echokit

Global Request Headers - Changelog

Feature Overview

Global Request Headers allows developers to inject, override, or remove HTTP headers on all outgoing requests without code changes. This feature is perfect for:


What’s New

🎯 Core Functionality

Settings Panel: Global Request Headers

📝 Data Structure

{
  key: 'Authorization',           // Header name
  value: 'Bearer token-123',      // Header value (not needed for 'remove')
  mode: 'override',               // 'add' | 'override' | 'remove'
  urlPattern: '/api',             // Optional URL filter (blank = all)
  enabled: true                   // Enable/disable toggle
}

🔧 Header Modes

  1. add - Add header only if it doesn’t already exist
  2. override - Set header value (replace if exists, add if doesn’t) - DEFAULT
  3. remove - Delete the header from the request

🎯 URL Filtering


Files Modified

1. extension/background.js

2. extension/shared/app.js

3. extension/injected.js

4. tests/smoke_echokit.py

5. memory/PRD.md


How It Works

Architecture Flow

User configures in Settings
         ↓
Background service worker stores in chrome.storage.local
         ↓
Injected script receives state update via postMessage
         ↓
applyRequestHeaders() modifies headers
         ↓
fetch/XHR executes with modified headers
         ↓
Modified headers are recorded in interactions

Application Logic

// In injected.js
function applyRequestHeaders(headers, url) {
  const rules = (state.requestHeaders || []).filter(r => r.enabled !== false);
  if (!rules.length) return headers;
  
  let modified = { ...headers };
  
  for (const rule of rules) {
    // URL pattern filtering
    if (rule.urlPattern && !url.includes(rule.urlPattern)) continue;
    
    const key = rule.key || '';
    if (!key) continue;
    
    if (rule.mode === 'add') {
      // Only add if header doesn't exist
      if (!(key in modified)) {
        modified[key] = rule.value || '';
      }
    } else if (rule.mode === 'override' || !rule.mode) {
      // Set header (default mode)
      modified[key] = rule.value || '';
    } else if (rule.mode === 'remove') {
      // Delete header
      delete modified[key];
    }
  }
  
  return modified;
}

Usage Examples

Example 1: Add Auth Token

{
  "key": "Authorization",
  "value": "Bearer eyJhbGciOiJIUzI1NiIs...",
  "mode": "override",
  "urlPattern": "/api",
  "enabled": true
}

Result: All requests to URLs containing “/api” will have this Authorization header.

Example 2: Multi-Tenant Testing

[
  {
    "key": "X-Tenant-ID",
    "value": "tenant-a",
    "mode": "override",
    "urlPattern": "",
    "enabled": true
  },
  {
    "key": "X-Tenant-ID",
    "value": "tenant-b",
    "mode": "override",
    "urlPattern": "",
    "enabled": false
  }
]

Usage: Toggle between tenants by enabling/disabling rules.

Example 3: Feature Flags

{
  "key": "X-Feature-Flags",
  "value": "new-checkout,beta-ui",
  "mode": "add",
  "urlPattern": "",
  "enabled": true
}

Result: Adds feature flag header to all requests (only if app doesn’t already send it).

Example 4: Remove Tracking Headers

[
  {
    "key": "X-Client-ID",
    "mode": "remove",
    "enabled": true
  },
  {
    "key": "X-Session-ID",
    "mode": "remove",
    "enabled": true
  }
]

Result: Strips tracking headers from all requests for clean testing.


Testing

Manual Testing Checklist

Automated Test

Run: python3 tests/smoke_echokit.py

Test validates:


Migration Notes

Existing Users

Export/Import Compatibility


Future Enhancements

  1. Variable Substitution: Support `` in header values
  2. Header Presets: Save/load common header sets
  3. Conditional Rules: Apply headers based on method, status, etc.
  4. Header Profiles: “Mobile User”, “Admin User”, etc.
  5. CLI Support: echokit-server --request-headers

Troubleshooting

Headers not applying?

Header has wrong value?


Documentation

See additional documentation in /memory/:


Version: 1.7.0
Released: [Date TBD]
Status: ✅ Ready for PR