无论如何可以从 Greasemonkey 脚本访问安全 cookie 吗?
我编写了使用该document.cookie.split函数的脚本。它返回一个 cookie 列表,但不包括安全 cookie。
问问题
3735 次
1 回答
5
I'm guessing you really mean cookies with the HttpOnly attribute set. (See, also, Wikipedia for HttpOnly cookie.)
In that case, you cannot access these cookies from Greasemonkey because they are forbidden to javascript, and because Greasemonkey does not provide an alternate mechanism to see them.
You can try making a feature request, but I'm not optimistic about its reception. (Try anyway.)
Firefox add-ons, can work with these cookies, so you can fork the Greasemonkey source yourself or write a helper add-on (example) to get to these cookies.
If you mean cookies with the Secure attribute (Cookies that must be sent only over HTTPS), then I believe you can access those from injected code in the target page scope, but I'm not set up to test this at the moment. (The target page must be loaded over HTTPS and on the exact same domain as the cookies you want.)
于 2014-01-31T01:20:14.010 回答