I hit a small problem tonight, I wanted to make it possible for a GreaseMonkey Javascript running on one domain, to publish data to another site using GM_xmlHttpRequest.
The problem was cookies. In order to recognise the person posting, the site requires cookies, and that’s just something XHR can’t manage outright by itself. So, I devised a better strategy.
Using GM_setValue, I checked the location in the script to ensure it matches where I want the Cookies to be stored from, and set the value of MyCookie to document.cookie.
Then, when it comes time for a request to be sent, in the XHR, I add a header: Cookie: GM_getValue(“MyCookie”). This fetches the cookie from the script settings, and sets it as the cookie for the request.
Then, it was just a simple task of encoding my data, and sending the request.
This is of course a friendly reminder to ensure you only install scripts you trust, else you might find someone catching your cookie data and using it for undesired purposes.
One Response to GreaseMonkey and Cross Domain Cookies