I am trying to test a website for a travel service. I need to set the origin cookie of the browser to "New York" to test it. It automatically recognizes the origin as "Washington" without the setup. I am testing it on Google Chrome.
The Server sets the cookie initially, maybe you can try to alter it:
https://developers.google.com/web/tools/chrome-devtools/storage/cookies
Or use a chrome plugin like 'edit this cookie' or something like that.
Otherwise you could try to send requests with postman, but that wouldn't use the Website... only the server.
Related
I have a web application and we are calling a third party to process some data. Once it's done, the third party will redirect back to my application (It's a post redirection). To keep the session, we are using cookies. After the google chrome update, where the default values for samesite=Lax, I've updated our cookies to pass as samesite=None; Secure to overcome this issue. Now after google chrome version 91, this implementation is not working and I'm getting a session expiry issue. Can somebody help to fix this issue for google chrome version 91 and after? I'm using java
The best that we have been able to come up with is a client side meta refresh. When the third party posts back to our application, we have a page filter that will send it to a "refreshMeta" page similar to https://www.w3.org/TR/WCAG20-TECHS/H76.html. This has to happen without calling .getSession() anywhere because that will cause a new session to be created. This causes the page to refresh in the browser and send all original cookies back to the server because its coming from the same domain and a new session wasnt created.
I will say this worked for a while but it looks like there was change in Tomcat that's preventing this approach from working like it did on earlier versions, which is why I'm back looking for another solution.
I need to fix a problem which appeared after Chrome v80 which introduced a default option for Cookies of: Block 3rd Party cookies in Incognito mode.
Use case:
site A (https://siteA.com)
site B (https://siteB.com)
Site A includes an iframe of Site B, which require logging in
Problem:
No session cookie is stored so session could not be started.
FYI, This work fine in default mode of Chrome.
A cookie setting of: SameSite=None is set on Site B.
It’s been a while since I did something like this but basically the solution is to read the cookie on site A, wait for site B to load in the iframe, and then use the PostMessage API to pass the cookie value to site B and set the Cooke there.
You may run into some issue with JS being blocked from reading a cookie and then passing it, but this can be got around by using async functions.
Alternatively proxy Site B, on Site A.
I'm seeing rather confusing behaviour in Chrome. Cookies that I set via a cross-origin AJAX request don't show up in the browser's dev tools inspector. I'm sure they're being set but there's no way of viewing them locally.
I want to use Chrome devtools to view cookies that have been set by my API
My front end is a SPA and hosted on a different server to my (Rails) API. When testing locally, they're merely different ports: one is on locahost:3000 and the other is on localhost:4200. So that I can use cookies with API requests, I've set my serverside CORS policy to allow for withcredentials. On the client, I have set my (Angular) cross-origin requests to have the header withCredentials=true.
I've verified that the server is actually sending the cookie to the browser
When I make a request to the server, the server sets the cookie and I can see it in the response headers:
...but it doesn't shows up in Chrome devtools (or Safari)
I know it's set successfully becuase it shows up in subsequent requests
I would have assumed that the cookie had simply failed to be set but when I inspect the next request to the API I can see the cookie both in the request payload in Chrome:
And it also shows up on the (Rails) server in the request.cookies
pry> request.cookies
=> {
"my_cookie"=>"its value"}
Why can't I inspect this cookie in Chrome?
And is there a way to get around it - either in Chrome or in a different inspector? I just want a way to view and verify these cookies.
Cookies are set on the browser by the client application, from your screenshots, you are inspecting the server on port 4200 instead of your client application running on port 3000
This should show up as a seperate "Cookies" tab when you inspect the XHR request. It's easy to miss because the tab only shows when withCredentials is set to true.
I need to use Postman to test an administative area with a PHP-based session login. How can I manually login with Postman so that the session cookie is created?
Copy and pasting the session cookie is ok too, but I cannof find where to paste it!
This looks like it, but I have no Cookies link next to Send (Chrome Extension)
For the Postman Chrome extension you have to use the Postman Interceptor to manage cookies.
If you use the native apps for your operating system, you can manage cookies directly from the app. Using the native app is the recommended approach.
I want our app to show the online help page (so it's always up to date) or even a local page. However, it's likely to be blocked by the Firewall (Zone Alarm).
BTW, I tested this with Zone Alarm. It blocked access to a local .html file as well as to an .asp file on the internet. (I.e., tried to display a page in Internet Explorer and got the Zone Alarm dialog asking if I wanted to give permission to display
Is there a way around this?
Perhaps displaying the web page in the Web Browser Control?
It's actually very unlikely that web traffic is blocked at the firewall (unless you mean the file type is blocked?). What you may need to do in such a setting, however, is use the same proxy that IE uses, because direct traffic may be blocked.
The simplest way to do that is to use a high level windows API or IE itself, and HTTP download the latest helpfile if there is a new one - these mechanisms should know about any proxy.
Of course, your users may not be using IE, even if most are. So you might need to allow the user to specify the proxy, or be able to auto configure the proxy in the same way that the browser does it.
edit: I see you mean zonealarm is part of the problem. yes, that is tricky as you will have to either get your application 'blessed' centrally by whoever manages zonealarm in the customer organisation, or (if there is no central management) then the user will have to allow the app to communicate. Perhaps you should bite the bullet and have the online help simply be a website, and spawn the preferred browser via 'executing' the URL as suggested in another answer.
If the web browser isn't blocked the firewall then they probably open port 8080 for any app and thus your app shouldn't be blocked.
If the firewall only allowed port 8080 to IE; you would have to punch a hole in the firewall to use a new browser like firefox or chrome.
To open a web page using the user's preferred browser (with appropriate proxy and authentication settings), use something like ShellExecute with the URL of the document to load. Something like this would do it (where page is the URL to load):
HINSTANCE r = ShellExecute(NULL, "open", page, NULL, NULL, SW_SHOWNORMAL);