cookies 编辑
Enables extensions to get and set cookies, and be notified when they change.
To use this API, you need to include the "cookies" API permission in your manifest.json file, as well as host permissions for the sites whose cookies you need to access. See cookie Permissions.
Permissions
In order to use this API, an add-on must specify the "cookies" API permission in its manifest, along with host permissions for any sites for which it wishes to access cookies. The add-on may read or write any cookies which could be read or written by a URL matching the host permissions. For example:
http://*.example.com/
-
An add-on with this host permission may:
- Read a non-secure cookie for
www.example.com
, with any path. - Write a secure or non-secure cookie for
www.example.com
, with any path.
It may not:
- Read a secure cookie for
www.example.com
.
- Read a non-secure cookie for
http://www.example.com/
-
An add-on with this host permission may:
- Read a non-secure cookie for
www.example.com
, with any path. - Read a non-secure cookie for
.example.com
, with any path. - Write a secure or non-secure cookie for
www.example.com
with any path. - Write a secure or non-secure cookie for
.example.com
with any path.
It may not:
- Read or write a cookie for
foo.example.com
. - Read or write a cookie for
foo.www.example.com
.
- Read a non-secure cookie for
*://*.example.com/
-
An add-on with this host permission may:
- Read or write a secure or non-secure cookie for
www.example.com
with any path.
- Read or write a secure or non-secure cookie for
First-party isolation
Third-party cookies are cookies that are set by a website other than the one you are currently on. For example:
- You visit bbc.com. It contains an ad from tracker.com that sets a cookie associated with the "tracker.com" domain.
- You visit cnn.com. It also contains an ad from tracker.com that sets a cookie associated with the "tracker.com" domain.
- Eventually both cookies can be sent to tracker.com. who can then figure out that the same user visited both sites.
When first-party isolation is on, cookies are further qualified by the domain of the original page the user visited (essentially, the domain shown to the user in the URL bar, also known as the "first party domain"). This means it's not possible for a tracker to correlate its cookie from bbc.com with its cookie from cnn.com, so the tracker can't track a single user across both sites.
First-party isolation can be enabled directly by the user by adjusting the browser's configuration, and can be set by extensions using the firstPartyIsolate
setting in the privacy
API. Note that first-party isolation is enabled by default in Tor Browser.
In the cookies
API, the first party domain is represented using the firstPartyDomain
attribute. All cookies set while first-party isolation is on will have this attribute set to the domain of the original page. In the example above, this would be "bbc.com" for one cookie and "cnn.com" for the other. All cookies set by websites while first-party isolation is off will have this property set to an empty string.
The cookies.get()
, cookies.getAll()
, cookies.set()
and cookies.remove()
APIs all accept a firstPartyDomain
option.
When first-party isolation is on, you must provide this option or the API call will fail and return a rejected promise. For get()
, set()
, and remove()
you must pass a string value. For getAll()
, you may also pass null
here, and this will get all cookies, whether or not they have a non-empty value for firstPartyDomain
.
When first-party isolation is off, the firstPartyDomain
parameter is optional and defaults to an empty string. A non-empty string can be used to retrieve or modify first-party isolation cookies. Likewise, passing null
as firstPartyDomain
to getAll()
will return all cookies.
Types
cookies.Cookie
- Represents information about an HTTP cookie.
cookies.CookieStore
- Represents a cookie store in the browser.
cookies.OnChangedCause
- Represents the reason a cookie changed.
cookies.SameSiteStatus
- Represents the same-site status of the cookie.
Methods
cookies.get()
- Retrieves information about a single cookie.
cookies.getAll()
- Retrieves all cookies that match a given set of filters.
cookies.set()
- Sets a cookie with the given cookie data; may overwrite equivalent cookies if they exist.
cookies.remove()
- Deletes a cookie by name.
cookies.getAllCookieStores()
- Lists all existing cookie stores.
Event handlers
cookies.onChanged
- Fired when a cookie is set or removed.
Browser compatibility
BCD tables only load in the browser
Example extensions
AcknowledgementsThis API is based on Chromium's chrome.cookies
API. This documentation is derived from cookies.json
in the Chromium code.
// Copyright 2015 The Chromium Authors. All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论