Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I override the Origin header in Chrome when connecting to a WebSocket?

Tags:

javascript

google-chrome

websocket

I am trying to connect to an external web socket server, which is not run by myself. I would like to connect to it from a localhost javascript file, therefore the origin header has null value.

I understand that this is a measure against cross-site forgery. However, since I am on localhost, I should be able to fake this, by getting Chrome to send a custom Origin header.

Is it possible? (if I need an extension, that is fine)

If not, what is my best option to achieve the above? Thank you.

like image 479
David Frank Avatar asked May 17 '15 19:05

David Frank

People also ask

How do I override origin header?

The browser is solely responsible for setting the Origin header. The Origin header is always present on cross-origin requests, and the client has no way of setting or overriding the value.

Can Chrome extensions bypass CORS?

The only solution is to add permissions to your manifest. These can be partially-regexed, for example: "permissions": [ "*://*. twitter.com/*" ], . Thankfully, there is no way for an extension to completely bypass Chrome's own CORS policy.

How do I fix strict origin on cross-origin Chrome?

You can already try out the change starting from Chrome 81: visit chrome://flags/#reduced-referrer-granularity in Chrome and enable the flag. When this flag is enabled, all websites without a policy will use the new strict-origin-when-cross-origin default.

How do I pass header URL in Google Chrome browser?

In Chrome, visit a URL, right click , select Inspect to open the developer tools. Select Network tab. Reload the page, select any HTTP request on the left panel, and the HTTP headers will be displayed on the right panel.

1 Answers

As far as I know this will not be possible, it would break the security guards against CSRF in Chrome.

If you were able to do that the whole concept of XHR would fall apart.

Here is an Extension you can use to manipulate header on the fly, but so far I have not been able to get it to manipulate socket headers.

Look here if you want to read more about this.

But this doesn't stop you from implementing your own client (in place of chrome) where you can literally send whatever headers you want, not sure if this helps you, sorry.

like image 171
tato Avatar answered Sep 29 '22 15:09

tato
Sign in to Comment

Related questions

Change navigation active class on window scroll
Simple drag and drop code
ng-click not working after compile ng-bind-html
AddThis not working after ajax load
How to use AJAX with Google App Engine (Python)
Make CSS tooltip follow cursor
Difficulty getting browserify-shim working with grunt-browserify (> 2.0.2) as transform
Variable Environment vs lexical environment
jQuery how to select the first non-hidden select option
html5/Javascript - How to get the Selected folder name?
Developing game app using Phaser.js and Ionic (slow/shaky rendering)
copy whole html table to clipboard javascript
How can I make a stepline or stepped chart in chart.js or D3?
Best Way to detect midnight and reset data
Convert Date from one format to another format in JavaScript
Adding commas to numbers when typing
Why is Javascript giving result as Number instead of True/False for expression? [duplicate]
jQuery + Animate.css animation only working once, animation not resetting
Is there a way to specify ES6 generator method in object literal in node.js?
In an Ember Array, how do i access object by index value? Ember Js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!