search

chrome-php / chrome

Instrument headless chrome/chromium instances from PHP
MIT License
2.26k stars 276 forks source link

unable to remove sec-fetch headers... #517

Open ayd-is opened 1 year ago

ayd-is commented 1 year ago

inability to remove headers by type: sec-fetc...

I tried to block them by intercepting requests - but nothing happens

they cannot be blocked or deleted, is this normal?

how can I do it?

$blockedHeaders = [
"sec-fetch-dest",
"sec-fetch-mode",
"Sec-Fetch-Mode",
"sec-fetch-site",
"Sec-Fetch-Site",
"sec-fetch-user",
"sec-ch-ua",
"sec-ch-ua-platform",
"sec-ch-ua-mobile",
"Upgrade-Insecure-Requests"
];

$page->getSession()->sendMessageSync(new HeadlessChromium\Communication\Message('Network.enable'));
$page->getSession()->sendMessageSync(new HeadlessChromium\Communication\Message('Network.setRequestInterception', ['patterns' => [['urlPattern' => '*']]]));

// interception listener
$page->getSession()->on('method:Network.requestIntercepted', function ($event) use ($page, $blockedHeaders) {
$interceptionId = $event['interceptionId'];
$request = $event['request'];

$headers = $request['headers'];
foreach ($headers as $header => $value) {
if (in_array(strtolower($header), array_map('strtolower', $blockedHeaders))) {
unset($headers[$header]);
}
}

$page->getSession()->sendMessageSync(new HeadlessChromium\Communication\Message('Network.continueInterceptedRequest', [
'interceptionId' => $interceptionId,
'headers' => $headers
]));
});

I even tried injecting the extension with code, injecting it into flags before launching:

'--disable-extensions-except=/opt/google/chrome/extensions/headerblockersss', '--load-extension=/opt/google/chrome/extensions/headerblockersss',

but as I understand it, you can't use extensions in any way :(

enricodias commented 1 year ago

I believe you cannot modify sec, it is in the forbidden headers list. This is basically a list of headers that cannot be modified.

ayd-is commented 1 year ago

I believe you cannot modify sec, it is in the forbidden headers list. This is basically a list of headers that cannot be modified.

i need to use Safari ios user-agent:

Mozilla/5.0 (iPhone; CPU iPhone OS 15_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1

it's a Safari browser that doesn't support sec -... headers... is there any experimental way?

enricodias commented 1 year ago

You can change the user agent, but won't be able to change the forbidden headers. I'm not aware of any workaround to make this possible.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because there has been no recent activity. It will be closed after 30 days if no further activity occurs. Thank you for your contributions.