RESTED
RESTED copied to clipboard
RESTEDClient
How do you send a cookie back to the server?
When I log into my website the server sends a Set-Cookie header. I can't seem to send this back using the Cookie header. It ignores it. If I do a GET request using the browser normally it sends the cookie with the request, not when requesting using this plugin though.
This is a browser security issue. You cant access cookies from another origin - for example look at here https://stackoverflow.com/questions/3342140/cross-domain-cookies
You can copy the cookie value and manually send it onwards by inserting a "Cookie" Header with your request. See how to format the value of the header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
@FruitAndAShape has reported a genuine issue as far as I can see, regardless of the source of the cookie, if you manually add a Cookie header to a RESTed request, it is ignored. The server never receives it for me. It does, however, receive cookies that are already set for that domain (in that container).
@senyaak I don't think it's a browser issue, normal sites have this restriction, this extension has been explicitly granted access to that data by you installing it. Otherwise I can't explain how the server receives existing cookies for the domain.
@nucc1 My understanding was that @FruitAndAShape is already doing that.
@esphen Can you please confirm whether this behaviour is reproducible and intended/bug?
@Roy-Orbison I think that the issue needs a more specific description/demonstration.
Some sample Request/responses will be useful. I also got the impression that the OP wanted to transfer a cookie from one origin to another origin, and in this case you'd need to copy it manually. Otherwise, there are potentially other explanations for why a cookie may not be sent when you expect it to -- for example, if it was set with the Secure flag and you're not using HTTPS.
If you're experiencing the same issue, perhaps you can help by contributing some examples.
@nucc1 I think you're missing the point here, origins and cookie parameters are irrelevant to this issue. Cookies are just headers. I understand that normally Firefox processes Set-Cookie response headers, discards invalid ones, filters based on 3rd party prefs, etc, using careful logic, and similarly matches requests against the cookie store to create the Cookie request header (or not), which is what your are talking about. That is not this. This is about setting a Cookie header, directly in RESTed, and having it sent by modifying the request. As OP stated:
I can't seem to send this back using the Cookie header.
That seems like manual setting of the header to me.
I tried a different extension, RESTer, and it does not suffer this issue. the Cookie header specified there is parsed and added to any existing cookies for the request, and overwrites any with the same name. It does not change any values in the normal cookie store, it is per-request. That explicit Cookie header has no meta information about whether it should be sent, based on domain, path, expiry, etc. It should be sent because you say so.
A test case is:
- Set a test URL to something that will allow logging cookie headers, say
foo.example/cookie-dump.php. - In the Headers section, start typing
Cookie, it autocompletes implying it's supported. - Type any
name=valuepair for the value. - Send the request and inspect the log of cookies received.
cookie-dump.php:
<?php
var_dump($_COOKIE);
I just found out that the extension does not seem to care what I enter as value for the Cookie header.
When I check the requests in the console it will ALWAYS sent all cookies it has for the target site.
No way to not send any at all outside of using a Private Window, which it self would be fine, but it's also not possible to overwrite the Cookie header.
So the options are either ALL cookies, or NO cookies.
