Skip to content

Instantly share code, notes, and snippets.

Last active October 1, 2019 04:21
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
FiddlerScript function adds a SSCookie column to show the SameSite attribute for Set-Cookie response headers
public static BindUIColumn("SSCookie", 60, 5)
function FillSSCookieInfoColumn(oS: Session): String {
if (oS.state < SessionStates.ReadingResponse) return "";
if (!oS.ResponseHeaders.Exists("Set-Cookie")) return "";
var sbVals = new System.Text.StringBuilder();
for (var i=0; i<oS.ResponseHeaders.Count(); i++){
var thisHeader = oS.ResponseHeaders[i];
if (!StringExtensions.OICEquals(thisHeader.Name, "Set-Cookie")) continue;
if (!StringExtensions.OICContains(thisHeader.Value, "samesite")) { sbVals.Append("+ "); continue; }
var thisOne = Utilities.TrimBefore(thisHeader.Value.ToLower(), "samesite");
thisOne = Utilities.TrimAfter(Utilities.TrimAfter(thisOne, ";"), " ");
if (StringExtensions.OICContains(thisOne, "none") &&
(!oS.isHTTPS ||
!StringExtensions.OICContains(thisHeader.Value, "secure")) ){
// SameSite=none cookies will be disallowed if not marked Secure
sbVals.Append(thisOne + " ");
return sbVals.ToString();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment