add domain to add item #103
Conversation
Would in any scenario the most recent not be the one you would want? |
src/handler/operation/cookie.js
Outdated
| function tabToStringDomain(tab) { | ||
| const url = new URL(tab.url); | ||
| function tabToStringDomain(inputUrl) { | ||
| const url = new URL(inputUrl.startsWith("http") ? inputUrl : `http://${inputUrl}`); |
There was a problem hiding this comment.
just a suggestion of setting a const "http://" and use it twice here, allowing some (although minor) reuse. Would assume no issue when https is used
There was a problem hiding this comment.
In this case, we are just concatenating HTTP to form a valid URL in order to validate it with the URL class, so no hard in just doing HTTP.
It makes sense, I will add it as a constant.
| function isDomainMatch(itemDomain, cookieDomain) { | ||
| return itemDomain === cookieDomain || "." + itemDomain === cookieDomain; | ||
| } |
There was a problem hiding this comment.
possible misconception from my side, but is the next viable?
| function isDomainMatch(itemDomain, cookieDomain) { | |
| return itemDomain === cookieDomain || "." + itemDomain === cookieDomain; | |
| } | |
| function isDomainMatch(itemDomain, cookieDomain) { | |
| return itemDomain === cookieDomain.substring(1); | |
| } |
There was a problem hiding this comment.
From my experience, we still need to validate the .domain.comand domain.com since I've seen both cases. Although it seems that the extra dot is not necessary.
But using the substring seems a neater approach. Thank you for the suggestion 👍🏻
There was a problem hiding this comment.
From my understanding of your PR, once we set a custom value for a cookie item (without a defined domain), we assume the cookie domain is the same as the current tab.
If so, we should also do something in the apply function to our store. From what I can see, in the setter functions for our store we are just updating the value and not applying the domain.
Although you are doing a domain validation in getCookie, we don't see/have this information in our badges since it's not stored in our storeItems list.
I don't know if this was intentional (not having this information attached to the cookieItem when we assume the domain) but we can discuss it offline 🐶
src/view/items.js
Outdated
| } | ||
|
|
||
| if (domain) { | ||
| const domainLabel = newLabelWithBadge({ label: "Domain", value: domain || "" }); |
There was a problem hiding this comment.
Maybe not for this MVP, but we have to consider, in terms of design, big values here. Having 2 or 3 badges with medium values might break the badge text since we are fixing our extension max width.
Not sure if an ellipsis would be the best UX but let's discuss this offline.
src/view/items.js
Outdated
| } | ||
|
|
||
| if (domain) { | ||
| const domainLabel = newLabelWithBadge({ label: "Domain", value: domain || "" }); |
There was a problem hiding this comment.
Probably my fault here from a previous PR (subkey) but we should remove this:
| const domainLabel = newLabelWithBadge({ label: "Domain", value: domain || "" }); | |
| const domainLabel = newLabelWithBadge({ label: "Domain", value: domain}); |
We are already checking if the value exists to render the badge.
There was a problem hiding this comment.
Please also update subkey above.
There was a problem hiding this comment.
My bad on copy and past. Nice catch 👍
| } | ||
|
|
||
| function itemFooter({ id, key, subKey }) { | ||
| function itemFooter({ id, domain, key, subKey }) { |
There was a problem hiding this comment.
Side note: Following our design review about the badge & big values issue, we should review this component itemFooter. It's getting bigger and messy with new features.
There was a problem hiding this comment.
I understand your concern. Create a new issue where we can properly address it: #104
| async function saveCookieValue(tab, key, subKey = "", domain, value) { | ||
| try { | ||
| return await chromeSaveCookieValue(tab, key, subKey, value); | ||
| return await chromeSaveCookieValue(tab, key, subKey, domain, value); |
There was a problem hiding this comment.
This chromeSaveCookieValue function is getting crowded in terms of args, so probably it would be easier to use having it grouped some of these by their context - tab, {context of cookie}:
| return await chromeSaveCookieValue(tab, key, subKey, domain, value); | |
| return await chromeSaveCookieValue(tab, {key, subKey, domain, value}); |
WDYT?
There was a problem hiding this comment.
At this point, I'm strongly inclined to include typescript in the project.
Making this kind of changes is starting to get a bit scary 😅
I'm a bit resistant to make this change in this PR because by changing this, I feel like we would need to change local and session storage as well, which are out of scope for this PR.
What do you reckon if we move this change to a different issue?
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Yes, on the initial implementation of the cookie flow, we were just looking at cookies from top level domain of the current tab.
Assuming that we are not working with cookies outside of the top level domain, the cookie will be applied to the current domain. This means, whatever you are on localhost or, domain.com you are still able to use the same entry for both situations.
This is something that I'm really struggling with. I'm not going to bite the bullet, I'm changing the implementation to list all cookies and pick the one that is correct instead of relying on chrome cookies API. Furthermore, contrary to my beliefs that domains always started with |
|
Due to a lack of direction on this topic, I'm removing the input field. |
|
Add domain field when creating a new cookie item.
Important
GET
If there are multiples match to a key, it will select based on the order that the browser sent it.
This is not a new behavior, but would be interesting to figure out how is the order affected.
SET
What this is actually saying is even if we request a cookie for a subdomain (subdomain.domain.com) if there are collisions with a same name cookie in the domain (domain.com) it will pick the most recent.
I'm unsure if we should retrieve all the cookies and select the correct subdomain cookie, or if this is a non issue.
Should we dig deeper?
screenshots
create page
view page