freedom-xhr is an XMLHttpRequest
drop-in replacement using
core.tcpsocket
or core.xhr
for freedom.js apps. It exposes the XMLHttpRequest
2.0 API, including support for HTTPS, ArrayBuffers, and Blobs.
Some uses for this module include
- Performing XMLHttpRequests from a nodejs child process
- Unifying cookie storage among freedom modules
- Performing spec-violating HTTP requests (if the core environment has sufficient permissions)
- e.g. domain fronting, cookie forgery
- Install with NPM:
npm install freedom-xhr
freedom-xhr supports domain-fronting, i.e. setting a Host: header that does not match the destination domain. This is not allowed by ordinary browser XHR.
Applications can invoke this function directly, using setRequestHeader
.
However, this can be inconvenient, especially if XHR is being used via a
third-party library that is not aware of domain-fronting. Therefore,
freedom-xhr also supports transparent domain fronting, using URLs with a domain
of the form
dns.and.sni.part.secret.inner.domain.4.domainfront
For more information on the format, see the frontdomain package.
To use freedom-xhr for all requests, you can just overwrite the global XMLHttpRequest constructor:
XMLHttpRequest = require('freedom-xhr').coretcpsocket;
All requests will now be routed through the freedom core's TCP sockets, using an HTTP client written in pure Javascript. To use the core environment's XHR, you can instead write
XMLHttpRequest = require('freedom-xhr').corexhr;
This project uses Grunt. If you haven't used Grunt before, be sure to check out the Getting Started guide.
Function | Command | Description |
---|---|---|
Build | grunt build |
Compiles. |
Tests | grunt test |
Runs tests. |
Licensed under the MIT license. Maintained by @bemasc.
Derived from chrome.sockets.tcp.xhr by @ahmadnassri
- Twitter: @AhmadNassri
- Website: ahmadnassri.com