Chrome扩展程序中的Origin标头 [英] Origin header in Chrome Extension

问题描述

我有我的api运行在节点js上，出于安全原因，我已经设置了一个中间件功能来检查源标题，如果它来自我的网站，那么只有api应该继续。我发现Chrome扩展存在问题，因为它不会在get请求中传递origin头文件，并且在put请求中也会传递类似chrome：//的内容作为原始头文件。有人可以帮忙吗？

问候，
Manik Mittal

解决方案

<那么，这就是Chrome为扩展设置 Origin 的方式。重写并不简单。

然而，有可能来覆盖。您需要使用 webRequest API ，特别是对 onBeforeSendHeaders 的阻止响应，将源码重写为任何你喜欢的内容。

I have my api running on node js, where for security reasons, I have set up a middle ware function check the origin header, if it is from my website, then only the api should go ahead. I am finding issues with Chrome Extension, as it does not pass the origin header in the get requests, also in the put requests, it sends something like chrome:// as the origin header. Can somebody help?

Regards, Manik Mittal

解决方案

Well, that's how Chrome sets the Origin for extensions. It's not simple to override.

It is, however, possible to override. You'll need to use the webRequest API, specifically a blocking response to onBeforeSendHeaders, to rewrite the origin to whatever you like.

这篇关于Chrome扩展程序中的Origin标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！