Using fetch in chrome extension but it doesn't offer me a cookie - Stack Overflow

summarize: I think background.js can't respond cookie in fetch.I know, there is a similar query t

summarize: I think background.js can't respond cookie in fetch.

I know, there is a similar query that Asked 7years ago. but information was too little to know how to solve this problem.

first, as title, I am making a chrome extension that do a completely auto login for using Session hijacking tech.(of course I never develop this for illegal. just for auto login only for MY account in my college website)

Q: Why do you stick to using Session hijacking?

A: I think it is a only way to do auto login without enter the login form.

so I made fetch system that gets valid login cookie and at least in CMD, It works properly.

this is my fetch code

const res = await fetch("https://<college website>"
            ,fetchOption.toString());

fetchOption information...

this.option = {
            method: 'POST',
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded'
            },
            mode: 'cors',
            body: new URLSearchParams(payload).toString(),
            credentials: 'include'
        }
}

fetch in CMD: works properly

Headers {
'transfer-encoding': 'chunked',
connection: 'keep-alive'
'set-cookie': <it shows proper cookie anyway>
date: 'Tue, 19 Nov 2024 14:48:32 GMT',
'content-type': 'text/html; charset=UTF-8'
}

What I made next was chrome extension's background. I bundled my fetch system and tested it. And it was executed its fetch system automatically. and I got responded, except cookie.

fetch in chrome extension's background: works properly... EXCEPT COOKIE

res.headers.forEach(console.log)
/*
  keep-alive connection
  text/html; charset=UTF-8 content-type
  Tue, 19 Nov 2024 15:37:37 GMT date
  hunked transfer-encoding
*/

I, of course, also used Axios, but it was not enough to get cookie, too. and I got a information from ChatBot AI that I can get cookie data when I fetch in context-script. but It's not an answer because of CORS(I can't fetch before I access that website and that's not what I want).

also I know there is a chrome.cookie API but there's no way to get response.

I wonder. If this shit chrome extension blocks getting some cookies. If it's true, There's no way to make my wish come true.

I'm depressed now... somebody come and tell me how to bypass that chrome extension's inspection.

"I've tried several approaches:

  1. Using fetch with different options
  2. Switching to Axios
  3. Attempting to use content-script (but CORS prevents this)
  4. Checking declarativeNetRequest API and manifest.json"
  5. Tried in CMD(it works.)
  6. I considered using VM, but It seems so unstable because the module is too old.

"The extension is built with TypeScript and uses Manifest V3"

"Is there any alternative way to:

  1. Access Set-Cookie headers in background script, or
  2. Implement auto-login without accessing cookies directly?
  3. Or make the session last forever?

发布者:admin,转转请注明出处:http://www.yc00.com/questions/1742411371a4438879.html

相关推荐

发表回复

评论列表(0条)

  • 暂无评论

联系我们

400-800-8888

在线咨询: QQ交谈

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息

关注微信