You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
By clicking “Sign up for GitHub”, you agree to our
terms of service
and
privacy statement
. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
(Please fill out the issue template with your details)
Expected Behavior
TamperMonkey is meant to set cookies sent within the xmlHttpRequest request.
Actual Behavior
It seems to be ignoring the set-cookie headers.
Specifications
TM: 5.2.6196
(apologies if something has changed in cookie handling that i've not updated for, but the script I use has been working fine for the past 6 months, i've made no changes, but the latest TM update has stopped updating the cookies)
Thanks for reporting. Should be at 5.2.6197 (
crx
|xpi in review)
Please download the crx file linked above and drag and drop it to the extensions page
chrome://extensions
(after you've enabled 'Developer Mode').
i've installed it and it still behaving the same and ignoring the set-cookie, however I can't do a proper test until later this evening when i can reboot the server it's running on.
Thanks for reporting. Should be at 5.2.6197 (
crx
|xpi in review)
Please download the crx file linked above and drag and drop it to the extensions page
chrome://extensions
(after you've enabled 'Developer Mode').
Ok, tested that fully and it still not behaving as it should, it isn't storing the cookie values at all..
I can't reproduce. Setting a Cookie via
GM_xhr
is working fine here...
Please make this example fail. Thanks.
// ==UserScript==
// @name xxx
// @namespace xxx
// @version xxx
// @description xxx
// @author xxx
// @match https://example.com
// @grant GM.xmlHttpRequest
// @connect httpbin.org
// ==/UserScript==
const d = Date.now();
await GM.xmlHttpRequest({
url: 'https://httpbin.org/response-headers?set-cookie=nonpartitioned=' + d + ';path=/;expires=Wed,%2021%20Sep%202033%2015:59:37%20GMT;httponly;secure;samesite=none'
const r = await GM.xmlHttpRequest({ url: 'https://httpbin.org/cookies' });
console.log('Cookie Value should be ' + d);
console.log(r.responseText);
Thanks, ok, looks to be something in the handling when sending the secure header, this here doesn't return the set cookies
// ==UserScript==
// @name xxx
// @namespace xxx
// @version xxx
// @description xxx
// @author xxx
// @match https://example.com
// @grant GM.xmlHttpRequest
// @connect httpbin.org
// ==/UserScript==
const d = Date.now();
await GM.xmlHttpRequest({
//url: 'https://httpbin.org/response-headers?set-cookie=nonpartitioned=' + d + ';path=/;expires=Wed,%2021%20Sep%202033%2015:59:37%20GMT;httponly;secure;samesite=none'
url: 'https://httpbin.org/response-headers?set-cookie=nonpartitioned=' + d + ';path=/;samesite=none'
const r = await GM.xmlHttpRequest({ url: 'https://httpbin.org/cookies' });
console.log('Cookie Value should be ' + d);
console.log(r.responseText);
Please see: https://stackoverflow.com/questions/60822936/where-to-add-samesite-none#:~:text=When%20the%20SameSite%3DNone%20attribute,provide%20protection%20against%20network%20attacks.
Opening
http://httpbin.org/response-headers?set-cookie=cde=1111;path=/;samesite=none
in a browser tab doesn't set the cookie either, while
http://httpbin.org/response-headers?set-cookie=abc=1111;path=/;samesite=lax
works fine.
Sorry, just realised i pasted the wrong headers so i now look crazy, there is definitely a multiple cookie issue, i've updated what works and doesn't work below, everything else sent in the header was identical in the test cases.
wow, taken me hours of rewriting and and banging my head against the wall, making it work, then it not working, i've found it!
it works with a single cookie
it fails if there are multiple,
i'm unsure how to replicate that on your site, but if dm's are similar are possible, i can demonstrate on my own.
for reference:
this would set the cookie testDebug
set-cookie:testDebug=1716916460384; path=/; secure
this would not set any cookies
set-cookie:testDebug=1716916403148; path=/; secure
set-cookie:stest=0; path=/; secure
