I have a Chrome extension that downloads Facebook messages to the computer. After the latest update of Chrome (v.74) it stopped working.

I have created a test extension that will help you understand what has happened. So you can either download it from here: test extension or create it from scratch by using the code I provide below.

manifest.json

{"name": "TEST",
"description": "TEST CHROME 74 BROKEN RESPONSE HEADERS",
"version": "1.0",
"manifest_version": 2,    
"permissions": [        
    "https://*.facebook.com/",
    "activeTab",
    "cookies",
    "contextMenus",
    "tabs",
    "webRequest",
    "webRequestBlocking",
    "storage",  
    "https://connect.facebook.net/en_US/all.js" 
],

"web_accessible_resources": [       

],
"background": {
    "scripts": [ "background.js" ]
},
"browser_action": {
    "default_popup": "popup.html"
}}

background.js

chrome.webRequest.onBeforeRequest.addListener(
function(details)
{
    if ((details.url.indexOf('https://www.facebook.com/api/graphql/') !== -1 ||
         details.url.indexOf('https://www.messenger.com/api/graphql/') !== -1 ||
    details.url.indexOf('https://www.facebook.com/api/graphqlbatch/') !== -1 ||
         details.url.indexOf('https://www.messenger.com/api/graphqlbatch/') !== -1)            
        && (details.requestBody.raw || details.requestBody.formData)) {

    var match;

    if (details.requestBody.raw) {
        var decoded = decodeURIComponent(new TextDecoder('utf-8').decode(details.requestBody.raw[0].bytes));
        match = decoded.match(/"(threadFBID|messageThreadID)":"(\d+?)"/);        
    }

    if (details.requestBody.formData) {
        match = details.requestBody.formData.variables[0].match(/"(threadFBID|messageThreadID)":"(\d+?)"/);
    }


    if (match) {
        chrome.storage.local.set({ 'chatID': match[2] }, function(){                               
            chrome.tabs.query({active: true}, function(tabs) {
               chrome.tabs.executeScript(tabs[0].id, {file: "js/jquery-3.1.1.min.js"}, function(){                        
                    chrome.tabs.executeScript(tabs[0].id, { file: "js/dateOptions.js" }, function() {                   
                    }); 

                });    
            });
        });
    }
}

},
{urls: ["https://www.facebook.com/*", "https://www.messenger.com/*"]},
['requestBody']);

dateOptions.js

var load_data = function(token, id) {  

   var url = 'https://www.facebook.com/api/graphqlbatch/';    
   var docId =  '1699057486820841';         
   var dataString = '__user=' + id + '&__a=1&fb_dtsg=' + token;


   dataString +=
   '&queries=%7B%22'
   + 'o0' + '%22%3A%7B%22'  
   + 'doc_id' + '%22%3A%22' + docId + '%22%2C%22'
   + 'query_params' + '%22%3A%7B%22' 
   + 'limit' + '%22%3A' + 50 + '%2C%22' 
   + 'before%22%3A' + null + '%2C%22'
   + 'tags%22%3A%5B%22' + 'INBOX' + '%22%5D%7D%7D%7D';


   $.ajax({                    
       type: 'POST',
       url: url,
       data: dataString,
       dataType: "json",   

       success: function(data){

       },
       error: function(XMLHttpRequest, textStatus, errorThrown) { 

           chrome.storage.local.set({
               'data': XMLHttpRequest.responseText
           });
       }                   
   });   };



var set_id_and_token = function(cb) {
   var scr = document.querySelectorAll("script");
   var myIdSet = false, tokenSet = false;
   // set FB token and owner's id
   for (var i = 0; i < scr.length; i++) {    

       var token = scr[i].textContent.match(/\"token\"\:\"(.*?)\"/);
       if (token) {  
           token = token[1];
           tokenSet = true;
       }

       var id = scr[i].textContent.match(/\"USER_ID\"\:\"(.*?)\"/);
       if (id) {
           id = id[1];
           myIdSet = true;
       }

       if (myIdSet && tokenSet) break;
   }

   cb(token, id);                                                                           
}



chrome.storage.local.get(null, function(items) { 

   set_id_and_token(function(token, id){
       load_data(token, id);
   });    });

You will also need a jquery-3.1.1.min.js file to get AJAX requests running.

So the steps to reproduce the issue:

1. Add the test extension to your Chrome browser.

2. Go to https://www.facebook.com/messages/t/ (you have to be logged in of course)

3. Choose any chat in the Inbox.

4. Open the popup window of the extension.

Now depending on the version of Chrome you will get one of the two outputs.

If you have version 74 and higher:

enter image description here

If you have version before 74:

enter image description here

That is, before the latest update the extension could get the necessary information from Facebook servers.

What I have found so far.

I looked into the requests sent by the extension on these two different versions of Chrome and found the following differences.

In Request headers - difference in origin

Version 74+:

enter image description here

Version below 74:

enter image description here

In Response headers - difference in access-control headers and CSP

Version 74+:

enter image description here

Version below 74:

enter image description here

If anyone can share their ideas on how this can be fixed, I will be grateful.

1 Answers

1
tube-builder On

So while Chrome is working on the bug fix, I have come up with the following solution of overriding the 'origin' request header.

The following code should be put in the background.js:

chrome.webRequest.onBeforeSendHeaders.addListener(
function(details) {
    //details holds all request information. 
    for (var i = 0; i < details.requestHeaders.length; ++i) {
        //Find and change the particular header.
        if (details.requestHeaders[i].name === 'Origin') {

            details.requestHeaders[i].value ="https://www.facebook.com";
            break;
        }
    }
    return { requestHeaders: details.requestHeaders };
},
{urls: ['<all_urls>']},
['blocking', 'requestHeaders']);