echokit

Feature: Global Request Headers

๐ŸŽฏ Product Vision

Allow developers to inject custom headers into all outgoing requests (both real traffic and mocked responses) without modifying per-API configurations. This empowers developers to:


๐Ÿ“Š User Stories

  1. As a frontend developer, I want to add a global Authorization header so I can test with different user tokens without editing each API individually.

  2. As a QA engineer, I want to override the X-Tenant-ID header globally to test multi-tenant scenarios without changing application code.

  3. As a backend developer, I want to inject custom headers to simulate feature flags or A/B test cohorts.

  4. As a security tester, I want to remove certain headers (like cookies or tracking IDs) globally to test auth fallback mechanisms.


๐Ÿ—๏ธ Technical Design

Data Structure

Add a new requestHeaders array to settings:

settings = {
  corsOverride: false,
  scope: 'domain',
  theme: 'dark',
  autoOpenOnRefresh: true,
  blocklist: [],
  rewriteRules: [],
  transformRules: [],
  requestHeaders: [  // NEW
    {
      key: 'Authorization',
      value: 'Bearer abc123...',
      mode: 'add',      // 'add' | 'override' | 'remove'
      enabled: true,
      urlPattern: '',   // blank = apply to all URLs, or substring match
    }
  ]
}

Header Modes

  1. add โ€” Add header if it doesnโ€™t exist (leave existing values untouched)
  2. override โ€” Set header value (replace if exists, add if doesnโ€™t)
  3. remove โ€” Delete the header from the request

Application Points

Real Requests (fetch/XHR):

Mocked Responses (when mocking is on):

Recording:


๐ŸŽจ UI/UX Design

Settings Panel Addition

Add a new section: โ€œGlobal Request Headersโ€

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Global Request Headers                                  โ”‚
โ”‚ Inject, override, or remove headers on ALL requests    โ”‚
โ”‚                                                          โ”‚
โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”  โ”‚
โ”‚ โ”‚ Header Name โ”‚ Value        โ”‚ Mode     โ”‚ URL โ”‚ โœ“  โ”‚  โ”‚
โ”‚ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”ค  โ”‚
โ”‚ โ”‚ Authorizationโ”‚ Bearer abc123โ”‚ override โ”‚     โ”‚ โœ“  โ”‚  โ”‚
โ”‚ โ”‚ X-Tenant-ID โ”‚ tenant-42    โ”‚ add      โ”‚ /apiโ”‚ โœ“  โ”‚  โ”‚
โ”‚ โ”‚ X-Debug     โ”‚              โ”‚ remove   โ”‚     โ”‚ โœ“  โ”‚  โ”‚
โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”˜  โ”‚
โ”‚                                                          โ”‚
โ”‚ [+ Add Request Header]                                  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Columns:


๐Ÿ”ง Implementation Plan

Phase 1: Backend Logic (injected.js)

  1. Add state.requestHeaders to the injected script state
  2. Create applyRequestHeaders(headers, url) function
    • Similar pattern to applyResponseTransforms()
    • Takes existing headers object, applies rules, returns modified headers
  3. Apply in fetch hook:
    // Before: res = await origFetch(input, init);
    // After:
    const modifiedHeaders = applyRequestHeaders(reqHeaders, url);
    const modifiedInit = { ...init, headers: modifiedHeaders };
    res = await origFetch(input, modifiedInit);
    
  4. Apply in XHR hook:
    • Override XHR.prototype.send to inject headers before calling origSend()

Phase 2: Settings Storage & Sync

  1. Update default settings in background.js:
    let settings = {
      // ... existing
      requestHeaders: []
    };
    
  2. Push to tabs in pushTabMeta():
    safeSend(tabId, { 
      type: 'echokit:tabState', 
      payload: { 
        ...st, 
        requestHeaders: settings.requestHeaders || [] 
      } 
    });
    

Phase 3: UI (shared/app.js)

  1. Add settings section in renderSettings()
  2. Add event handlers for:
    • rh-key, rh-value, rh-mode, rh-url, rh-toggle, rh-remove, rh-add
  3. Validation:
    • Warn if header name is empty
    • Show hint that remove mode doesnโ€™t need a value

Phase 4: Testing & Documentation

  1. Smoke test in tests/smoke_echokit.py:
    • Add request header via settings
    • Trigger a real request
    • Verify header is present in the recorded interaction
  2. Update README.md and PRD.md
  3. CLI support (optional): Add --request-headers flag to echokit-server

๐Ÿš€ Developer Benefits

โœ… Why This Is Super Helpful

  1. No Code Changes: Add headers without touching app code or environment variables
  2. Fast Iteration: Toggle headers on/off instantly via UI
  3. Per-Environment Testing: Different header sets for dev/staging/prod
  4. Multi-Tenant Testing: Switch tenant IDs with one click
  5. Security Testing: Remove auth headers to test fallback behavior
  6. Feature Flag Simulation: Inject X-Feature-Flag to test unreleased features
  7. URL-Scoped Rules: Apply headers only to specific API paths
  8. Export/Import: Share header configurations with teammates via JSON export

๐ŸŽ“ Example Use Cases

Use Case 1: Testing with Different User Tokens

// Add global header
{ key: 'Authorization', value: 'Bearer user-123-token', mode: 'override', enabled: true }

// All requests now include this header
// Switch to different user by changing value to 'Bearer user-456-token'

Use Case 2: Multi-Tenant Testing

// Switch between tenants instantly
{ key: 'X-Tenant-ID', value: 'tenant-A', mode: 'override', urlPattern: '/api', enabled: true }

// Disable rule, enable a different one for tenant-B
{ key: 'X-Tenant-ID', value: 'tenant-B', mode: 'override', urlPattern: '/api', enabled: false }

Use Case 3: Remove Tracking Headers

// Remove analytics headers for cleaner testing
{ key: 'X-Client-ID', mode: 'remove', enabled: true }
{ key: 'X-Session-ID', mode: 'remove', enabled: true }

๐Ÿ“ˆ Success Metrics


๐Ÿ”ฎ Future Enhancements

  1. Variables/Templating: Support `` syntax in header values
  2. Header Presets: Save/load common header sets (e.g., โ€œMobile Userโ€, โ€œAdmin Userโ€)
  3. Conditional Headers: Apply headers based on request method or response status
  4. Request Body Modification: Similar global rules for modifying request bodies
  5. Import from .env: Auto-populate headers from environment files