Native Chrome extension hooks are not enough for this use case because they can observe/block requests, but they don’t let us inspect response bodies, so this prototype injects into the page, captures fetch / XHR, forwards request/response data from every tab/frame through a hidden iframe bridge into a single SharedWorker, and runs inspection there.
For fetch, this seems more reasonable since streams can be transferred/processed more cleanly. For XMLHttpRequest, text responses may require copying, so in those cases it may effectively mean ~2x memory.
Main use case is DLP / browser security, where the goal is one shared inspection engine across tabs and frames. Curious what people think about the performance implications of this model.
Also, this prototype was generated in ~40 minutes with AI, so please don’t judge too harshly :)