XMLHttpRequest without cookies

Question

How can I send a request from javascript which would not use cookies? I want to do it from greasemonkey, so I don't care about same origin and can use both original xmlhttprequest or greamonkey's GM_xmlhttpRequest.

I need to fetch a page from the same website, but unauthentificated. Browser (Firefox) always sends all the cookies which FF have for that domain.

Background: I am working on a GM script which displays full size version of profile images. However the only way to know its URL, I must fetch the profile page for that user. This must be done unauthentificated, otherwise those users would be notified of me looking at their profile. Right now for development I use php on my server to fetch the profile page, but this is not scalable with the distribution of GM script for other users.

Answer 1

You can set the mozAnon or anonymous flag on the request options to suppress sending/storing cookies.

Unfortunately these flags aren't documented in the wiki yet, but they seem to be available since Version 3.8beta3 (April 18, 2016).

GM_xmlhttpRequest({
   method: 'GET',
   url: url,
   anonymous: true, // remove original cookies
   headers: {
      cookie: 'whatever' // add custom cookies if necessary
   },
   onload: function(res) {
      // optionally parse the reponse cookies which are otherwise lost
      const cookieRegex = /^Set-Cookie: (.*)$/gm;
      const cookies = [];
      while (cookieRegex.exec(res.responseHeaders)) {
         cookies.push(RegExp.$1);
      }
      console.log(cookies);
   }
});