WebExtensions API - inject modal to website with content and pass cookies</a></h1> </div> <div class="grid fw-wrap pb8 mb16 bb bc-black-075"> <div class="grid--cell ws-nowrap mr16 mb8" title="2016-01-12 19:07:53Z"> <span class="fc-light mr2">Asked</span> <time itemprop="dateCreated" datetime="2021-03-26T11:24:00.297" class="fromnow">Mar 26 '21 at 11:24</time> </div> <div class="grid--cell ws-nowrap mr16 mb8"> <span class="fc-light mr2">Active</span> <time class="fromnow" title="2021-03-26T11:24:00.297" datetime="2021-03-26T11:24:00.297">Mar 26 '21 at 11:24</a> </div> <div class="grid--cell ws-nowrap mb8" title="Viewed 249 times"> <span class="fc-light mr2">Viewed</span> 249 times </div> </div> <div id="mainbar" role="main" aria-label="questions and answers"> <div id="question" class="question" data-questionid="66815999" data-ownerid="14152145" data-score="0"> <div class="post-layout"> <div class="votecell post-layout--left"> <div class="js-voting-container grid jc-center fd-column ai-stretch gs4 fc-black-200" data-post-id="66815999"> <button class="js-vote-up-btn grid--cell s-btn s-btnunset c-pointer"><svg aria-hidden="true" class="m0 svg-icon iconArrowUpLg" width="36" height="36" viewBox="0 0 36 36"><path d="M2 26h32L18 10 2 26z"></path></svg></button> <div class="js-vote-count grid--cell fc-black-500 fs-title grid fd-column ai-center" itemprop="upvoteCount" data-value="0">0</div> <button class="js-bookmark-btn s-btn s-btnunset c-pointer py4"> <svg aria-hidden="true" class="svg-icon iconBookmark" width="18" height="18" viewBox="0 0 18 18"><path d="M6 1a2 2 0 00-2 2v14l5-4 5 4V3a2 2 0 00-2-2H6zm3.9 3.83h2.9l-2.35 1.7.9 2.77L9 7.59l-2.35 1.7.9-2.76-2.35-1.7h2.9L9 2.06l.9 2.77z"></path></svg> <div class="js-bookmark-count mt4" data-value=""></div> </button> </div> </div> <div class="postcell post-layout--right"> <div class="s-prose js-post-body" itemprop="text"><p>I am using <em>(fraction of)</em> the accepted answer in: <a href="../../questions/24641592/injecting-iframe-into-page-with-restrictive-content-security-policy#24649134">Inject iframe into page with restrictive content</a> to inject <code><iframe></code> to a webpage that is part of the content of a modal window. Currently I am able to access the external website displayed in the <code><iframe></code> and pass my cookies to it just fine, but upon interacting with it <em>(clicking on a submit button)</em> my cookies are not sent with the <code>onclick</code> event (which points to a JS function making AJAX request to the server). Therefor the server says that I am not logged in.</p> <p><strong>The question:</strong> How to pass the cookies with the AJAX? Is that even possible?</p> <p><strong>What I have tried:</strong> Editing the cookies <code>SameSite</code> value to <code>None</code> and the <code>Secure</code> to <code>true</code> for the website displayed in the <code><iframe></code> allows the cookies to be passed. It is desirable however not instruct the user to modify browser settings or cookies.</p> <p><strong>manifest.json:</strong></p> <pre><code>{ "manifest_version": 2, "name": "Add button", "description": "This extension will add some buttons to page.", "version": "1.0", "background": { "scripts": ["background.js"] }, "browser_action": { "default_icon": "icon.png", "default_popup": "popup.html" }, "permissions": [ "activeTab", "webNavigation", "tabs", "https://.example.com/", "https://external-iframe-site.com/*" ], "web_accessible_resources": [ "contentBackground.js", "modal.js", "iframe.html" ] } </code></pre> <p><strong>background.js</strong></p> <pre><code>const filter = { url: [ { urlMatches: '(example.com\/in)' } ] } chrome.webNavigation.onHistoryStateUpdated.addListener( function(details) { chrome.tabs.executeScript(null,{file:"jquery-1.6.1.min.js"}, function() { chrome.tabs.insertCSS({file: "content.css"}); chrome.tabs.executeScript(null,{file:"modal.js"}); }); }, filter); </code></pre> <p><strong>iframe.html</strong></p> <pre><code><iframe src="https://external-iframe-site.com/php/sync_user.php?action=Check&profileCode=someProfileCodeForTheExample" ></iframe> </code></pre> <p><strong>modal.js</strong></p> <pre><code>let a = document.createElement("a"); // Create Check with DOM a.innerHTML = "Check"; a.id = "chkBtn"; a.target = "_blank"; let checkLink = "https://external-iframe-site.com/php/sync_user.php?action=Check&profileCode={profileCode}"; checkLink = checkLink.replace("{profileCode}", encodeURI(window.location.href)); a.href = checkLink; $("div.target").prepend(a); var modal = (function(){ var method = {}, $overlay, $modal, $content, $close; // ... methods for closing/opening/etc. that you do not need to know ... // Generate the HTML and add it to the document $overlay = $('<div id="overlay"></div>'); $modal = $('<div id="modal"></div>'); $content = $('<div id="content"></div>'); $close = $('<a id="close" href="#">close</a>'); $modal.hide(); $overlay.hide(); $modal.append($content, $close); $(document).ready(function(){ $('div.authentication-outlet').append($overlay, $modal); }); return method; }()); // Get iframe local url var iframeOrigin = chrome.runtime.getURL('iframe.html'); // Wait until the DOM has loaded before querying the document $(document).ready(function(){ $('#chkBtn').click(function(e){ //Opens the modal with "src" of the local iframe.html file modal.open({content: '<iframe src=' + '"' + iframeOrigin + '"'+' width="992" height="500"></iframe>' }); e.preventDefault(); }); }); </code></pre></div> <div class="mt24 mb12"> <div class="post-taglist grid gs4 gsy fd-column"> <div class="grid ps-relative"> <a href="../../questions/tagged/javascript" class="post-tag js-gps-track" title="show questions tagged 'javascript'" rel="tag">javascript</a> <a href="../../questions/tagged/cookies" class="post-tag js-gps-track" title="show questions tagged 'cookies'" rel="tag">cookies</a> <a href="../../questions/tagged/iframe" class="post-tag js-gps-track" title="show questions tagged 'iframe'" rel="tag">iframe</a> <a href="../../questions/tagged/google-chrome-extension" class="post-tag js-gps-track" title="show questions tagged 'google-chrome-extension'" rel="tag">google-chrome-extension</a> <a href="../../questions/tagged/firefox-addon-webextensions" class="post-tag js-gps-track" title="show questions tagged 'firefox-addon-webextensions'" rel="tag">firefox-addon-webextensions</a> </div> </div> </div> <div class="mb0"> <div class="mt16 grid gs8 gsy fw-wrap jc-end ai-start pt4 mb16"> <div class="grid--cell mr16 fl1 w96"></div> <div class="post-signature owner grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Mar 26 '21 at 11:24">asked Mar 26 '21 at 11:24</time> <a href="../../users/14152145/l000p" class="s-avatar s-avatar32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/14152145.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="l000p" /> </a> <div class="s-user-card--info"> <a href="../../users/14152145/l000p" class="s-user-card--link">l000p</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">176</li> <li class="s-award-bling s-award-blingsilver" title="1 silver badges">1</li> <li class="s-award-bling s-award-bling__bronze" title="11 bronze badges">11</li> </ul> </div> </div> </div> </div> </div> </div> <div class="post-layout--right js-post-comments-component"> <div id="comments-66815999" class="comments js-comments-container bt bc-black-075 mt12 " data-post-id="66815999" data-min-length="15"> <ul class="comments-list js-comments-list" data-remaining-comments-count="0" data-canpost="false" data-cansee="true" data-comments-unavailable="false" data-addlink-disabled="true"> <li id="comment-118109210" class="comment js-comment " data-comment-id="118109210" data-comment-owner-id="3959875" data-comment-score="1"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> <span title="number of 'useful comment' votes received" class="warm">1</span> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment118109210_66815999"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">You can set `document.cookie` in the content script that runs on that site. The content script should be declared with `"all_frames": true`. Alternatively you can add the `cookie` header via chrome.webRequest.onBeforeSendHeaders.</span> – <a href="../../users/3959875/woxxom" title="65,848 reputation" class="comment-user ">wOxxOm</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/66815999/webextensions-api-inject-modal-to-website-with-iframe-content-and-pass-cookies#comment118109210_66815999"><span title="2021-03-26T11:27:17.557 License: CC BY-SA 4.0" class="relativetime-clean">Mar 26 '21 at 11:27</span></a></span> </div> </div> </li> <li id="comment-118109944" class="comment js-comment " data-comment-id="118109944" data-comment-owner-id="14152145" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment118109944_66815999"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">@wOxxOm I thought about that, but as far as I know I can not grab site specific cookies? Or I am wrong? Shouldn't I set the `document.cookie` in the `iframe.html` file?</span> – <a href="../../users/14152145/l000p" title="176 reputation" class="comment-user owner">l000p</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/66815999/webextensions-api-inject-modal-to-website-with-iframe-content-and-pass-cookies#comment118109944_66815999"><span title="2021-03-26T11:57:02.367 License: CC BY-SA 4.0" class="relativetime-clean">Mar 26 '21 at 11:57</span></a></span> </div> </div> </li> <li id="comment-118110123" class="comment js-comment " data-comment-id="118110123" data-comment-owner-id="3959875" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment118110123_66815999"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">In the content script that runs on that site (in the iframe).</span> – <a href="../../users/3959875/woxxom" title="65,848 reputation" class="comment-user ">wOxxOm</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/66815999/webextensions-api-inject-modal-to-website-with-iframe-content-and-pass-cookies#comment118110123_66815999"><span title="2021-03-26T12:03:27.767 License: CC BY-SA 4.0" class="relativetime-clean">Mar 26 '21 at 12:03</span></a></span> </div> </div> </li> <li id="comment-118112529" class="comment js-comment " data-comment-id="118112529" data-comment-owner-id="14152145" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment118112529_66815999"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">@wOxxOm sorry maybe there is misunderstanding. I will try to explain the structure in couple of words. We have the website that you visit lets say, youtube, there I will be appending a button (with the help of the background,js). When pressed this button will open a modal window with it's contents being the iframe.html file I have locally which on the other hand has a `<iframe>` with the external website that we are trying to mingle with. – l000p Mar 26 '21 at 13:25

Yes, my idea is that you declare a content script that will run inside that iframed site. It will receive the cookies via extension messaging and set them via `document.cookie` as session cookies. An entirely different approach would be to use `chrome.cookies` API. – wOxxOm Mar 26 '21 at 14:35

@wOxxOm I think I got it now. Would you provide me a code sample how to send a message from the iframed site, please? – l000p Mar 26 '21 at 18:51

@wOxxOm I have created a content script that runs inside that framed site. It sets some cookies with `document.cookie` and after that `console.log(document.cookie)`, unfortunately it log an empty string. I must be missing something here. – l000p Mar 29 '21 at 15:03

0 Answers0