Closed
Bug 1454806
Opened 7 years ago
Closed 7 years ago
Addon does not remember cookies
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: czeidler, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180326160923
Steps to reproduce:
I'm working on an browser extension that authenticates with a remote server via XMLHttpRequests.
Actual results:
In Firefox (59.0.2) I have the problem that the session cookie send by the server is not stored in the browser. When looking at the network traffic I get a Set-Cookie response from the server for every request:
Set-Cookie JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0;Path=/
but it seems that the cookie is never accepted or stored in the extension.
Expected results:
When looking at Chrome (where the extension is working) my extension includes this cookie in the request:
Cookie: io=jCX1X9rlaOhCqE0nAAAB JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0
However, this is not the case in Firefox. Why is Firefox is not including the cookie in the request? and why is it not storing the cookie?
Comment 1•7 years ago
|
||
In order to reproduce this issue we need more information (steps, prerequisites, links, printscreens).
Flags: needinfo?(czeidler)
Reporter | ||
Comment 2•7 years ago
|
||
I setup a minimal addon that shows the problem:
https://gitlab.com/czeidler/firefox-cookie-problem
Open the debug view of the addon and select the network view. Then click the addon popup icon. This will trigger two requests to my server. The first reply contains a Set-Cookie header that is not reused in the second reply.
Flags: needinfo?(czeidler)
Reporter | ||
Comment 3•7 years ago
|
||
I found the reason why it is not working. Firefox handles a request from the popup as a cross domain request and does not set the cookie for this reason. Not sure if Chrome and Firefox should behave the same here or which solution is the better one. For this reason I close this bug. However, maybe somebody has a second thought about it...
What I did to fix it:
On the server:
response.addHeader("Access-Control-Allow-Origin", request.getHeader("Origin"))
response.addHeader("Access-Control-Allow-Credentials", "true")
In the popup:
connection.withCredentials = true;
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•