Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie auth #120

Open
kkkrist opened this issue Apr 18, 2024 · 3 comments
Open

Cookie auth #120

kkkrist opened this issue Apr 18, 2024 · 3 comments
Labels
feature-request

Comments

@kkkrist
Copy link

kkkrist commented Apr 18, 2024
edited
Loading

Hi,

what do you think about adding a cookie auth option?

By default, fetch requests ignore set-cookie headers in responses and don't send stored cookies via the cookie header. Both can be enabled by setting the credentials fetch option to "same-origin" or "include".

I'm imagining an additional option called "Cookies" in the "Auth" tab which lets the user select the credentials option to add to all relevant fetch calls.

What would be the outline to implement this best?
@flawiddsouza
Copy link
Owner

Hi @kkkrist, I would assume this would work only for sites that allow cross origin cookies. same-origin option can't work as the cookies would need to originate from restfox.dev. Are you using restfox through the web at restfox.dev? I cannot envision what would be present in the Cookies option in Auth. You can only tell fetch to include credentials. There's no way to pass specific credentials to fetch. So I'm not sure how the user would be able to select credentials they want.

A proper cookie system can only be implemented in the desktop version of Restfox, as it has no CORS limitations. It already allows you to send the Cookie header in your requests. We just need to expand it to have a Cookie Manager. So Set-Cookie requests are stored and used by the requests.

@kkkrist
Copy link
Author

kkkrist commented Apr 26, 2024

Thank you for your reply! Yes, I'm using restfox.dev and/or a self-hosted version of the same. "same-origin" only works if you self-host on the same domain as the API (so not restfox.dev). "include" however works anywhere, given the API server sets CORS headers accordingly.

It could well be that I've missed something, but I think it would be enough to make the Cookies option a boolean setting that just causes the credentials option to be set to "include" in the the fetch call options (fetch("https://api.com/", { credentials: "include" })). With that setting, the browser will store cookies requested via Set-Cookie headers in responses and also attach them via Cookie headers in subsequent requests just like with ordinary non-fetch/-xhr requests. So no need to manage cookies. I've tested it by hard-coding it into the fetch calls and it worked for me.

@eznix86
Copy link
Contributor

eznix86 commented May 6, 2024
edited
Loading

Looks like a toggle to me. @kkkrist Maybe you can add a custom option in the settings "Allow CORS calls". Then link it to this: https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials#include

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kkkrist @flawiddsouza @eznix86