Javascript, Chrome Extension: Overriding Cookie Getter And Setter

EDIT: After being recommended to work with headers, I asked a similar question here. I'm trying to develop a Chrome extension that analyzes cookies being set/retrieved by websites

Solution 1:

I think you're trying hard to reinvent the wheel here. Quoting the docs:

Use the chrome.cookies API to query and modify cookies, and to be notified when they change.

I get it that sometimes you want to prevent it in the first place, and let's take a look at that as well, but you've got to understand how cookies work. There are 2 kinds of cookie set operations:

1. By the client, by document.cookie manipulation. Then your approach may help, but to ensure that the cookie is intercepted you cannot rely on programmatic injection, it is indeed too slow. You need to declare it in the manifest with a proper run_at parameter:

   "content_scripts":[{"matches":["<all_urls>"],"js":["cookiescript.js"],"run_at":"document_start"}]

   This will ensure your code executes before anything else on the page (before there is even anything in the DOM).

2. By the server as part of the HTTP response. It may even be HTTP-Only cookie that's not exposed to document.cookie.

   You can intercept that as well, but you need to use webRequest for that, specifically a blocking response to onHeadersReceived can examine and modify headers that set cookies, and a blocking response to onBeforeSendHeaders can modify cookies reported to the server.