLowerCase()], | ||
})); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should do this for only existing headers. Right now it generates for header values which are not present in the request
const redirectedUrl = pair.destination || requestUrl.replace(pair.from, pair.to); | ||
if (redirectedUrl === requestUrl) { | ||
return null; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this work in case of wildcard and regex subsitutions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Substitutions are not supported in case of replace rules. We need to handle only redirect rule
|
||
tabService.setData(tabId, TAB_SERVICE_DATA.SESSION_RULES_MAP, { | ||
...sessionRulesMap, | ||
[requestUrl]: ruleId, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't ruleIds be an array or map of rulesIds because there might be case when initiator_domain and auth case applies on same URL
How about this?
{
[requestUrl]: {
auth_header: ruleId,
initiator_domain: ruleId,
}
}
Closes issue:
π Summary of changes:
β Checklist:
π§ͺ Test instructions:
π Other references: