1

I am trying to develop a node app and require a server that can only be used by the app internally.

I have tried instantiating a server without listening to the port, but can't do anything with it from that point forwards:

let http = require("http");
http.createServer(function (req, res) {
    // custom code
})

This app is being built with NWJS and I need to intercept any outgoing requests (including file resources; CSS, JS, images, etc.) and modify the response, but I am not having any success with it except if I use a server for this purpose.

Problem is it becomes possible to open that server on any browser and I just want it to be used only inside the app or another way to intercept outgoing requests from the app so that the response body can be modified.

Shadow
  • 4,168
  • 5
  • 41
  • 72
  • Then you don't want to be creating a http server, I'm not a `nwjs` user, but a quick look at the docs, you supply the HTML as the root to your app anyway. – Keith Feb 22 '18 at 12:51
  • I think you need chrome.webRequest - https://developer.chrome.com/extensions/webRequest – stdob-- Feb 22 '18 at 13:01
  • @Keith That is not at all what I am talking about, the app has its own pages, what I want is to intercept outbound communications. Nothing to do with supplying html pages. stdob-- Chrome WebRequest does not allow response body manipulation. – Shadow Feb 22 '18 at 14:55
  • Ah, see. In that case inside the chrome instance you could setup a service worker, and intercept the fetch event.. https://developer.mozilla.org/en-US/docs/Web/API/FetchEvent – Keith Feb 22 '18 at 14:59
  • @Shadow yes, you are right. May be this help: https://stackoverflow.com/a/45220932 – stdob-- Feb 22 '18 at 15:04
  • @Keith Sounds interesting but I don't see how that would work, looks like I need to make my own requests instead of listening for any outgoing requests that I do not control. Can you provide an answer with an example showing how that solution would solve the problem I described? stdob-- That does not help, it only works inside the devtools console. – Shadow Feb 22 '18 at 15:10
  • `Can you provide an answer` there is a good explanation here -> https://css-tricks.com/serviceworker-for-offline/ It talks all about making offline, but of course is not limited to doing just this. The only thing I can think might cause an issue `your site needs to be served over a secure connection`. Not sure how nw.js handles the internal HTML, if it's classed as secure or not. They might be a flag you need to set.. – Keith Feb 22 '18 at 15:18
  • @Shadow think you need configure chrome.proxy to pass all request to inner proxy server. To hide from other app you can add some token to header. – stdob-- Feb 22 '18 at 15:23
  • I will be trying both of your suggestions and see if they work, in which case it would be best if there was an answer for me to accept. Thanks for the help, hope at least one does what I need. – Shadow Feb 22 '18 at 16:03

1 Answers1

1

I have tried Keith's suggestion of using a service worker to intercept requests, but in my case I could not load a service worker from local environment into live environment (for example, run a local sw file in stackoverflow page), so that suggestion ended there.

Stdob's suggestion of using a proxy ended up being redundant and more troublesome than my original attempt.

In the end I went with my original attempt as follows:

  • Using chrome.webRequest.onBeforeRequest (Chrome API) and a local node server.

  • The server is created with an arbitrary port to reduce the risk of hitting an already used port.

  • The chrome API redirects all connections to the local server (ex. url: http://127.0.0.1:5050) and then the server will handle the requests as needed, returning the requested files modified or intact.

  • Last step, add a unique header with a unique value that only the app knows, so that no server access can be made from outside the app.

It is not the best solution, ideally I would prefer to have something like Firefox's webRequest.filterResponseData, but until Chrome implements that, this will have to do.

Shadow
  • 4,168
  • 5
  • 41
  • 72