feat: add httpOnly cookies.get filter (#37365)

feat: add httpOnly cookies filter Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Black-Hole1 <158blackhole@gmail.com>
2026-04-10 03:01:51 -04:00 · 2023-02-27 10:02:19 +01:00
parent 886a5032cf
commit 9be3acd24c
3 changed files with 37 additions and 0 deletions
--- a/docs/api/cookies.md
+++ b/docs/api/cookies.md
@@ -78,6 +78,7 @@ The following methods are available on instances of `Cookies`:
  * `path` string (optional) - Retrieves cookies whose path matches `path`.
  * `secure` boolean (optional) - Filters cookies by their Secure property.
  * `session` boolean (optional) - Filters out session or persistent cookies.
+  * `httpOnly` boolean (optional) - Filters cookies by httpOnly.

 Returns `Promise<Cookie[]>` - A promise which resolves an array of cookie objects.

--- a/shell/browser/api/electron_api_cookies.cc
+++ b/shell/browser/api/electron_api_cookies.cc
@@ -133,6 +133,9 @@ bool MatchesCookie(const base::Value::Dict& filter,
  absl::optional<bool> session_filter = filter.FindBool("session");
  if (session_filter && *session_filter == cookie.IsPersistent())
    return false;
+  absl::optional<bool> httpOnly_filter = filter.FindBool("httpOnly");
+  if (httpOnly_filter && *httpOnly_filter != cookie.IsHttpOnly())
+    return false;
  return true;
 }

--- a/spec/api-net-spec.ts
+++ b/spec/api-net-spec.ts
@@ -878,6 +878,39 @@ describe('net module', () => {
      expect(cookies[0].name).to.equal('cookie2');
    });

+    it('should be able correctly filter out cookies that are httpOnly', async () => {
+      const sess = session.fromPartition(`cookie-tests-${Math.random()}`);
+
+      await Promise.all([
+        sess.cookies.set({
+          url: 'https://electronjs.org',
+          domain: 'electronjs.org',
+          name: 'cookie1',
+          value: '1',
+          httpOnly: true
+        }),
+        sess.cookies.set({
+          url: 'https://electronjs.org',
+          domain: 'electronjs.org',
+          name: 'cookie2',
+          value: '2',
+          httpOnly: false
+        })
+      ]);
+
+      const httpOnlyCookies = await sess.cookies.get({
+        httpOnly: true
+      });
+      expect(httpOnlyCookies).to.have.lengthOf(1);
+      expect(httpOnlyCookies[0].name).to.equal('cookie1');
+
+      const cookies = await sess.cookies.get({
+        httpOnly: false
+      });
+      expect(cookies).to.have.lengthOf(1);
+      expect(cookies[0].name).to.equal('cookie2');
+    });
+
    describe('when {"credentials":"omit"}', () => {
      it('should not send cookies');
      it('should not store cookies');