Support setting unsafe Chromium headers via DAST_REQUEST_HEADERS

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Problem

Chromium has a list of unsafe headers that are not allowed to be set. This prevents some useful headers such as proxy-authorization from being set via DAST_REQUEST_HEADERS.

Proposal

Possible ways to handle unsafe headers:

  1. [Short term] Document headers that we cannot set, such as proxy-*.
  2. [Short term] Add guard for unsafe headers with a good error message.
  3. Squid can add headers request_header_add X-GoogApps-Allowed-Domains "mycompany.com" all.
  4. Patch Chromium and build locally
  5. Replace Squid with a proxy built into Browserker that would allow modifying outgoing requests from Chromium.

RFH Discussion

Edited by 🤖 GitLab Bot 🤖