Skip to content

Instantly share code, notes, and snippets.

@ericlaw1979

ericlaw1979/ShowSameSiteCookieInfo.js

Last active October 1, 2019 04:21
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ericlaw1979/8a1a2aa3f38a7ca0e12b7c022fbe8182 to your computer and use it in GitHub Desktop.
Save ericlaw1979/8a1a2aa3f38a7ca0e12b7c022fbe8182 to your computer and use it in GitHub Desktop.
Download ZIP
FiddlerScript function adds a SSCookie column to show the SameSite attribute for Set-Cookie response headers
Raw
ShowSameSiteCookieInfo.js
public static BindUIColumn("SSCookie", 60, 5)
function FillSSCookieInfoColumn(oS: Session): String {
if (oS.state < SessionStates.ReadingResponse) return "";
if (!oS.ResponseHeaders.Exists("Set-Cookie")) return "";
var sbVals = new System.Text.StringBuilder();
for (var i=0; i<oS.ResponseHeaders.Count(); i++){
var thisHeader = oS.ResponseHeaders[i];
if (!StringExtensions.OICEquals(thisHeader.Name, "Set-Cookie")) continue;
if (!StringExtensions.OICContains(thisHeader.Value, "samesite")) { sbVals.Append("+ "); continue; }
var thisOne = Utilities.TrimBefore(thisHeader.Value.ToLower(), "samesite");
thisOne = Utilities.TrimAfter(Utilities.TrimAfter(thisOne, ";"), " ");
if (StringExtensions.OICContains(thisOne, "none") &&
(!oS.isHTTPS ||
!StringExtensions.OICContains(thisHeader.Value, "secure")) ){
// SameSite=none cookies will be disallowed if not marked Secure
sbVals.Append("!!!!");
}
sbVals.Append(thisOne + " ");
}
return sbVals.ToString();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment