The biggest issue right now is that they still haven't implemented an official way to edit the body of a request. However, there is one alternate solution that seems promising.
This solution involves editing the content security policy headers of requests to allow either blob URLs or data URLs to load.
Specifically, I'm trying to edit the "script-src" keyword's section under the "content-security-policy" header by appending "blob:" and "data:" . It then adds a listener to script requests and then redirects them all to a "data:" URL of a blob containing 'console.log("it worked");'.
Currently I am having trouble with the details of implementing this and I would appreciate advice from anyone who knows how CSP headers work better than I do.