I created a Firefox addon using the Greasemonkey script compiler at arantius.com/misc/greasemonkey/script-compiler. The addon receives data from my server and displays it on third-party sites. Now I want to restrict access only to authenticated users. What is the best way to do this?
Users have an account on my website (made with Drupal 7) that sets a session cookie when they log in. So I tried to get my addon to read the session cookie, send it to the backend, which then checks the login status.
But since the javascript of my addon runs on a third-party site, it does not allow access to my cookie. I get this error:
Error: < http://de.wikipedia.org > wurde die Erlaubnis fΓΌr das Lesen der Eigenschaft XPCComponents.classes verweigert.
(en: "Error: Wikipedia was not allowed to read XPCComponents.classes property")
Despite security concerns, I tried using unsafeWindow, but the code still doesn't work:
try {
unsafeWindow.netscape.security.PrivilegeManager
.enablePrivilege('UniversalXPConnect');
var cookieMgr = Components.classes["@mozilla.org/cookiemanager;1"]
.getService(Components.interfaces.nsICookieManager);
}
catch (errorInfo)
{
alert(errorInfo);
}
Now I know that cross-domain cookies should not be possible. But how can I get around this? How other add-ons perform authentication (for example, Delicious Bookmarks, StumbleUpon and many others).
Any tips or pointers would be greatly appreciated.
modoq source
share