Safari technology preview 16.4 adds support for modifyHeaders. While this works for any sites making fetch requests, it doesn't seem to work for any requests initiated by the web extension itself.
For eg, this doesn't work:
browser.declarativeNetRequest.updateDynamicRules({
addRules: [{
"id": 1,
"priority": 1,
"action": {
"type": "modifyHeaders",
"requestHeaders": [
{
"header": "origin",
"operation": "set",
"value": "https://www.bar.com"
}
]
},
"condition": {
// Any URL that the extension has permissions for
"urlFilter": "http://foo.com",
"resourceTypes": ["main_frame", "xmlhttprequest"]
}
}],
})
This also relates to https://developer.apple.com/forums/thread/654839
While extensions can ignore CORS errors, its still important to be able to allow-list a fixed extension origin on the server before serving any requests to the same.
Since the extension GUID changes on every refresh we can't rely on it. There should be a way to change this for requests to an origin that the extension has been granted permissions to.