有没有办法在同一个起源作出XMLHtt prequest时不发送的cookie？ [英] Is there a way to not send cookies when making an XMLHttpRequest on the same origin?

问题描述

我的工作是解析Gmail的RSS源，为用户的扩展。我允许用户指定的用户名/密码，如果他们不希望留签订项。但是这打破多个登录用户是否已登录在与所提供的用户名/密码为不同的帐户。所以我想避免发送任何Cookie，但仍然可以在发送（）调用发送用户名/密码。

I'm working on an extension that parses the gmail rss feed for users. I allow the users to specify username/passwords if they don't want to stay signed-in. But this breaks for multiple sign-in if the user is signed-in and the username/password provided is for a different account. So I want to avoid sending any cookies but still be able to send the username/password in the send() call.

推荐答案

您可以做到这一点通过的 chrome.cookies模块。这样做是为了获得当前的饼干，救他们，从浏览器的cookie存储中删除，发送请求，并最终恢复它们：

You can do that by using the chrome.cookies module. The idea is to get the current cookies, save them, remove them from the browser's cookie store, send your request, and finally restore them:

var cookies_temp = []; // where you put the cookies first
var my_cookie_store = []; // the cookies will be there during the request
var details = {/*your code*/}; // the first parameter for chrome.cookies.getAll()
var start_kidnapping = function(cookies) {
    cookies_temp = cookies.slice();
    kidnap_cookie();
};
var kidnap_cookie = function() {
    // This recursive function will store the cookies from cookies_temp to
    // my_cookie_store and then remove them from the browser's cookie store.
    if (cookies_temp.length == 0) { // when no more cookies, end recursion
        send_request();
    };
    else {
        var cookie = cookies_temp.pop();
        // We store url as a property since it is useful later.
        // You may want to change the scheme.
        cookie.url = "http://" + cookie.domain + cookie.path;
        my_cookie_store.push(cookie); // save it
        chrome.cookies.remove({url: cookie.url, name: cookie.name}, kidnap_cookie);
    };
};
var send_request = function() {
    // Send your request here. It can be asynchronous.
    for (var i = 0, i < my_cookie_store.length; i++){
        delete cookie.hostOnly; // these 2 properties are not part of the
        delete cookie.session;  // object required by chrome.cookies.set()
        // note that at this point, cookie is no longer a Cookie object
        chrome.cookies.set(my_cookie_store[i]); // restore cookie
    };
    my_cookie_store = []; // empty it for new adventures
};
chrome.cookies.getAll(details, start_kidnapping); // start

另外，一个简单的解决方法是打开隐身窗口将发送请求时，使用的 chrome.windows模块，但这将$ P $从具有扩展的其余部分通信pvent你。请注意，您可能需要您的清单中的改名属性更改为分割：

Alternatively, a simpler solution is to open an incognito window which will send the request, using the chrome.windows module, but this will prevent you from communicating with the rest of your extension. Note that you may have to change the incognito property of your manifest to split:

var incognito_window = {
    "url": "incognito.html",
    "focused": false, // do not bother user
    "incognito": true
}
chrome.windows.create(incognito_window);

这篇关于有没有办法在同一个起源作出XMLHtt prequest时不发送的cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！