Search code examples
cookieselectronchrome-webrequest

Cookies in an iframe inside an electron app stop working when setting custom header via webRequest.onBeforeSendHeaders

I have an iframe in an electron app (v6.1.2) that loads an external URL. I need to load that URL with a custom header, therefore I use webRequest.onBeforeSendHeaders() in order to intercept the requests and insert that header. As soon as I pass requestHeaders to the callback parameter, cookies in the iframe stop working.

in main.js:

import { remote } from 'electron'
// the constant MY_URL used below contains the extarnal URL
const webRequest = remote.getCurrentWindow().webContents.session.webRequest;
webRequest.onBeforeSendHeaders(
  {
    urls: [`${MY_URL}*`]
  },
  (details, callback) => {
    // I need to clone details.headers, as simply setting
    // details.headers['X-MY-CUSTOM-HEADER']
    // won't work
    let requestHeaders = Object.assign({}, details.headers);
    requestHeaders['X-MY-CUSTOM-HEADER'] = '1'
    // even if I set requestHeaders to details.headers, the issue persists.
    // only removing the requestHeaders property from the object below will make it work again:
    callback({ cancel: false, requestHeaders });
  },
  ['blocking', 'requestHeaders']  // doesn't make a difference,
  // and I didn't find anything cookie-related for the "extraInfoSpec" argument
);

PHP Script at the target URL:

<?php
session_start();
var_dump(session_id());
var_dump($_COOKIE);
exit;
?>

The (pseudo-)output of that script on every refresh of the app or iframe is this:

string(26) "(random PHP session ID different on every call here)" array(0) { }

If I remove the requestHeaders property from the callback argument in main.js above, the output is as desired: the PHP session ID stays the same and any cookies the target site sets persist. That's how I know that it's not an issue on the PHP side. I can also rule out that the X-MY-CUSTOM-HEADER itself is interfering, as even when not changing the headers at all (see code comments), the issue remains.

Am I missing something or is this a bug in electron? Is there any way around this?

Solution

  • It turned out to be a rather stupid mistake, but as it's quite hard to find any good documentation about this API, I'd tend to not close this as a simple typo, as I think it might be of help to others.

    The details object has a headers property and a requestHeaders property. I'm actually not sure what the difference is, as there seem to be some overlappings. I correctly overwrote the requestHeaders, but I did so extending details.headers instead of details.requestHeaders. So all I had to do was changing

    let requestHeaders = Object.assign({}, details.headers);

    to

    let requestHeaders = Object.assign({}, details.requestHeaders);