Level 1
I think I have achieved success. I will continue building and see if I run into any roadblocks. But my extension can now get CSRF Token, login, and hit API endpoints.
The extension manifest.json (V3) must contain:
"permissions": [
"cookies",
"declarativeNetRequest"
],
"declarative_net_request": {
"rule_resources": [
{
"id": "ruleset_1",
"enabled": true,
"path": "rules.json"
}
]
},
"host_permissions": [
"https://example.test/*"
],
The rules.json must contain:
[
{
"id": 1,
"priority": 1,
"action": {
"type": "modifyHeaders",
"requestHeaders": [
{
"header": "Origin",
"operation": "set",
"value": "https://example.test"
}
]
},
"condition": {
"urlFilter": "||example.test",
"resourceTypes": [
"xmlhttprequest"
]
}
}
]
And the auth code must be in an extension script, such as background or popup.
const userInfo = async () => {
const response = await fetch('https://example.test/sanctum/csrf-cookie');
if (response.ok) {
const xsrfToken = await chrome.cookies.get({url: 'https://example.test', name: 'XSRF-TOKEN'});
const login = await fetch('https://example.test/api/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-XSRF-TOKEN': decodeURIComponent(xsrfToken.value)
},
body: JSON.stringify({
email: '[email protected]',
password: 'password'
})
});
return (await fetch('https://example.test/api/user')).json();
} else {
return JSON.stringify({error: 'Failed to fetch data: ' + response.statusText});
}
}
userInfo().then(data => console.log('User info', data));