Menu
I'm writing a service worker with the purpose of monitoring a website's traffic. I capture the request and the response and send data about it to my backend
I'm trying to avoid monitoring the CORS requests. My logic is something like this (dropped not relevant lines):
self.addEventListener("fetch", function (event) {
event.respondWith(handleRequest(event));
});
const handleRequest = async event => {
let response;
let request = event.request.clone();
if (! isCrossOrigin(event.request)) {
response = await fetch(event.request);
storeData(request, response.clone());
return response;
} else {
console.log(`Dropping request for ${event.request.url}`)
return fetch(request);
}
};
The problem is that when I have a CORS request and I'm fetching it via the fetch(request), without changing original credentials state, I'm getting:
Access to fetch at 'https://other-domain.com/test-post' from origin
'http://localhost:3000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Origin' header in the response
must not be the wildcard '*' when the request's credentials mode is 'include'.
I can't send the request without the credentials because my client (the one who's using my service worker) might need it.
I can't return a value other than * in the header simply because I don't own the 3rd party origin server. I can't ask to change their API for my monitoring.
My question - Is there a way to just pass on the request as if it wasn't intercepted by my service worker?
I don't mind ignoring CORS requests since they are not critical for what I'm monitoring.
553
To solve the "TypeError: Failed to fetch", make sure to pass the correct configuration to the fetch method, including the URL, HTTP method and headers, and verify that the server you're making a request to is setting the correct CORS headers with the response. Copied!
You can test your API's CORS configuration by invoking your API, and checking the CORS headers in the response. The following curl command sends an OPTIONS request to a deployed API.
Reason: CORS request not HTTP This often occurs if the URL specifies a local file, using a file:/// URL. To fix this problem, make sure you use HTTPS URLs when issuing requests involving CORS, such as XMLHttpRequest , Fetch APIs, Web Fonts ( @font-face ), and WebGL textures, and XSL stylesheets.
mode. The mode option is a safe-guard that prevents occasional cross-origin requests: "cors" – the default, cross-origin requests are allowed, as described in Fetch: Cross-Origin Requests, "same-origin" – cross-origin requests are forbidden, "no-cors" – only safe cross-origin requests are allowed.
If you return from the FetchEvent handler synchronously then the browser will proceed to process it as it normally would. So something like:
self.addEventListener("fetch", function (event) {
if (isCrossOrigin(event.request)) {
return;
}
event.respondWith(handleRequest(event));
});
const handleRequest = async event => {
let response = await fetch(event.request);
storeData(request, response.clone());
return response;
};
This doesn't really address why you're getting an error calling fetch(evt.request) from the service worker. That should in general work if the normal request would have succeeded.
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
