-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the Declarative Net Request API #59
base: main
Are you sure you want to change the base?
Conversation
That is amazing, but I am very concerned about requirement for token. Setting up the extension is already hard as it is and this may be over the top. If it is necessary for this method to work could the extension autoamtically fill it (provided the user is logged into their Kagi account?) Also what kind of permissions this approach requires? |
I've thought about this and experimented a bit. I've found that:
|
I explored an approach where the popover could temporarily request the This is not possible because Safari does not return HTTPOnly cookies. So even with the |
What I have discovered (but isn't spelt out in the documentation) is that when you use a Redirect Rule with the Declarative Net Request API it won't use any cookies that would otherwise be in the request if the user had initiated it manually. For example, consider the two scenarios: a. A user navigates directly to In the first case the browser looks up the cookies stored for This ties our hands with regards to needing to know the the token beforehand, and the dance is not so straightforward:
We need to do it this way because if we didn't inject it in (1.) Kagi would redirect to No token injection Token injected as query parameter only Token injected as query parameter and cookie |
…tter). Minor cleanup for the background script.
@LukeChannings thanks for this PR and the research! I've got a POC in development around using this DNR api that I haven't finished yet, but I've got some learnings I can share:
I'll be sharing my POC within the next 2 days, but I'd like to keep this PR open so we can learn from each other and figure out the best solution for using the DNR api in the Kagi extension. |
I really didn't expect this PR to get merged since there are outstanding UX and testing problems. I hope it can be helpful for your implementation.
This is strange. Does it attach cookies after 3 redirects? I tried variations and wasn't able to get Safari to send cookies with any redirect, I'll try with
Nope. There isn't a support note on MDN like there is for HTTPOnly, but my next step would be to verify the behaviour is unique to Safari and I was too lazy to do that. Could be a bug.
This makes sense if you need to handle all TLDs as well. I needed to use
I'll be happy to test your POC when it's ready, no rush. I continue running my PR both on macOS and iOS, I'll update if any issues surface. So far I have had a smooth experience. |
The behavior where the cookies aren't being attached when redirected, I'm guessing has something to do with the
This would also explain why redirects from |
Why would cookies not be attached when redirecting from |
Great to see all the discussion and research here!
@workwithnano you might be able to reduce permissions further by making |
I've pushed a PR to #60 with the fewest permissions and fewest chances for bugs I could manage. @metaeaux making @LukeChannings @applefreak the issue of the token as a query parameter not turning into a Set-Cookie before redirecting to the search query is a head scratcher. Luckily, having the cookie addition rule does the trick. The remaining issue to resolve is allowing a |
Not a lot of users would have a country specific bang so this should not be too much of an issue. Anyway can we check referrer to see if it is Kagi, while deciding to redirect? |
Hey!
This is a change request to use the Declarative Net Request API using dynamic rules defined in the background script.
Cons:
Pros: