Cap-go / capacitor-inappbrowser

Capacitor plugin in app browser with urlChangeEvent
MIT License
69 stars 53 forks source link

Remove x-requested-with from headers #221

Open goranlisak opened 4 hours ago

goranlisak commented 4 hours ago

I need an option to remove "x-requested-with" from headers when using WebView in Android and iOS. Setting an empty string is not enough for me. I would like to remove it completely.

It would be good if the completed feature had an option to remove any of the default headers, but the removal of "x-requested-with" is the priority.

It is also important that this header stays removed even as the user navigates to different URLs.

algora-pbc[bot] commented 4 hours ago

💎 $200 bounty • Goran

Steps to solve:

  1. Start working: Comment /attempt #221 with your implementation plan
  2. Submit work: Create a pull request including /claim #221 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to Cap-go/capacitor-inappbrowser!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @WcaleNieWolny Oct 31, 2024, 11:34:10 AM WIP
riderx commented 3 hours ago

Hey @goranlisak , thanks for the bounty, please give more detail, what is the current value sent? And in what way it's problematic for you ?

goranlisak commented 3 hours ago

Currently the webview sends "x-requested-with" by default and puts app's ID as the value. I can change this value by setting custom headers in openWebView options, but there is no way to completely remove it.

The problem that I experience is that I want to integrate a third party service through OpenID Connect authentication flow, but I automatically get redirected to the error page, instead of the login page. I used HTTP Toolkit to modify the request and found out that when this header is removed, then I get to the login page. Setting empty string, null, false, 0, invalid characters, etc, doesn't work. The only way for it to work is if the header is removed completely.

WcaleNieWolny commented 2 hours ago

I would love to attempt this:

/attempt #221

Algora profile Completed bounties Tech Active attempts Options
@WcaleNieWolny    64 Capgo bounties
+ 2 bounties from 1 project
TypeScript, Java,
Vue & more
Cancel attempt
WcaleNieWolny commented 2 hours ago

One important question: is it ONLY the initial request that needs the “x-requested-with” header to be removed or is it all requests to this service/web page?

goranlisak commented 2 hours ago

@WcaleNieWolny thank you for attempting to solve this.

It is all request. There's a few redirects in the login flow and this header needs to be removed from all of them.