11

I'm trying to send a HTTP request from a Extension in which I need to change the User-Agent.

My code looks like this:

function getXMLHttpRequest(method, url, extraHeaders) {
    var xhr = new XMLHttpRequest();
    xhr.open(method, url, true)

    for (var headerKey in extraHeaders) {
        xhr.setRequestHeader(headerKey, extraHeaders[headerKey]);
    }

    return xhr;
}
//....

getXMLHttpRequest("POST", "....", { "User-Agent": "Blahblahblah" })

Then, I get an error "Refused to set unsafe header: UserAgent"

I need to change that because my Backend needs to have an special User-Agent, is it possible to do that from an extension?

I tried webRequest API, to change the header before sending the request, but it says it does not work with XMLHttpRequest made from extensions in order to prevent locking.

HyLian
  • 4,999
  • 5
  • 33
  • 40
  • 1
    @ExpertSystem But you can change the UserAgent using the webRequest API. It is one of its examples in the doc. http://developer.chrome.com/extensions/webRequest.html – HyLian Jan 13 '14 at 12:31
  • @ExpertSystem I know it is considered unsafe, but this is not a regular javascript, it is a browser extension, I can use sockets and send whatever I want. Why not allowing to send an arbitrary HTTP Request? Cross-Origin request are also forbidden by the standards and they can be done with the proper configuration in the manifest. – HyLian Jan 13 '14 at 12:51
  • http://www.w3.org/TR/cors/ This one describes how you cannot make a HTTP request to a webserver which does not include the Access-Control-Allow-Origin in the response for OPTIONS. I haven't changed my server and I can make XMLHttpRequests to destionations which does not include that header in the response. But anyway, I'm not saying XMLHttpRequest should allow it, I'm asking for a way to make a HTTP Request specifying my own User-Agent inside a chrome extension. It can be a chrome.* API or whatever. – HyLian Jan 13 '14 at 13:22
  • I removed my comment above, because they were useless. I was pretty sure I had read it in the docs, but apparently I was wrong. (Sorry, for the confusion !) – gkalpak Jan 13 '14 at 14:29

1 Answers1

7

You can easily change the User-Agent header with the webRequest API.
For sample code, see Associate a custom user agent to a specific Google Chrome page/tab.

Take the code from that answer, and change "main_frame", "sub_frame" to "xmlhttprequest" to modify network requests initiated via XMLHttpRequest.

Obviously, to prevent deadlocks, this method does not work with synchronous requests ( i.e. when the third parameter of xhr.open is set to false).

Community
  • 1
  • 1
Rob W
  • 341,306
  • 83
  • 791
  • 678
  • Hey, Rob, was it always like that ? I remember having read somewhere in the docs about the limitation on unsafe XMLHttpRequest headers applying to a chrome.* API as well, but I can't find it any more. Any insights ? Am I out of my mind ? – gkalpak Jan 13 '14 at 14:33
  • @ExpertSystem There's a list indeed, but "User-Agent" is not a part of it. Scroll a bit down at https://developer.chrome.com/extensions/webRequest.html#life_cycle to see a partial list of hidden headers. The list is unfortunately "not guaranteed to be complete nor stable", so to get a definite answer, one has to dig deep in Chromium's source code. – Rob W Jan 13 '14 at 14:41
  • Yeah, I saw the list, but remember some doc explicitely saying that the same "unsafe" headers as XHR are also preventing. OK, then I am probably loosing it. BTW, you always spook me with your Chromium's-source-code-digging stuff :) – gkalpak Jan 13 '14 at 15:07
  • 1
    @RobW what's the scope of the code you linked to (assuming `types` is changed to `xmlhttprequest`)? Will it affect ALL XMLHttpRequests initiated by the browser, both inside and outside the extension? I understand it will also be filtered by the specified URL, just curious about the scope. – 101 Jan 09 '15 at 06:53
  • 1
    @figs All XMLHttpRequests. But you use can choose to return nothing in order, and/or use `.removeListener` instead of `addListener` to unregister an event (example: http://stackoverflow.com/a/23001552) – Rob W Jan 09 '15 at 09:26
  • @RobW Hi, Rob, I have many doubts I want to clear, and reading your answers made me feel that you can help me with my queries, can we have a little chat ? – Suraj Jain Apr 30 '18 at 09:03