Browser extensions to automatically alter HTTP headers?

http browser-addons

Can I automatically alter/remove/add specific HTTP headers according to criteria such as URL (by regex) and maybe referrer?

EDIT: Alternatively, what local proxy would do this, preferably for free?

I'm primarily interested in Chrome, but this question relates to all browsers. If nothing is available for Chrome I might resort to whatever browser does have a solution.

I have a few sites that I always keep open. I decided to consolidate them into one page by containing each one in an iframe. At least one of the pages I use doesn't like this idea; it apparently sends X-FRAME-OPTIONS: SAMEORIGIN to protect me from the black hats. I appreciate the gesture, but I'd like to use the data they send me in the way that makes the most sense to me.

So I decided that the simplest way around this is to detect that my page is the referrer (I could put a dummy variable in the iframe's query string if necessary) and strip X-FRAME-OPTIONS from the response so Chrome doesn't realize the page wanted to disable cross-domain embeds.

I tried searching the Chrome Web Store and Google but couldn't find anything. Surely there's something? I know there's Live HTTP Headers in Firefox and similar in Chrome, but that requires that I edit the headers manually. This task should be automated.


Solution 1:

As I mentioned in a comment, there are many local proxies that can accomplish this. A common one is Squid, a caching proxy. Polipo is another one, and apparently lighter than Squid. There are many other options, such as those listed here.

Squid

Their ContentAdaptation wiki article lists different methods of modifying the stream. The simplest is in the squid.conf configuration file, with request_header_replace and reply_header_replace. If you want to remove headers entirely, you can use request_header_access and reply_header_access.

In your case, you probably want reply_header_access X-Frame-Options deny all, which should remove the header. You could also modify it to reply with anything other than SAMEORIGIN or DENY, which will allow it as per this SO answer (but this is a special case, and apparently undocumented, so better to just remove it).

Remember, you need to run Squid with the argument/option --enable-http-violations to use these options.

You may also wish to disable the caching aspect of Squid.

Polipo

The censoredHeaders variable accepts a list of HTTP headers to block. You can add From, X-Frame-Options to this list. See here for instructions on configuring Polipo.

There is no clear-cut way to disable caching in Polipo - apparently it doesn't use a buffer in memory, instead always saving to disk. However, you can force it to always request a new page by setting the maxExpiresAge, maxAge and maxNoModifiedAge variables to 0 (maybe 1, if 0 does not work). See here.

Solution 2:

I know you prefer Chrome, but its architecture makes it hard for stuff like this, because they try to isolate things a lot.

A quickie Firefox plugin search found modifyheaders.

As far as proxies go, maybe Fiddler would work.

I haven't tested either of these personally, but both seem like they may do what you want.

Solution 3:

For Chrome, there exists: Ignore X-Frame headers. Working nicely for me!

I'm using https://addons.mozilla.org/en-US/firefox/addon/modify-headers/ on Firefox when I need the same thing - requires some minimal configuration.

Related

How do I troubleshoot random rebooting?
Firefox keeps setting start page to firefox starting page after I blank it
Windows 7 Windows XP mode cannot run - it says "Require Hardware Assisted Virtualization"
WEI rating for Windows XP machine
Understanding file permissions
Power cycles on/off 3 times before booting properly from cold start, no other issues (New System)
Install Ubuntu on MacBook Pro
Windows explorer displaying wrong free space
resume a file using curl or wget?
How to resolve error 0xc000000e
How full is too full for mechanical hard drives? [closed]
Why is there electricity flowing through my VGA and other connectors?