Cookie- and Set-Cookie-headers are missing in Chrome #61
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While debugging a web application the other day I noticed that SAML-tracer doesn't record the
Cookie
- orSet-Cookie
-header in Chrome.This was a really lucky discovery since I usually don't use Chrome.
It's a quite sever bug as users of SAML-tracer in Chrome will mistakenly think that their applications don't issue cookies albeit in fact they do!
Why does this bug occur?
This is due to a change in Chrome 72: Starting from this version the
Cookie
-,Set-Cookie
- and some other headers are only accessible by specifyingextraHeaders
inopt_extraInfoSpec
.See: https://developer.chrome.com/extensions/webRequest
Hence I added this option, although there's one downside:
But I think there's no way to get around this. SAML-tracer has to inspect each request since there's always a chance for cookies being involved.