如何防止在Chrome扩展中接收响应头文件时下载 [英] How to prevent download on receiving response headers in chrome extension

问题描述

由于此问题阻止通过Chrome扩展程序通过Content-Type进行下载不适合我，我打开一个新的问题。
我使用以下代码根据内容类型标题阻止下载：

  chrome.webRequest.onHeadersReceived.addListener （function（details）{
 preventDownload = false; 
 details.responseHeaders.push（{name：X-Content-Options，value：no-sniff}）; // Hack 1 
 details.statusLine =HTTP / 1.1 302 Moved Temporarily; // Hack 2 
 for（var i = 0; i< details.responseHeaders.length; ++ i）
 {
 if（details.responseHeaders [i] .name =='Content-Type'）
 {
 var contentType = details.responseHeaders [i] .value; 
 if（contentType。 indexOf（application / xyz）！=  -  1）
 {
 preventDownload = true; 
 details.responseHeaders [i] .value ='text / plain'; // Hack 3 
} 
 else 
 {
 return {responseHeaders：details.responseHeaders}; 
} 
} 
 
 } 
 if（preventDownload）
 {
 if（details.frameId === 0）// Top frame，yay！ 
 {
 var scheme = /^https/.test(details.url）？ https：http; 
 chrome.tabs.update（details.tabId，{
 url：scheme +：//robwu.nl/204}）; 
 return; // return {cancel：true};应该使用，但它显示块页面
} 
 return {cancel：true}; 
} 
 return {responseHeaders：details.responseHeaders}; 
}，{urls：[< all_urls>]，类型：[main_frame，sub_frame]}，['blocking'，'responseHeaders']）; 
  

我成功阻止下载，但出现错误的Web阻止页面。我需要保持在上一页的用户没有重新加载显示此错误页面或以某种方式后，从该服务页面显示后退回。

我在上面的代码中使用了一个黑客但它不会阻止下载。

解决方案

详情是一个对象提供给您的扩展与关于请求的信息。更改其值并不会影响请求。

？id = 280464＃c7rel =nofollow>自 Chrome 35.0.1911.0 以外，您可以简单地重定向至回复状态码204的页面，以防止上一页卸载：

  chrome.webRequest.onHeadersReceived.addListener（function（details）{
 // ...您的代码检查请求是否应该被阻止... 
 //（为简洁起见而省略）
 var scheme = /^https/.test(details.url）？https：http; 
 return {redirectUrl：scheme +：//robwu.nl/204}; 
}，{
 url：[< all_urls>]，
 types：[ main_frame，sub_frame] 
}，[responseHeaders，blocking]）; 
  

---

如果您使用旧版Chrome版本例如34-），那么可以使用以下方法：

此外，为了防止文件被下载，您需要指示Chrome浏览器在标签。

1. 将 Content-Type 更改为 text / plain （因为它是一种简单的格式）。
   
2. 添加 X-Content-Type-Options： nosniff （防止 MIME嗅探）。
>

3. 删除 Content-Disposition 标题（以防止某些类型的下载）
。

使用这些标头，Chrome会尝试在标签中呈现响应。以下是来自其他答案的方法：通过调用 chrome。

pre> chrome.webRequest.onHeadersReceived.addListener（function（details）{
// ...检查请求是否被阻止的代码...
//（为了简洁省略）

if（details.frameId === 0）{//顶框，yay！
//防止当前页面卸载：
var scheme = /^https/.test(details.url）？https：http;
chrome.tabs.update（details.tabId，{
url：scheme +：// robwu .nl / 204
}）;

//防止文件通过标题下载：
var responseHeaders = details.responseHeaders.filter（function（header）{
var name = header.name.toLowerCase（）;
返回姓名！=='content-type'&&
name！=='x-content-type-options'&&
name！=='content-disposition';
））。concat（[{
//将内容类型更改为不可下载的
名称：'Content-Type'，
值：'text / plain'
$ b //禁用MIME类型的嗅探：
name：'X-Content-Type-Options'，
value：'nosniff'
}]）;
return {
responseHeaders：responseHeaders
};
}
//否则不是顶框...
return {cancel：true};
} {
urls：[< all_urls>]，
types：[main_frame，sub_frame]
}，[responseHeaders，blocking ]）;


注意：这是一种黑客方法。随意将其用于个人使用，但请勿将这种类型的扩展程序上传到Chrome网上应用店。

Since this question Block downloading by Content-Type via Chrome Extension didn't work for me, I am opening a new question. I use the following code to block download based on content-type header:

chrome.webRequest.onHeadersReceived.addListener(function(details) {
    preventDownload = false;
    details.responseHeaders.push({name:"X-Content-Options",value: "no-sniff"});  // Hack 1
    details.statusLine = "HTTP/1.1 302 Moved Temporarily"; // Hack 2
    for (var i = 0; i < details.responseHeaders.length; ++i) 
    {
       if (details.responseHeaders[i].name == 'Content-Type')
        {
            var contentType = details.responseHeaders[i].value;
            if (contentType.indexOf("application/xyz")!=-1)
            {
                preventDownload = true;
            details.responseHeaders[i].value = 'text/plain'; //Hack 3
            }
            else
            {
                return {responseHeaders: details.responseHeaders};
            }
        }

    }
    if(preventDownload)
    {
        if (details.frameId === 0) // Top frame, yay!
        { 
            var scheme = /^https/.test(details.url) ? "https" : "http";
            chrome.tabs.update(details.tabId, {
            url: scheme + "://robwu.nl/204"});
            return;   //return {cancel: true}; should be used but it displays block page
        }
        return {cancel: true};
    }
    return {responseHeaders: details.responseHeaders};
}, {urls: ["<all_urls>"],types: ["main_frame", "sub_frame"]}, ['blocking', 'responseHeaders']);

I succeed in preventing the download, but an error Web block page appears. I need to keep user on previous page without reloading to displaying this error page OR somehow move back from this service page after it displayed.

I have used a hack in above code but it does not block the download.

解决方案

details is an object supplied to your extension with information about the request. Changing its value does indeed not have any effect on the request.

Since Chrome 35.0.1911.0, you can simply redirect to a page that replies with status code 204 to prevent the previous page from unloading:

chrome.webRequest.onHeadersReceived.addListener(function(details) {
    // ... your code that checks whether the request should be blocked ...
    //  (omitted for brevity)
    var scheme = /^https/.test(details.url) ? "https" : "http";
    return {redirectUrl: scheme + "://robwu.nl/204" };
}, {
    urls: ["<all_urls>"],
    types: ["main_frame", "sub_frame"]
}, ["responseHeaders", "blocking"]);

---

If you're using an older Chrome version (e.g 34-), then the following method can be used instead:

Further, to prevent the file from being downloaded, you need to instruct Chrome to render the page in the tab. This can be done by modifying the headers.

1. Change Content-Type to text/plain (because it is a light format).
2. Add X-Content-Type-Options: nosniff (to prevent MIME-sniffing).
3. Remove the Content-Disposition header (to prevent some kinds of downloads).

With these headers, Chrome will try to render the response in the tab. Here's where the method from the other answer comes in: By calling chrome.tabs.update that points to a resource that replies with HTTP status code 204, the navigation is cancelled without leaving the current page.

chrome.webRequest.onHeadersReceived.addListener(function(details) {
    // ... your code that checks whether the request should be blocked ...
    //  (omitted for brevity)

    if (details.frameId === 0) { // Top frame, yay!
        // Prevent current page from unloading:
        var scheme = /^https/.test(details.url) ? "https" : "http";
        chrome.tabs.update(details.tabId, {
            url: scheme + "://robwu.nl/204"
        });

        // Prevent file from being downloaded via the headers:
        var responseHeaders = details.responseHeaders.filter(function(header) {
            var name = header.name.toLowerCase();
            return name !== 'content-type' &&
                   name !== 'x-content-type-options' &&
                   name !== 'content-disposition';
        }).concat([{
            // Change content type to something non-downloadable
            name: 'Content-Type',
            value: 'text/plain'
        }, {
            // Disable MIME-type sniffing:
            name: 'X-Content-Type-Options',
            value: 'nosniff'
        }]);
        return {
            responseHeaders: responseHeaders
        };
    }
    // else not the top frame...
    return {cancel: true};
}, {
    urls: ["<all_urls>"],
    types: ["main_frame", "sub_frame"]
}, ["responseHeaders", "blocking"]);

Note: This is a hacky method. Feel free to use it for personal use, but please do not upload such kinds of extensions to the Chrome Web Store.

这篇关于如何防止在Chrome扩展中接收响应头文件时下载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！