0

in my google chrome extension I made post call that looks like this:

public someapiCall(username: string, password: string) {
    var url = 'http://test.someTestServer.com/api/user/someApiCall';

    let headers = new Headers({ 
        "Content-Type": "application/x-www-form-urlencoded"
    });
    let options = new RequestOptions({ headers: headers, withCredentials: true });

    return this.http.post(url, 'UserName=' + username + '&Password=' + password, options)
        .map(res => {
            console.log(res);
            let cookies = res.headers.getAll('set-cookie');
            console.log(cookies);
        })
        .catch(this.handleError);
}

The problem is that when I call this, fiddler shows me these response headers:

enter image description here

but when I check Response object that is printed in console, it does not contain any header that references to cookie. Does anyone know where is the problem??

Improve this question

1 Answer 1

Reset to default
1

For security reasons most cookies are HTTP-only, look for httponly at the end of the cookie header:

Set-Cookie:.AspNetCore.Identity.Application=...; expires=...; secure; httponly

This means that the cookie is hidden from JS - the browser will hold it and include it with any request that you make to the domain/path, but client side JS cannot access it at all.

In a Chrome extension you can access these cookies, but not in a content script or injected code.

I'm using chrome-extension-async for async/await support, and the chrome.cookies extension API:

async function getCookies() {
    var cookies = await chrome.cookies.getAll();
    for(let cookie of cookies)
        // cookie.httpOnly will be true for the hidden cookies
        console.log(cookie); 
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.