- From: JoshiPriyanka92 <notifications@github.com>
- Date: Wed, 27 Jul 2022 05:47:33 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/1654@github.com>
Trying to intercept HTTPS traffic with SW but saw behavior for which couldn't find any documentation HTTPS Proxy used: Fiddler Test Application Instance: Box **Behavior 1:** Able to add a test header `test: SW` with the service worker for a request that has an origin header even though the request is cross-site. ``` GET https://cdn01.boxcdn.net/enduser/uploads-manager-enduser.cef7c6a861.js HTTP/1.1 Host: cdn01.boxcdn.net Connection: keep-alive sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103" Origin: https://demodeepak.app.box.com/ sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: */* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://demodeepak.app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 test: SW ``` **Behavior 2:** Unable to add the same test header with the service worker for a request that does not have an origin header and the request is cross-site. ``` GET https://dl.boxcloud.com/zip_download/zip_download?ProgressReportingKey=2A124336F0C2E2B206709C5F26FAEE86&d=123548616116&ZipFileName=boxnote%20rproxy.zip&Timestamp=1658732956&AuthCode=dQLo4nEqSPrS7CHyBuq6MhRsBIymdpF6&HMAC2=07bdc53a6ae389a2b253e4caab9d3b482fc69d67d30efc7ec4503968f3dd1243 HTTP/1.1 Host: dl.boxcloud.com Connection: keep-alive sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://demodeepak.app.box.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 ``` Can anybody help me understand what is the expected behavior -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1654 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1654@github.com>
Received on Wednesday, 27 July 2022 12:47:45 UTC