From MozillaWiki
Jump to: navigation, search


Plugins should be given ability to set and access HTTPonly cookies in the browser.

This is important for plugins that do not rely on browser services and directly download network resources. Plugins should be able to use the same information to form HTTP request as browser does. However, currently there is no way to access HTTPonly cookies via NPAPI in plugins.

All common browsers support HTTPonly cookies. A common use case for HTTPonly cookies is for authentication. Without access to HTTPonly cookies via NPAPI - plugin experience is not on par as compared to IE. For example, once your authenticated into a web page in browser, and loads the plugin which then make it's own HTTP connection - if there is no access to the HTTPonly cookie, and the user will need to authenticate again.

To improve plugins experience - NPAPI should provide ability to access HTTPonly cookies.

Note: Internet Explorer (IE) provides access to HTTPonly cookies in plugins (See Microsoft API: InternetSetCookieEx and InternetGetCookieEx) . NPAPI-plugins should be on par.


Add a new value to enable access to HTTPonly cookies in NPNURLVariable, for use in current NPAPI: NPN_GetValueForURL and NPN_SetValueForURL.

NPNURLVHttpOnlyCookie: For access to all cookies, including HTTPonly cookies.

The change should be backward compatible for existing uses of the same API. If plugin will pass this value to browser that does not support it then method will return error as for any other "unknown" value.


typedef enum {
  NPNURLVCookie = 501,
} NPNURLVariable;

NPError NPN_GetValueForURL(NPP instance,
                           NPNURLVariable variable,
                           const char *url,
                           char **value,
                           uint32_t *len);

NPError NPN_SetValueForURL(NPP instance,
                           NPNURLVariable variable,
                           const char *url,
                           const char *value,
                           uint32_t len);