Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to view/export all data available? #140

Closed
Cassian-Andor opened this issue Oct 28, 2023 · 6 comments
Closed

Not able to view/export all data available? #140

Cassian-Andor opened this issue Oct 28, 2023 · 6 comments

Comments

@Cassian-Andor
Copy link

Greetings. I've been using this extension for a bit (especially due to being one of the only ones that work on Safari iOS and is not sketchy or privacy violating), and I find that when exporting data (for example Netscape format), not all keys are available. At first I thought it was a Safari restriction, but then I did some tests in Chrome, that I'm pasting below. I used the open source Get-cookies.txt-LOCALLY, which was my to-go before.
Both examples are me logged in.

STEAM

Get-cookies.txt

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This is a generated file!  Do not edit.

store.steampowered.com	FALSE	/	TRUE	[VALUE]	browserid	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	timezoneOffset	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	birthtime	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	wants_mature_content	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	recentapps	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	Steam_Language	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	bGameHighlightAudioEnabled	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	sessionid	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	deep_dive_carousel_method	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	steamCountry	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	flGameHighlightPlayerVolume	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	steamLoginSecure	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	queue_type	[VALUE]
.steampowered.com	TRUE	/	FALSE	[VALUE]	ak_bmsc	[VALUE]
store.steampowered.com	FALSE	/	FALSE	[VALUE]	deep_dive_carousel_focused_app	[VALUE]

cookie-editor

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by Cookie-Editor
store.steampowered.com	FALSE	/	TRUE	[VALUE]	Steam_Language	[VALUE]
#HttpOnly_store.steampowered.com	FALSE	/	TRUE	[VALUE]	steamCountry	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	browserid	[VALUE]
store.steampowered.com	FALSE	/	TRUE	[VALUE]	recentapps	[VALUE]
#HttpOnly_store.steampowered.com	FALSE	/	TRUE	[VALUE]	steamLoginSecure	[VALUE]

YOUTUBE

Get-cookies.txt

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This is a generated file!  Do not edit.

.youtube.com	TRUE	/	TRUE	[VALUE]	VISITOR_INFO1_LIVE	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	VISITOR_PRIVACY_METADATA	[VALUE]
.youtube.com	TRUE	/	FALSE	[VALUE]	HSID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	SSID	[VALUE]
.youtube.com	TRUE	/	FALSE	[VALUE]	APISID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	SAPISID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-1PAPISID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-3PAPISID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	YSC	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	PREF	[VALUE]
.youtube.com	TRUE	/	FALSE	[VALUE]	SID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-1PSID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-3PSID	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	LOGIN_INFO	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-1PSIDTS	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-3PSIDTS	[VALUE]
.youtube.com	TRUE	/	FALSE	[VALUE]	SIDCC	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-1PSIDCC	[VALUE]
.youtube.com	TRUE	/	TRUE	[VALUE]	__Secure-3PSIDCC	[VALUE]

cookie-editor

image
@Moustachauve
Copy link
Owner

That doesn't seem right. Can you do a test for me on Chrome if you don't mind? Could you try to go in your extension settings in Chrome and set the permissions to allow from any url to see if anything different happens?
image

@Cassian-Andor
Copy link
Author

Brilliant, thank you, that did it. I guess because some are cross-domains cookies or something?

One extra question about Safari, I know somewhere you say HttpOnly cookies cannot be accessed by Safari, because I guess Safari tries to be "strict" about it. Is there any hack or workaround to read them somehow in iOS? Tools like yt-dlp rely on those HttpOnly values (tried with a Safari export with your extension and yt-dlp -or rather youtube when fetching the data- complains about some extra values missing).

Or maybe my question is, will we always be able to fetch HttpOnly cookies somehow? Is this something that some browsers just don't care about? Or could it be that all browsers start caring and then nobody can read those values and then tools that rely on them (like yt-dlp) will be rendered useless?

@Moustachauve
Copy link
Owner

I'm not aware of any way to get all your cookies from iOS other than remote debugging through a mac, sadly. I made some requests at Apple but there isn't much that can be done at the moment.

@Cassian-Andor
Copy link
Author

Fair enough. One last thing if you don't mind, would it be possible via an extension to delete all cookies then, maybe a call that does this, which doesn't have the same restrictions as reading them? Because for example on youtube, deleting cookies with the extension won't log you out (because the HttpOnly ones persist).

@Moustachauve
Copy link
Owner

The restrictions for deleting is the same as all other cookie operations, sadly. I really wish I could do it too.

@Cassian-Andor
Copy link
Author

I understand. Thank you so much for taking the time to reply and for building this awesome app!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Moustachauve @Cassian-Andor