I'm trying to make a Google Chrome extension that analyzes cookies before they're set/retrieved by websites and, if they don't meet certain requirements, stops the operation.
To start, I'm trying to just block cookie setting entirely. After trying (and failing) to override their getter and setter, I was recommended to try and modify headers and their Set-Cookie elements instead.
If anyone is interested in the previous question, it's here.
The extension I came up with only has the following two files:
manifest.json
{
"manifest_version": 2,
"name": "CookieStop",
"description": "Extension to filter cookies",
"version": "1.0",
"permissions": [
"<all_urls>",
"tabs",
"webRequest",
"webRequestBlocking"
],
"background": {
"scripts": ["background.js"]
}
}
background.js
chrome.webRequest.onHeadersReceived.addListener(
function(details) {
for (var i = 0; i < details.responseHeaders.length; i++) {
if (details.responseHeaders[i].name === 'Set-Cookie') {
details.responseHeaders.splice(i, 1);
i--;
}
}
return {
responseHeaders: details.responseHeaders
};
}, {
urls: ["<all_urls>"]
}, ["blocking", "responseHeaders"]);
I made a version of background.js that logs in the console every header before and after the splicing and it seems to correctly remove every Set-Cookie part.
Testing the result by visiting en.wikipedia.org, which sets some cookies as soon as you visit it, I observe the following behavior. Without the extension, cookies are set for upload.wikimedia.org, wikipedia.org, en.wikipedia.org. With the extension, no cookies are set for wikipedia.org, but there are still cookies set for the other two.
I know only one extension is allowed to modify a request, I've also tested this with only my extension enabled, but the result is the same.
"<all_urls>" should stop cookies from any domain, so can anyone tell what exactly is wrong in my extension which is letting cookies being set and how to fix it?
