Open goranlisak opened 4 hours ago
/attempt #221
with your implementation plan/claim #221
in the PR body to claim the bountyThank you for contributing to Cap-go/capacitor-inappbrowser!
Add a bounty • Share on socials
Attempt | Started (GMT+0) | Solution |
---|---|---|
🟢 @WcaleNieWolny | Oct 31, 2024, 11:34:10 AM | WIP |
Hey @goranlisak , thanks for the bounty, please give more detail, what is the current value sent? And in what way it's problematic for you ?
Currently the webview sends "x-requested-with" by default and puts app's ID as the value. I can change this value by setting custom headers in openWebView
options, but there is no way to completely remove it.
The problem that I experience is that I want to integrate a third party service through OpenID Connect authentication flow, but I automatically get redirected to the error page, instead of the login page. I used HTTP Toolkit to modify the request and found out that when this header is removed, then I get to the login page. Setting empty string, null, false, 0, invalid characters, etc, doesn't work. The only way for it to work is if the header is removed completely.
I would love to attempt this:
/attempt #221
Algora profile | Completed bounties | Tech | Active attempts | Options |
---|---|---|---|---|
@WcaleNieWolny | 64 Capgo bounties + 2 bounties from 1 project |
TypeScript, Java, Vue & more |
Cancel attempt |
One important question: is it ONLY the initial request that needs the “x-requested-with” header to be removed or is it all requests to this service/web page?
@WcaleNieWolny thank you for attempting to solve this.
It is all request. There's a few redirects in the login flow and this header needs to be removed from all of them.
I need an option to remove "x-requested-with" from headers when using WebView in Android and iOS. Setting an empty string is not enough for me. I would like to remove it completely.
It would be good if the completed feature had an option to remove any of the default headers, but the removal of "x-requested-with" is the priority.
It is also important that this header stays removed even as the user navigates to different URLs.