Chrome ignores Set-Cookie response headers from XMLHttpRequest in extension

Question

Chrome ignores Set-Cookie response headers from XMLHttpRequest in extension

I have a background page in the Chrome extension that makes requests to the server. Using the Chrome debugging tools, I see that Set-Cookie headers are being returned. However, subsequent requests do not contain these cookies - Chrome seems to drop them. This leads to the fact that every request made by the server is considered a new session.

On the server side, I have the following headers set:

 header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Credentials: true");

On the client side, I have an XMLHttpRequest object set withCredentials = true .

I also have the server address in the permissions section of the extension manifest.

I feel like I'm very close to the solution here - the server responds with the correct headers, but I cannot understand why Chrome decides not to store cookies.

Is there anything else I need to set in the headers, XMLHttpRequest object, or manifest? Or is it simply impossible?

+4

javascript cookies google-chrome-extension xmlhttprequest setcookie

kanassa Jul 02 '11 at 13:41

source share

1 answer

kanassa · Accepted Answer · 2011-07-03T00:07:05+0000

I finally worked. The trick is to insert a cookie permission into the extension manifest. This is not obvious, because the Chrome Extension documentation only states that it is required if you use the chrome.cookies API - I'm not.

You also need to enable third-party cookies. Therefore, I may need a completely different solution, since the inclusion of third-party cookies is not something that I want to recommend.

Chrome ignores Set-Cookie response headers from XMLHttpRequest in extension

More articles: