How to add `Referer` header to network calls being made in extensions made using manifest V3?

Question

I had developed a chrome extension using manifest v3. I am opening an iframe in the content script and from the iframe few network calls are being made. I see that those calls do not have Referer header with them. To resolve this I had used declarativeNetRequest.

I have this in my manifest.json

 "permissions": ["scripting", "activeTab", "contextMenus", "storage", "tabs", "declarativeNetRequestWithHostAccess",
  "declarativeNetRequestFeedback"]

Using this piece of code in my service worker to add Referer header

async function addRefererToRequestHeader() {
  const ruleId = Math.floor(Math.random() * 1000000); // Generate a random number as the rule ID

  const rules = [{
    id: ruleId,
    action: {
      type: 'modifyHeaders',
      requestHeaders: [
        {
          header: 'New-Referer',
          operation: 'set',
          value: 'https://example.com/*',
        },
      ],
    },
    condition: {
      resourceTypes: ['sub_frame'],
      urlFilter: 'https://example.com/*',
    },
  }];

  try {
    await browser.declarativeNetRequest.updateDynamicRules({
      removeRuleIds: [],
      addRules: rules,
    });

    console.log('Rules added successfully.');
  } catch (error) {
    console.error('Error adding rules:', error);
  }
}

But apparently the call to https://example.com/* doesn't include any Referer header. Is it even possible to add Referer header? If so, how? What are the security implications of doing so?

PS: I am using webextension polyyfills browser

1) Add the site or `` to `host_permissions`. 2) `New-Referer` should be `Referer` 3) Use a stable same id for the rule e.g. `1` and specify it in removeRuleIds. Also clear your old rules by uninstalling the extension first. 4) Devtools doesn't show the added headers in some cases, it's a bug, so use Fiddler/Charles/WireShark or `chrome://net-export` to inspect the real headers. — wOxxOm, May 27 '23 at 12:12
@wOxxOm What all permissions would I require in manifest? Are these both "declarativeNetRequestWithHostAccess", "declarativeNetRequestFeedback" required? — Sam, May 30 '23 at 09:30
@wOxxOm I have done the above changes, and set the Referer value as `this-is-a-referer-header`. When I am trying to find this value in the file generated by `chrome://net-export`, I could not find it? Am I missing something? — Sam, Jun 05 '23 at 08:56

How to add `Referer` header to network calls being made in extensions made using manifest V3?

0 Answers0