谷歌插件Fetch在不同页面之间Cookie携带情况详解

文章列表

content script 和 script inject 表现情况

在碰到content script 注入和用script标签注入一样，即使服务端有写入Cookie到域名下在该tab标签应用下也不会被保存，所以在发送时也无法自动携带，所以通过content script和<script>这种方式无法传输隐式传输cookie，只能通过background来先拿到cookie再进行传送

服务端往请求端写入Cookie，服务端做了跨域允许，不允许跨域就没必要讨论这个逻辑了（注意注入的网站如何是https的则不能使用http协议，浏览器不允许）

<?php
/*** 功能：授权验证父类* @author wangsen* @date 2021/07/10 10:52:00* @version 1.0.0.0* @brief**/namespace app\\controllers;use app\\behaviors\\BeforeSendBehavior;
use Yii;
use yii\\filters\\Cors;class ApiController extends Controller
{public function behaviors(){$behaviors = parent::behaviors();return array_merge($behaviors, ['corsFilter' => ['class' => Cors::class,'cors' => $this->corsConfig()], BeforeSendBehavior::class]);}public function corsConfig(){$origin = Yii::$app->request->headers->get("Origin");return ['Origin' => [$origin],'Access-Control-Request-Method' => ['POST', 'PUT', 'OPTION', 'GET'],'Access-Control-Request-Headers' => ['Authorization', 'Content-Type'],'Access-Control-Allow-Credentials' => true,'Access-Control-Max-Age' => 3600,'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],];}
}

谷歌插件Fetch在不同页面之间Cookie携带情况详解

插件端采用<script>方式注入js脚本

谷歌插件Fetch在不同页面之间Cookie携带情况详解

inject-fetch.js 脚本

fetch("https://test.zfscrmteam.top:444/cookie/index", {"referrer": "https://blog.csdn.net/qq_36361250/article/details/114270670","referrerPolicy": "unsafe-url","body": null,"method": "GET","mode": "cors","credentials": "include"
}).then(e => console.log(e));

在当前应用下始终写不进Cookie

谷歌插件Fetch在不同页面之间Cookie携带情况详解同域情况下注入和<script> 是会自动携带Cookie的，当然这种情况插件基本用不到