当前位置: 文江博客话题详情

有没有办法在同源上发出 XMLHttpRequest 时不发送 cookie?

发布于 2024-12-29 12:08:37 字数 148 浏览 1 评论 0原文

我正在开发一个为用户解析 gmail rss feed 的扩展。如果用户不想保持登录状态,我允许他们指定用户名/密码。但是,如果用户已登录并且提供的用户名/密码用于不同的帐户,则多次登录会中断。所以我想避免发送任何 cookie,但仍然能够在 send() 调用中发送用户名/密码。

原文

I'm working on an extension that parses the gmail rss feed for users. I allow the users to specify username/passwords if they don't want to stay signed-in. But this breaks for multiple sign-in if the user is signed-in and the username/password provided is for a different account. So I want to avoid sending any cookies but still be able to send the username/password in the send() call.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

咋地 2025-01-05 12:08:37

从 Chrome 42 开始,fetch API 允许 Chrome 扩展程序(以及一般)执行无 cookie 请求。 HTML5 Rocks 提供了有关使用 fetch API 的介绍性教程

目前关于 fetch 的高级文档非常稀疏,但是 API 接口规范是一个很好的起点。接口下面描述的 fetch 算法显示,默认情况下 fetch 生成的请求没有凭据!

fetch('http://example.com/').then(function(response) {
    return response.text(); // <-- Promise<String>
}).then(function(responseText) {
    alert('Response body without cookies:\n' + responseText);
}).catch(function(error) {
    alert('Unexpected error: ' + error);
});

如果您想要真正的匿名请求,您还可以禁用缓存:

fetch('http://example.com/', {
    // credentials: 'omit', // this is the default value
    cache: 'no-store',
}).then(function(response) {
    // TODO: Handle the response.
    // https://fetch.spec.whatwg.org/#response-class
    // https://fetch.spec.whatwg.org/#body
});

As of Chrome 42, the fetch API allows Chrome extensions (and web applications in general) to perform cookie-less requests. HTML5 Rocks offers an introductory tutorial on using the fetch API.

Advanced documentation on fetch is quite sparse at the moment, but the API interface from the specification is a great starting point. The fetch algorithm described below the interface shows that requests generated by fetch have no credentials by default!

fetch('http://example.com/').then(function(response) {
    return response.text(); // <-- Promise<String>
}).then(function(responseText) {
    alert('Response body without cookies:\n' + responseText);
}).catch(function(error) {
    alert('Unexpected error: ' + error);
});

If you want truly anonymous requests, you could also disable the cache:

fetch('http://example.com/', {
    // credentials: 'omit', // this is the default value
    cache: 'no-store',
}).then(function(response) {
    // TODO: Handle the response.
    // https://fetch.spec.whatwg.org/#response-class
    // https://fetch.spec.whatwg.org/#body
});
回复 原文
開玄 2025-01-05 12:08:37

您可以使用 chrome.cookies 模块 来实现此目的。这个想法是获取当前的 cookie,保存它们,从浏览器的 cookie 存储中删除它们,发送您的请求,最后恢复它们:

var cookies_temp = []; // where you put the cookies first
var my_cookie_store = []; // the cookies will be there during the request
var details = {/*your code*/}; // the first parameter for chrome.cookies.getAll()
var start_kidnapping = function(cookies) {
    cookies_temp = cookies.slice();
    kidnap_cookie();
};
var kidnap_cookie = function() {
    // This recursive function will store the cookies from cookies_temp to
    // my_cookie_store and then remove them from the browser's cookie store.
    if (cookies_temp.length == 0) { // when no more cookies, end recursion
        send_request();
    };
    else {
        var cookie = cookies_temp.pop();
        // We store url as a property since it is useful later.
        // You may want to change the scheme.
        cookie.url = "http://" + cookie.domain + cookie.path;
        my_cookie_store.push(cookie); // save it
        chrome.cookies.remove({url: cookie.url, name: cookie.name}, kidnap_cookie);
    };
};
var send_request = function() {
    // Send your request here. It can be asynchronous.
    for (var i = 0, i < my_cookie_store.length; i++){
        delete cookie.hostOnly; // these 2 properties are not part of the
        delete cookie.session;  // object required by chrome.cookies.set()
        // note that at this point, cookie is no longer a Cookie object
        chrome.cookies.set(my_cookie_store[i]); // restore cookie
    };
    my_cookie_store = []; // empty it for new adventures
};
chrome.cookies.getAll(details, start_kidnapping); // start

或者,一个更简单的解决方案是打开一个隐身窗口,使用 chrome.windows 模块,但这会阻止您与扩展程序的其余部分进行通信。请注意,您可能需要将清单的 incognito 属性更改为 split

var incognito_window = {
    "url": "incognito.html",
    "focused": false, // do not bother user
    "incognito": true
}
chrome.windows.create(incognito_window);

You can do that by using the chrome.cookies module. The idea is to get the current cookies, save them, remove them from the browser's cookie store, send your request, and finally restore them:

var cookies_temp = []; // where you put the cookies first
var my_cookie_store = []; // the cookies will be there during the request
var details = {/*your code*/}; // the first parameter for chrome.cookies.getAll()
var start_kidnapping = function(cookies) {
    cookies_temp = cookies.slice();
    kidnap_cookie();
};
var kidnap_cookie = function() {
    // This recursive function will store the cookies from cookies_temp to
    // my_cookie_store and then remove them from the browser's cookie store.
    if (cookies_temp.length == 0) { // when no more cookies, end recursion
        send_request();
    };
    else {
        var cookie = cookies_temp.pop();
        // We store url as a property since it is useful later.
        // You may want to change the scheme.
        cookie.url = "http://" + cookie.domain + cookie.path;
        my_cookie_store.push(cookie); // save it
        chrome.cookies.remove({url: cookie.url, name: cookie.name}, kidnap_cookie);
    };
};
var send_request = function() {
    // Send your request here. It can be asynchronous.
    for (var i = 0, i < my_cookie_store.length; i++){
        delete cookie.hostOnly; // these 2 properties are not part of the
        delete cookie.session;  // object required by chrome.cookies.set()
        // note that at this point, cookie is no longer a Cookie object
        chrome.cookies.set(my_cookie_store[i]); // restore cookie
    };
    my_cookie_store = []; // empty it for new adventures
};
chrome.cookies.getAll(details, start_kidnapping); // start

Alternatively, a simpler solution is to open an incognito window which will send the request, using the chrome.windows module, but this will prevent you from communicating with the rest of your extension. Note that you may have to change the incognito property of your manifest to split:

var incognito_window = {
    "url": "incognito.html",
    "focused": false, // do not bother user
    "incognito": true
}
chrome.windows.create(incognito_window);
回复 原文
~没有更多了~

关于作者

软甜啾

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

微信用户

文章 0 评论 0

小情绪

文章 0 评论 0

追我者格杀勿论

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

笨死的猪

文章 0 评论 0

彭明超

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文