Differentiate between plugin HTTP requests and JavaScript HTTP requests

Question

I am writing a XUL application which records all the network communication happening inside a browser instance created using <browser> tag.

I can use http-on-modify-request to track all the requests being made and modify headers accordingly but I can not differentiate which request is made by a plugin like Flash or if it's been made by JavaScript.

Is there a way I can differentiate such requests?

Answer 1

Alert, nasty hack incoming!

You definitely can't differentiate the requests for Flash vs Javascript, as they actually use the same Mozilla platform APIs.

However, there's nothing stopping you making the non-Flash request look different when examined in an http-on-modify-request implementation -- you need to do something to make all those non-Flash requets look different.

The easiest way I can think of is to add (and then strip off inside your http-on-modify-request handler) a QueryString parameter.

So basically, just add something like ?___NONFLASH__=897123487 or &___NONFLASH__=897123487 to each request URI. (where you randomly generate the token 897123487 at initialisation so that it can't be guessed by JavaScript/Flash trying to 'escape' from this "sandbox").

You'd need to affect the following in browser's content.contentDocument:

• links - alter their href attributes
• forms - alter their action attributes
• window.XMLHttpRequest - replace this with a version of your own making (make sure you replace it before any client-script runs!)

That just leaves client script-initiated window-level navigation (e.g: window.location.href changes). You could use either an NSIObserver or an NSIProgressListener to watch for the URL changing/re-loading.

edit: all of this assumes that the flash content isn't using a Flash<-->JavaScript bridge and doing all the requests on the JavaScript side (unlikely! -- but possible).