使用浏览器中保存的JavaScript和cookie获取网站的HTML代码

Question

I'm writing a Chrome Packaged App, that is supposed to interact with a website (that I do not own), and retrieve some HTML code from it. I'm using jQuery get() to retrieve the source code, but the problem is that the user is logged in that website and there is some info that isn't available unless you're logged in.

So I want the app to retrieve the page as it would be if the user would be logged in (in Chrome).

I know it isn't really that good of an idea to make a Chrome App that is dependent on the browser's cookies (the app should be able to run by itself), but I don't know of any other way I could do this, and even if I'd figure out how to log into the website through the app, users would think it was a phisher (the app will be closed source). So yeah, relying on the browser cookies.

Answer 1

As far as I know, and I'm pretty sure I would know, there's no way to send the cookies with an HTTP request from a Chrome App.

In the old days, prior to OAuth, it was typical for a user who wanted an app to access a web site to tell the app his/her login and password, through a setup page or the equivalent. Then the app would login.

This is much improved with OAuth, but the web site you're trying to access it may not support it. If it does, then that's the way to go. If not, you have no choice but to ask the user for his/her login credentials, and then to store those for reuse. Not in a cookie, as Chrome Apps can't access cookies, but in local storage. (There's a specific Chrome App API for local storage.) You probably should encrypt the password, and perhaps the login as well. Note that in this case it can't be a one-way hash, but rather a normal encrypt/decrypt.

(If you are using OAuth, use the Chrome App identity API, which makes OAUth2 very easy, and OAuth1 possible but far from easy.)