I am not sure whether it is an issue of FireBreath or an ActiveX specific thing or I have just forgotten something.
I want to a download a file in my plugin using a derivative of FB::DefaultBrowserStreamHandler, and FB::BrowserHost::createStream(). The file is only accessable if my http request is authenticated by a cookie.
The built FireBreath plugin is working under Chrome and FF, but not under IE. The thing is that under IE no session cookie is sent when analyzing the requests with Fiddler.
Thanks in advance.
This is a feature that isn't supported the way you need it to be in FireBreath's activex implementation of browserstreams. You'd have to go into the code and find a way to add support for setting the cookie manually, I'm afraid. The reason it works in npapi browsers is that the browser itself provides an API for making the request, which means it will provide proxy info and cookies. In IE we have to emulate that, and that emulation doesn't get the cookies.
Related
I added some advertise sections on react webpage.
Of course it works well on Chrome browser.
But it didn't work on safari (Macbook + iPhone).
I noticed that 3rd party cookies were blocked by default on Mac.
I want to write script to ask users to allow 3rd party cookies on browser or system.
How can I do it?
FYI, I used react-cookie-consent, but it didn't work.
Thanks in advance.
Safari does not allow third-party cookies at all.
https://javascript.info/cookie#appendix-third-party-cookies
Trying to update my old-styled Safari extension with background HTML page according to native app extension. The extension should perform HTTP requests in a background mode, and the earlier version used the same cookies that Safari did. But after migrating to native code, NSURLSessionDataTask can't access cookies that Safari has anymore.
Can anyone suggest how can I manage this case? Unfortunately, I can't pass cookies via messages to 'native' code (they are httponly).
I want to write a Safari Browser Extension on macOS (the latest extension model, https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/SafariAppExtension_PG/) which needs to perform an HTTP-request within the browser's context (getting and setting cookies etc.) which is a cross origin request to another domain.
The Google Chrome extension model and the new Mozilla Firefox WebExtension model allow this by performing the request in the background page JavaScript of the extension.
The deprecated NPAPI model allows this directly with the native API provided by the browser.
The old Safari Extension model (https://developer.apple.com/library/content/documentation/Tools/Conceptual/SafariExtensionGuide/Introduction/Introduction.html) also allows this in the background page JavaScript.
However, the new Safari Extension Model does not have background page scripts at all, as the "background" is directly the native sandboxed extension process.
In a content script of the extension I can perform an HTTP-request within the browser context, but I do not have cross domain permissions there.
I can perform HTTP-requests natively in the extension process (NSURLDownload, CFHttpStream, WebView object/NSMutableURLRequest, using cURL library, ...) but this has no connection to the browser's HTTP context.
I have not found any way to perform HTTP-requests via the Safari Services API (SFSafari*-classes).
Do I have to use the "old" Safari Extension model (Xcode 8.1 already does not allow me to add an "Safari Extension Companion" target to be used for the old model, there is only the new "Safari Extension" target)? I always want to use the newest technologies if possible.
Has anyone an idea?
Thank you for your hints,
Dominik
Users could have connections through proxies. Some using system-wide proxy settings, others browser-wide proxy.
On Windows for example you could have the system proxy settings as well as proxy settings for Firefox or Chrome alone. Therefore relying on system proxy settings is not reliable.
The only logical solution is to use whatever proxy settings the browser loading my plugin is using. If Firefox is loading my plugin and it has some proxy settings, my plugin should connect using these settings as well. I need my plugin to download the SSL cert of the page in which the plugin is loaded (for further verification..etc).
Is there some way to do that in NPAPI or I must use APIs like Windows WinInet or WinHTTP, or OpenSSL for Linux and Mac? If I have to do so, then how can I let my plugin use whatever proxy settings the host browser is using? I am checking out NPN_GetValueForURL, but I don't think it has good compatibility and good browser interop.
Thank you guys!
I'm pretty sure that NPN_GetURLNotify() will use the browser's proxy settings. It would be pretty crazy if it did not.
Update
If you're writing an NPAPI-based plugin, you need to use the NPN_Get/Post functions to do HTTP requests. That will use the host's proxy settings, cookies, etc. These functions exist for this reason; I don't know why you would use Wininet or roll your own instead.
Looking through about:config, it appears Firefox stores the proxy settings in network.proxy.*. You can access these settings programmatically via the Preferences Service. I suppose you could configure Wininet to behave the same, but you still have the cookie problem.
I'd like to use the evercookie javascript library to receive the users cookie and make the spring security rememberme-service use it.
I read a bit about implementing a custom remember-me service, but I think I just need to discover the cookie on the client-side using the evercookie library. I've got zero knowledge about cookie handling, so any help how to implement the evercookie library so that a cookie will be set and discovered through the library would be appreciated.
evercookie: samy.pl
In my opinion evercookie isn't good choice. It is generating tremendous number of http requests. It has killed my browser. Your users will be fourious about it.
See http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/http/Cookie.html