How can I send a request from javascript which would not use cookies? I want to do it from greasemonkey, so I don't care about same origin and can use both original xmlhttprequest or greamonkey's GM_xmlhttpRequest.
I need to fetch a page from the same website, but unauthentificated. Browser (Firefox) always sends all the cookies which FF have for that domain.
Background: I am working on a GM script which displays full size version of profile images. However the only way to know its URL, I must fetch the profile page for that user. This must be done unauthentificated, otherwise those users would be notified of me looking at their profile. Right now for development I use php on my server to fetch the profile page, but this is not scalable with the distribution of GM script for other users.
How can I send a request from javascript which would not use cookies? I want to do it from greasemonkey, so I don't care about same origin and can use both original xmlhttprequest or greamonkey's GM_xmlhttpRequest.
I need to fetch a page from the same website, but unauthentificated. Browser (Firefox) always sends all the cookies which FF have for that domain.
Background: I am working on a GM script which displays full size version of profile images. However the only way to know its URL, I must fetch the profile page for that user. This must be done unauthentificated, otherwise those users would be notified of me looking at their profile. Right now for development I use php on my server to fetch the profile page, but this is not scalable with the distribution of GM script for other users.
Share Improve this question edited Apr 24, 2015 at 13:03 hindmost 7,1803 gold badges32 silver badges41 bronze badges asked Apr 24, 2015 at 13:02 Marki555Marki555 6,9003 gold badges43 silver badges60 bronze badges 7- Clear All Cookie from domain and then send a request if possible . – Anant Dabhi Commented Apr 24, 2015 at 13:09
- I can't clear the cookies - the webpage must work for the browser user with cookies, just requests from greasemonkey script needs to be without cookies – Marki555 Commented Apr 24, 2015 at 13:22
- michael-noll./tutorials/cookie-monster-for-xmlhttprequest – Jared Farrish Commented Apr 24, 2015 at 13:40
-
@JaredFarrish I have read that article (quite old, lot of changes to FF since then), I tried the updated solution, but it seems I don't have access to
yourXMLHttpReq.channelfrom greasemonkey script. – Marki555 Commented Apr 24, 2015 at 13:43 -
This is not possible with
GM_xmlhttpRequest, but you could fork Greasemonkey's code and make your own version that had a "no cookie" option. ... Alternatively, Maybe run the script from a tab that is in private browsing mode? – Brock Adams Commented Apr 24, 2015 at 22:31
1 Answer
Reset to default 6You can set the mozAnon or anonymous flag on the request options to suppress sending/storing cookies.
Unfortunately these flags aren't documented in the wiki yet, but they seem to be available since Version 3.8beta3 (April 18, 2016).
GM_xmlhttpRequest({
method: 'GET',
url: url,
anonymous: true, // remove original cookies
headers: {
cookie: 'whatever' // add custom cookies if necessary
},
onload: function(res) {
// optionally parse the reponse cookies which are otherwise lost
const cookieRegex = /^Set-Cookie: (.*)$/gm;
const cookies = [];
while (cookieRegex.exec(res.responseHeaders)) {
cookies.push(RegExp.$1);
}
console.log(cookies);
}
});