Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chrome ignores Set-Cookie response headers from XMLHttpRequest within extension

Tags:

javascript

xmlhttprequest

cookies

google-chrome-extension

setcookie

I have a background page in a Chrome extension that makes requests to a server. By using Chrome's debugging tools I can see that various Set-Cookie headers are returned. However, subsequent requests do not contain these cookies - Chrome seems to throw them away. This results in each request made to the server being counted as a new session.

Server-side I have the following headers set:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");

Client-side I have withCredentials = true set on the XMLHttpRequest object.

I also have the address of the server within the permissions section of the extension manifest.

I feel that I'm very close to a solution here - the server is responding with the correct headers but I can't quite work out why Chrome decides not to store the cookies.

Is there something else I need to set in the headers, XMLHttpRequest object or manifest? Or is this just not possible?

like image 507
kanassa Avatar asked Jul 02 '11 13:07

kanassa

People also ask

Why is cookie not being set?

If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.

Is set-cookie a response header?

The HTTP header Set-Cookie is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user. Note: Using multiple directives are also possible.

How do I get the response header cookie?

Just set the Set-Cookie header in the response from the server side code. The browser should save it automatically. As a developer, you may be able to inspect the value of the cookies using "Developer Tools". And the same cookie will be sent in subsequent requests to the same domain, until the cookie expires.

1 Answers

I finally worked this one out. The trick is to put the "cookies" permission into the extension manifest. That's not obvious because the Chrome Extension documentation states only that it's required if you're using the chrome.cookies API - I'm not.

You also have to enable third party cookies. So I may need a totally different solution as enabling third party cookies is not something I want to be recommending.

like image 81
kanassa Avatar answered Sep 20 '22 10:09

kanassa
Sign in to Comment

Related questions

"Editing" user text on the fly?
zen-coding: ability to ascend the DOM tree using ^
Callback for month, week, day title bar button clicks?
Preloading HTML5 Audio in Mobile Safari
How do you return from two functions deep in JavaScript
Events ending too early when 15 minute slotMinutes set in FullCalendar
Getting notified when the user clicks a link in an embedded PDF
ASP.NET LinkButton - How to Hide javascript_doPostBack?
Why does IE8 hangs on jquery window.resize event?
How do I locally host the webbrowser Virtual Machine here: http://bellard.org/jslinux/
Using javascript, how can I tell if an HTML object in the DOM is not in the HTML source code?
Simulate scroll event on iPad
How to calculate points on a curve that matches CSS3 created border radius? Geometry geniuses?
HTML how to tell which elements are visible?
Microsoft says IE9 has Parallel Javascript Rendering and Execution
Inherit/Extend CSS properties onto another element
Making only portion of screen modal with jQuery UI
Are cookies the only native cross-subdomain storage?
JSMin usage problem
Is it considered a good practice to create and dispatch custom Javascript events?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!