Menu
I need to delete gmail cookies set in my chrome browser, using chrome extension , but it can delete all cookies other then Gmail cookies, then I noticed that Gmail cookies are httponly, Is there a way to remove them using javascript chrome extension..
Thanks :)
817
Chrome extensions can use chrome. cookies API, that has access to all cookies in the cookie store, including httpOnly . The documentation for the API is here. Note that this API requires declaring a permission and will not work from content scripts.
An HttpOnly cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). If the browser allowed you to access it then it would be a defect in the browser.
If the HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through the client-side script. As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits the flaw, the browser will not reveal the cookie to the third-party.
A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it's only sent to the server. For example, cookies that persist in server-side sessions don't need to be available to JavaScript and should have the HttpOnly attribute.
Chrome extensions can use chrome.cookies API, that has access to all cookies in the cookie store, including httpOnly.
The documentation for the API is here.
Note that this API requires declaring a permission and will not work from content scripts.
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
