chrome-devtools-java-client omit the origin header when connecting the websocket

omit the origin header when connecting the websocket

Open sixcorners opened this issue 10 months ago • 0 comments

Setting remote-allow-origins sucks. If you set it to * I think that is very insecure. Selenium doesn't need this. The way to not have to set it is to not send the origin header.

// pass this to .connectToServer()
ClientEndpointConfig.Builder.create()
  .configurator(
      new ClientEndpointConfig.Configurator() {
        @Override
        public void beforeRequest(Map<String, List<String>> headers) {
          headers.remove("Origin");
        }
      })
  .build()

Feb 10 '25 03:02 sixcorners

chrome-devtools-java-client chrome-devtools-java-client copied to clipboard

omit the origin header when connecting the websocket

chrome-devtools-java-client
chrome-devtools-java-client copied to clipboard