Giters

microsoft / MicrosoftEdge-Extensions

This is a community space for Microsoft Edge Add-ons developers, to share resources and information about building, publishing and growing their Microsoft Edge extension.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Changing of request headers (declarativeNetRequest) inside the side panel does not work

yankovichv opened this issue ยท comments

commented

Why? Maybe I should specify some special parameters for the rule?

Example:

 addRules: [
      {
        id: 1,
        priority: 1,
        action: {
          type: 'modifyHeaders',
          requestHeaders: todoist.requestHeaders,
        },
        condition: {
          resourceTypes: ["sub_frame"],
          requestDomains: todoist.requestDomains,
        },
      },
commented

Hi @yankovichv ,

Thank you for reporting this. We are looking into this and will let you know as soon as we have an update.

commented

@yankovichv, can you share more details about where you're calling the declarativeNetRequest API from (static ruleset from manifest, background script, side panel surface, ...), whether you see any warning or error in the developer console when you make the call, and what the request domains are for which the header modification is not working?

commented

@abhishek-shanthkumar, we call the code from the service worker. We don't get any errors. The rules work fine in tabs but not in the side panel.

commented

@Bhuvana-Priya
I have my Page Sidebar for Microsoft Edge in the store:
https://microsoftedge.microsoft.com/addons/detail/page-sidebar-open-any-p/miifojhnicpdfnfmojlcjkgebnmcckjb
However, I encounter the same issue where it does not allow my page content to show up. While in Google Chrome and Firefox, the same code works for both web browsers.

My code is free and Open-Source:
https://github.com/stefanvd/Browser-Extensions/tree/master/Page-Sidebar

Are there any updates? And what is the reason that your Microsoft web browser makes this different?

commented

Thanks, @yankovichv. It'll help if you can share a minimal extension with which the behaviour can be reproduced. If I understand it correctly, you make some network requests from your extension's side panel surface, and for those requests, the header modification rules don't apply (while they do for requests made from other surfaces like the popup and the service worker). Is that right?

commented

@Bhuvana-Priya @abhishek-shanthkumar Is there any update about this important issue? As it is very important for my users.

commented

Sorry for the delay. I can repro the reported issue through the following steps:

  1. Install the extension https://microsoftedge.microsoft.com/addons/detail/page-sidebar-open-any-p/miifojhnicpdfnfmojlcjkgebnmcckjb
  2. Open the extension side panel and search for or drag-and-drop a site that has CSP headers (example: https://content-security-policy.com/) into it.

Expected result: The site loads because the extension modifies the CSP headers. This is the behavior on Chrome.
Actual result on Microsoft Edge: The site fails to load because of CSP violations.

We're engaged with our security team to determine the best approach here.

commented

Hi @yankovichv, we apologize for the inconvenience.

We are looking into this and will let you know as soon as we have an update.

commented

The fix is now available in Canary.