GM_Cookie

[qsniyg]

Implementation of Tampermonkey/tampermonkey#465 and greasemonkey/greasemonkey#1802 . This would be very useful for my userscript, as it requires a few API calls that need cookies from the websites to access otherwise private user data (original images for Flickr etc.). document.cookie does not contain server-side cookies, which are needed for this unfortunately.

[tophf]

GM_Cookie is not supported by other userscript managers (TM only has it in beta) so we won't implement it either. Violentmonkey now exposes protected HTTP headers to GM_xmlHttpRequest event handlers so it should be possible to read all of the cookies from Set-Cookie header inside response.responseHeaders multi-line string.

We will implement it once it's out of beta in Tampermonkey and actually works in its stable release.

[qsniyg]

Would it be possible to reconsider this feature? There are so many cases now where I've been unable to support websites because of lack of GM_Cookie support in VM (e.g. due to CSRF protection, requiring a header to match a cookie). Set-Cookie is only helpful if the web server returns it consistently, which unfortunately is rarely the case. If I were to try to force it to return the Set-Cookie header by removing a field from the Cookie header, it will overwrite the user's cookies, resulting in the user possibly being logged out. Yes it's annoying and (imo) stupid on the part of the server, but unfortunately there's no way I can see to go around this limitation.

I should also add that even when document.cookie does contain the required cookie (which is rare, as it somewhat defeats the purpose), it only works when you're on the page itself, which means that API calls are out of the question (e.g. browsing a photo hosted on a website that requires an API call, from a different website)

[tophf]

No. I've just debugged Tampermonkey stable and it does not actually implement GM_cookie. All it has is a dummy function that always returns an undefined result and not supported in the second parameter (this is the error). Try asking the userscript author to use a dummy polyfill so that their script will be able to run in more engines even if it's not in fully functional mode.

We will implement it once it's out of beta in Tampermonkey and actually works in its stable release.

[JenieX]

I'm thinking of creating an npm package, something similar to this instagram-stories.

Similar packages and scrappers usually require credentials (cookies). Most user scripts developers would go through the trouble of creating a tutorial on how to extract the required credentials, see this developer. That is why I think it would be a good idea for me to create a user script that exports the required credentials to a file that later can be used with my npm package.

[KaKi87]

Hello @tophf & @gera2ld, I encountered an issue that only this API can solve, please consider implementing it.

I reported this at 3 different places, choose where to read it from :

• GM_cookie - HttpOnly Cookie Tampermonkey/tampermonkey#465 (comment)
• https://reddit.com/r/userscripts/comments/12l5af9/weird_cookie_behavior/
• https://discord.com/channels/995346102003965952/1094107789980348488/1094107789980348488

Thanks