2

Is it possible to intercept ALL network traffic that occurs in an application? The idea would be that every single request (Ajax, iframe, anchor click, form submit, window.location etc.) gets intercepted and I can add a custom header to the request.

So far, I have used XMLHttpRequest.prototype to capture all Ajax calls. But this doesn’t pick up form submits, for example.

Is this possible in pure JavaScript without having to go and modify every location where a network call is made?

DemCodeLines
  • 1,870
  • 8
  • 41
  • 60
  • No. You can look at AJAX requests quite easily, but not other stuff. There's actually a logical problem with the whole idea: a full page reload (such as window.location, form submit, user pressing F5 etc) destroys the current HTML document in the browser and replaces it with a new one from the server. So any JavaScript running in that page is also destroyed and replaced. Therefore any monitoring code also running in JavaScript in the page is destroyed...see the problem? – ADyson Mar 21 '19 at 16:51
  • No, this isn't possible. As far as I know, there isn't any way to intercept the WebRTC data connections, for example. And even if you could at the application layer, this isn't really "network traffic". – Brad Mar 21 '19 at 16:52
  • Ideally, the JavaScript code would be executed before the browser even begins to process the action. – DemCodeLines Mar 21 '19 at 16:53
  • ??? JavaScript runs in a page which is loaded into the browser...so how it can run before the browser does anything? Maybe you're thinking of writing a browser extension? But what is this custom header for? You could probably use cookies instead, I would guess. That's the normal way to ensure the browser attaches extra info to requests within a particular domain. – ADyson Mar 21 '19 at 16:54
  • Let’s say I hit the submit button on a form. Ideally, the said JavaScript function would execute, modify the URL that the browser is about to go to, then resume standard behavior. I’m basically looking to have some sort of generic event that gets fired by all of these actions. – DemCodeLines Mar 21 '19 at 16:58
  • you can modify the URL itself (e.g. when submitting a form), but not the headers. And there's no way to make it generic really. Nor can you change things like the requests generated by URLs included in ` – ADyson Mar 21 '19 at 17:03
  • 1
    Can you use a service worker? [Take a look at this question](https://stackoverflow.com/questions/49503836/serviceworker-is-it-possible-to-add-headers-to-url-request) – James Mar 21 '19 at 17:25
  • "*in an application*" - I assume you mean the clientside part of a web application? – Bergi Mar 21 '19 at 17:42
  • @James that still only applies to ajax requests as far as I know. I don't think it can track _all_ requests on a particular page (or even across separate pages within a site), which is what is being talked about here – ADyson Mar 21 '19 at 18:33
  • @ADyson I'm looking forward to actually using a service worker still, but I'm pretty sure that they can intercept all https requests from the page they are registered to. – James Mar 21 '19 at 20:16

1 Answers1

0

You seem to be looking for Service Workers.

Bergi
  • 630,263
  • 148
  • 957
  • 1,375
  • I looked into it, but it appears that anyone can just turn those off in their browser settings, which kind of defeats the point. – DemCodeLines Mar 21 '19 at 17:46
  • 1
    @DemCodeLines Everyone can turn off JavaScript in their browser settings. Why would you care? Sure, your page should still work without modern features, but what functionality would be lost if you didn't add the custom header? – Bergi Mar 21 '19 at 18:19