Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Referer header not working #54

Open
Rub3nCT opened this issue May 1, 2020 · 4 comments
Open

Referer header not working #54

Rub3nCT opened this issue May 1, 2020 · 4 comments

Comments

@Rub3nCT
Copy link

Rub3nCT commented May 1, 2020

add_header method is not working fine with Referer parameter, also tested with User-Agent and seems to be working fine.

$mech->add_header( Referer => $ref );

reload method is also crashing with ignoreCache option. Is working fine without ignoreCache option.

$mech->reload( ignoreCache => 1 );

Throws:

Uncaught exception from user code:
        Invalid parameters
        ignoreCache: boolean value expected
        -32602 at ... Chrome/DevToolsProtocol/Target.pm line 460

Test code attached comparing WWW::Mechanize and WWW::Mechanize::Chrome results.
test.zip
@Corion
Copy link
Owner

Corion commented May 1, 2020

Thank you very much for reporting the issues!

I think Chrome since v63+ does not send the Referer header anymore.

I'll look at the ignoreCache method and add a proper test for that.

Corion pushed a commit that referenced this issue May 1, 2020
Properly cast ignoreCache to JSON::true or JSON::false
eaee005 
This addresses GH issue #54 reported by Rub3nCT
@Rub3nCT
Copy link
Author

Rub3nCT commented May 1, 2020

Maybe this will help with Referer header:

Starting from Chrome 79, request header modifications affect Cross-Origin Resource Sharing (CORS) checks. If modified headers for cross-origin requests do not meet the criteria, it will result in sending a CORS preflight to ask the server if such headers can be accepted. If you really need to modify headers in a way to violate the CORS protocol, you need to specify 'extraHeaders' in opt_extraInfoSpec. On the other hand, response header modifications do not work to deceive CORS checks. If you need to deceive the CORS protocol, you also need to specify 'extraHeaders' for the response modifications.

Starting from Chrome 79, the webRequest API does not intercept CORS preflight requests and responses by default. A CORS preflight for a request URL is visible to an extension if there is a listener with 'extraHeaders' specified in opt_extraInfoSpec for the request URL. onBeforeRequest can also take 'extraHeaders' from Chrome 79.

Starting from Chrome 79, the following request header is not provided and cannot be modified or removed without specifying 'extraHeaders' in opt_extraInfoSpec:

  • Origin

Starting from Chrome 72, if you need to modify responses before Cross Origin Read Blocking (CORB) can block the response, you need to specify 'extraHeaders' in opt_extraInfpSpec.

Starting from Chrome 72, the following request headers are not provided and cannot be modified or removed without specifying 'extraHeaders' in opt_extraInfoSpec:

  • Accept-Language
  • Accept-Encoding
  • Referer
  • Cookie

Starting from Chrome 72, the Set-Cookie response header is not provided and cannot be modified or removed without specifying 'extraHeaders' in opt_extraInfoSpec.

Source: https://developer.chrome.com/extensions/webRequest

@Corion
Copy link
Owner

Corion commented May 1, 2020

Thank you for the link, but I don't see how it applies to the situation. The Referer header is not settable/addable since at least Chrome version 63, so the linked documentation does not seem to apply to the situation.

@Corion
Copy link
Owner

Corion commented May 3, 2020

See https://bugs.chromium.org/p/chromium/issues/detail?id=849972 for the corresponding Chromium bug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Corion @Rub3nCT