I have an iframe in an electron app (v6.1.2) that loads an external URL. I need to load that URL with a custom header, therefore I use webRequest.onBeforeSendHeaders() in order to intercept the requests and insert that header. As soon as I pass requestHeaders to the callback parameter, cookies in the iframe stop working.
in main.js:
import { remote } from 'electron'
// the constant MY_URL used below contains the extarnal URL
const webRequest = remote.getCurrentWindow().webContents.session.webRequest;
webRequest.onBeforeSendHeaders(
{
urls: [`${MY_URL}*`]
},
(details, callback) => {
// I need to clone details.headers, as simply setting
// details.headers['X-MY-CUSTOM-HEADER']
// won't work
let requestHeaders = Object.assign({}, details.headers);
requestHeaders['X-MY-CUSTOM-HEADER'] = '1'
// even if I set requestHeaders to details.headers, the issue persists.
// only removing the requestHeaders property from the object below will make it work again:
callback({ cancel: false, requestHeaders });
},
['blocking', 'requestHeaders'] // doesn't make a difference,
// and I didn't find anything cookie-related for the "extraInfoSpec" argument
);
PHP Script at the target URL:
<?php
session_start();
var_dump(session_id());
var_dump($_COOKIE);
exit;
?>
The (pseudo-)output of that script on every refresh of the app or iframe is this:
string(26) "(random PHP session ID different on every call here)" array(0) { }
If I remove the requestHeaders property from the callback argument in main.js above, the output is as desired: the PHP session ID stays the same and any cookies the target site sets persist. That's how I know that it's not an issue on the PHP side. I can also rule out that the X-MY-CUSTOM-HEADER itself is interfering, as even when not changing the headers at all (see code comments), the issue remains.
Am I missing something or is this a bug in electron? Is there any way around this?
