Browser extensions to automatically alter HTTP headers?
Can I automatically alter/remove/add specific HTTP headers according to criteria such as URL (by regex) and maybe referrer?
EDIT: Alternatively, what local proxy would do this, preferably for free?
I'm primarily interested in Chrome, but this question relates to all browsers. If nothing is available for Chrome I might resort to whatever browser does have a solution.
I have a few sites that I always keep open. I decided to consolidate them into one page by containing each one in an iframe. At least one of the pages I use doesn't like this idea; it apparently sends X-FRAME-OPTIONS: SAMEORIGIN
to protect me from the black hats. I appreciate the gesture, but I'd like to use the data they send me in the way that makes the most sense to me.
So I decided that the simplest way around this is to detect that my page is the referrer (I could put a dummy variable in the iframe's query string if necessary) and strip X-FRAME-OPTIONS from the response so Chrome doesn't realize the page wanted to disable cross-domain embeds.
I tried searching the Chrome Web Store and Google but couldn't find anything. Surely there's something? I know there's Live HTTP Headers in Firefox and similar in Chrome, but that requires that I edit the headers manually. This task should be automated.
Solution 1:
As I mentioned in a comment, there are many local proxies that can accomplish this. A common one is Squid, a caching proxy. Polipo is another one, and apparently lighter than Squid. There are many other options, such as those listed here.
Squid
Their ContentAdaptation wiki article lists different methods of modifying the stream. The simplest is in the squid.conf
configuration file, with request_header_replace
and reply_header_replace
. If you want to remove headers entirely, you can use request_header_access
and reply_header_access
.
In your case, you probably want reply_header_access X-Frame-Options deny all
, which should remove the header. You could also modify it to reply with anything other than SAMEORIGIN
or DENY
, which will allow it as per this SO answer (but this is a special case, and apparently undocumented, so better to just remove it).
Remember, you need to run Squid with the argument/option --enable-http-violations
to use these options.
You may also wish to disable the caching aspect of Squid.
Polipo
The censoredHeaders
variable accepts a list of HTTP headers to block. You can add From, X-Frame-Options
to this list. See here for instructions on configuring Polipo.
There is no clear-cut way to disable caching in Polipo - apparently it doesn't use a buffer in memory, instead always saving to disk. However, you can force it to always request a new page by setting the maxExpiresAge
, maxAge
and maxNoModifiedAge
variables to 0 (maybe 1, if 0 does not work). See here.
Solution 2:
I know you prefer Chrome, but its architecture makes it hard for stuff like this, because they try to isolate things a lot.
A quickie Firefox plugin search found modifyheaders.
As far as proxies go, maybe Fiddler would work.
I haven't tested either of these personally, but both seem like they may do what you want.
Solution 3:
For Chrome, there exists: Ignore X-Frame headers. Working nicely for me!
I'm using https://addons.mozilla.org/en-US/firefox/addon/modify-headers/ on Firefox when I need the same thing - requires some minimal configuration.