Cache Partitioning, HTTP Cache Management, and Conditional DNR Rule Application

[jaissam10]

Hi Team,

My use case is depicted below:

We have an extension that, when a PDF URL is loaded, inserts an iframe containing our web-accessible resource (an extension HTML page). This page then creates another iframe that loads our React application hosted on a domain, such as https://abc.com/index.html.

When a user opens a PDF URL, like https://pdfobject.com/pdf/sample.pdf, two iframes are embedded in the page—the first being our extension page and the second being our React application. These two iframes communicate with each other via postMessage.

To explain further: If I open a PDF, like https://pdfobject.com/pdf/sample.pdf, the top-level site (PDF URL) is dynamic. We then insert our iframe (web_accessible_resource), i.e., (chrome-extension://id/viewer.html). Inside this, we load a nested iframe URL of CDN. So, there will be two nested iframes—one for chrome-extension:///index.html and another for https://abc.com/index.html. (this is our hosted cdn)
Reference image:

I am facing cookies and storage partitioning issues.

For cookie partitioning/blocking, I am addressing the issue using the chrome.cookies API along with DeclarativeNetRequest.

Q1. Due to storage partitioning, a service worker gets registered every time a new PDF is opened (assuming the domain is considered new), and its cache storage is also partitioned, preventing reuse.
How can this be resolved or made unpartitioned?
Is there an API, similar to chrome.cookies, that allows setting cache storage on the browser domain (either partitioned or unpartitioned)?

Q2. The HTTP cache is also partitioned, causing a network request every time a new PDF is opened.
How can we address this? Is there an existing API to manage the HTTP cache, or can you suggest a way to make it unpartitioned?

Q3. I am applying a DeclarativeNetRequest (DNR) rule to modify the request header to send cookies from the extension. However, I want to apply the DNR rule specifically for my website (for my client), as we have other clients making similar requests. I'm trying to find a way to limit the rule's application to my client only.
For example, I have the https://abc.com/api/getUser API, and both my extension and another website are initiating requests to this endpoint. I want to add a condition based on the request header to differentiate between the clients.

Is there an existing solution for this? If not, is it possible to implement such a check in dynamic Rule?