-
-
Save opichals/fb57221b8c30105888e048ea405db19e to your computer and use it in GitHub Desktop.
Chrome extension to force-enable CORS based on request's *source* url (i.e. the url of the browser tab) rather than the target url
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Notes: we need the `sourceTabUrl &&` before the URL check because chromebooks make weird requests that don't come from "real" tabs. | |
| let accessHeaders = new Map(); | |
| let tabIdToUrlMap = new Map(); | |
| let requestListener = function (details) { | |
| const accessControlRequestHeader = details.requestHeaders.find(elem => elem.name.toLowerCase() === "access-control-request-headers"); | |
| if(accessControlRequestHeader) { | |
| accessHeaders.set(details.requestId, accessControlRequestHeader.value); | |
| } | |
| }; | |
| let responseListener = function(details) { | |
| let responseHeaders = details.responseHeaders; | |
| let sourceTabUrl = tabIdToUrlMap.get(details.tabId); | |
| if(sourceTabUrl && sourceTabUrl.startsWith("file:///path/to/my/dev/folder")) { // <-- EDIT THIS TO CHANGE URL CONDITIONS TO ENABLE CORS | |
| responseHeaders = responseHeaders.filter(elem => elem.name.toLowerCase() !== 'access-control-allow-origin' && elem.name.toLowerCase() !== 'access-control-allow-methods' ) | |
| responseHeaders.push({'name': 'Access-Control-Allow-Origin','value': '*'}); | |
| responseHeaders.push({'name': 'Access-Control-Allow-Methods', 'value': 'GET, PUT, POST, DELETE, HEAD, OPTIONS'}); | |
| if(accessHeaders.has(details.requestId)){ | |
| responseHeaders.push({'name':'Access-Control-Allow-Headers', 'value': accessHeaders.get(details.requestId)}); | |
| accessHeaders.delete(details.requestId); | |
| } | |
| } | |
| return {responseHeaders}; | |
| }; | |
| let tabUpdateListener = function(tabId, changeInfo, tab) { | |
| tabIdToUrlMap.set(tabId, tab.url); | |
| }; | |
| let tabCreatedListener = function(tab) { | |
| tabIdToUrlMap.set(tab.id, tab.url); | |
| }; | |
| chrome.tabs.onUpdated.addListener(tabUpdateListener); | |
| chrome.tabs.onCreated.addListener(tabCreatedListener); | |
| chrome.runtime.onInstalled.addListener(reload); | |
| chrome.runtime.onStartup.addListener(reload); | |
| function reload() { | |
| tabIdToUrlMap = new Map(); | |
| try { | |
| chrome.webRequest.onHeadersReceived.removeListener(responseListener); | |
| chrome.webRequest.onBeforeSendHeaders.removeListener(requestListener); | |
| } catch(e) {} | |
| chrome.webRequest.onHeadersReceived.addListener(responseListener, {urls: ["<all_urls>"]}, ["blocking", "responseHeaders"]); | |
| chrome.webRequest.onBeforeSendHeaders.addListener(requestListener, {urls: ["<all_urls>"]}, ["blocking", "requestHeaders"]); | |
| chrome.tabs.query({}, function(tabs) { | |
| for(let tab of tabs) { | |
| tabIdToUrlMap.set(tab.id, tab.url); | |
| } | |
| }); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "SOURCE-url-based CORS enabler", | |
| "version": "0.0.1", | |
| "manifest_version": 2, | |
| "description": "Adds Access-Control-Allow-Origin, Access-Control-Allow-Methods and Access-Control-Allow-Headers headers for CORS for ALL requests that are made from tabs with a url that begins with 'file:///' and ends with '__enable_cors__.html' exactly.", | |
| "background": { | |
| "scripts": ["background.js"] | |
| }, | |
| "permissions": [ | |
| "tabs", | |
| "webRequest", | |
| "webRequestBlocking", | |
| "<all_urls>", | |
| "file://*/*" | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment