[chromium-bugs] Issue 25691 in chromium: Cross-origin XHR from extension content-scripts do not include cookies

Fri, 23 Oct 2009 17:37:51 -0700 

Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 OS-All Area-Misc

New issue 25691 by matiaspelenur: Cross-origin XHR from extension  
content-scripts do not include cookies
http://code.google.com/p/chromium/issues/detail?id=25691

Chrome Version       : 4.0.223.5 Linux
URLs (if applicable) : N/A
Other browsers tested: N/A

What steps will reproduce the problem?
1. From an extension content-script, send an XHR to a different domain.
    For example, in http://www.example.com, send an XHR to
http://www.google.com
2. Monitor the request using an HTTP monitoring proxy (e.g. Charles Proxy).

What is the expected result?
The XHR sent to www.google.com should have the Cookie for google.com in it.

What happens instead?
No cookies are sent.

Please provide any additional information below. Attach a screenshot if
possible.
If the XHR is done from withing www.google.com, or from a background page,
the Cookies are sent correctly.

This was discussed in http://groups.google.com/group/chromium-
extensions/browse_thread/thread/c7f1ca3d1bb025b8#

I'm attaching a crx for a test extension.

This is what I saw on Charles:
For the XHR from www.example.com to www.google.com:
GET /gen_204?foo=test HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.3
(KHTML, like Gecko) Chrome/4.0.223.5 Safari/532.3
Referer: http://www.example.com/
Cache-Control: max-age=0
Origin: http://www.example.com
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

For the XHR from www.google.com/search:
GET /gen_204?foo=test HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.3
(KHTML, like Gecko) Chrome/4.0.223.5 Safari/532.3
Referer: http://www.google.com/search?q=foo
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Cookie: PREF=<elided>
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Note the "Origin" header on the first XHR, and the "Cookie" header on the
second one.


Attachments:
        chrome_xhr_bug.crx  876 bytes

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to