09/1
2020
我在 Chrome 扩展里修改了前台页面的请求,把 referer 和 origin 都修改了。但是请求还是因为跨域问题失败了。在失败的错误信息里,看到 origin 是修改之前的原本的 origin。
后来我去看 Chrome 扩展的文档时找到了原因。
https://developer.chrome.com/extensions/webRequest
有这样一段话:
Note: Modifying the Origin request header might not work as intended and may result in unexpected errors in the response's CORS checks. This is because while extensions can only modify the Origin request header, they can't change the request origin or initiator, which is a concept defined in the Fetch spec to represent who initiates the request.
看来,虽然请求里的 origin 被修改了,但是还有个看不到的 request origin
或者 initiator
可以用来判断跨域情况。