browser.cookies.getAll does not work if site is in "Trusted Sites" security zone

Issue #13139289 • Unassigned

Details

Author
Dominik H.
Created
Aug 8, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
40.15063
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

browser.cookies.getAll does not work if site is in the “Trusted Sites” security zone in the internet options.
If the site from which the cookies should be retrieved is IN the “Trusted Sites” security zone, always an empty array is passed to the callback function, regardless of the security level settings inside the zone.
In “Advanced Privacy Settings” all cookies are accepted.

I have tried the following (in a background script of the extension):

browser.cookies.getAll({}, function(allcookies) {
console.log(allcookies);
});

browser.cookies.getAll({url:"<web site url>"}, function(allcookies) {
console.log(allcookies);
});

browser.cookies.getAll({url:"<web site url>", storeId:"0"}, function(allcookies) {
console.log(allcookies);
});


What also does not work:

browser.cookies.getAllCookieStores does not list the affected tabs in the tabIds property, so there is no possibility to correctly assign the cookie store with the open tabs.
(If I have only opened the affected site in one tab, the array contains one store with id "0" and an empty tabIds array; If other sites (not in the “Trusted Sites” zone) are open too, these sites are listed in tabIds, but the site in the “Trusted Sites” zone is omitted).

If the site is NOT in the “Trusted Sites” zone (and not matched in any other security zone, I have not verified if the problem also occurs with other security zones), all works as expected (all cookies are delivered, and all tabs are listed in the cookie stores array).


Extension manifest permissions:

"permissions": [
"tabs",
"cookies",
"nativeMessaging",
"<all_urls>"
]


Does anybody know a workaround (besides removing the site from the “Trusted Sites” zone, which is not applicable in our case) for this?

Regards,
Dominik Hölzl

Attachments

0 attachments

    Comments and activity

    Nothing to see here! No one has commented on this issue yet.

    You need to sign in to your Microsoft account to add a comment.

    Sign in