CODEWITHSUNDEEP
javascripthtmlgoogle-chromegoogle-chrome-extensiongoogle-chrome-app
Jake
Jake

Reputation: 21

Use webRequest to cancel a request made by another extension

I have successfully used the webRequest API to block all xmlhttprequests made from websites I visit. However, my goal is to circumvent a content security filter installed on our school chromebooks. The extension works by reading the URL of the tab and sending an xmlhttprequest to it's servers to ask if the website is blocked or not. I have determined that if I cancel all of these xmlhttprequests made to its servers, no websites will be blocked.

I am using the following code to snipe all xmlhttprequests.

chrome.webRequest.onBeforeSendHeaders.addListener(function(details){
    if(details.type=='xmlhttprequest')
    {
        return{cancel:true};
    }
},{urls: ['<all_urls>']},['blocking', 'requestHeaders']);

This code works perfectly for blocking requests made from any website (for example, you cannot play spotify music with this extension enabled). But onBeforeSendHeaders seems to ignore requests that are made from an extension. Therefore, this code does not work to block xmlhttprequests the school extension sends to its servers. I also have code to block xmlhttprequests with onHeadersReceived and onBeforeRequest, but they all have the same problem. They block requests made from websites, but do not recognize a request if it is made from an extension.

And oddly enough, sometimes this code actually works, and will block requests made from the extension, but most (like 99%) of the time, it ignores them. Is there a way to ensure that my extension doesn't ignore the requests made from another extension?

I know you are going to say how I shouldn't circumvent my school's web filters because it's wrong or I will get in trouble. But I am just doing this because I enjoy figuring things out, and I am not going to use it for things that will get me or the school in trouble. Also, I have made other similar extensions which recently got fixed, and everyone who uses them pretty much expects me to update/fix my app.

Upvotes: 2

Views: 989

Answers (1)

Xan
Xan

Reputation: 77482

Is there a way to ensure that my extension doesn't ignore the requests made from another extension?

No. It used to be possible to intercept requests from other extensions and apps, but this was deemed a security bug - since you could potentially taint data for a higher-privilege extension.

As such, it is ensured that you will ignore such requests.

Upvotes: 2

Related Questions