For your convenience we've unified the options for jetta.cookieLib and methods for jetta.cookieManager instances.
Some options are not applicable in all situations, but does not hurt if used.
Defaults can be found in jetta.defaults.cookie.
allowExpiredSetCookieBOOLEAN - iftrue, functions that parse and add cookies from Set-Cookie headers will not throw ifExpiresorMax-Agesignifies that something has expiredfromHttpApiBOOLEAN - should befalseif from "non-HTTP API" according to RFC 6265.- Here are some examples from RFC 6265 as to what this means:
- A web browser API that exposes cookies to scripts
- HTML's
document.cookieAPI
- Here are some examples from RFC 6265 as to what this means:
isSecureEnvBOOLEAN - if the request is made in a secure environment, such as HTTPSisTopLevelBrowsingContextBOOLEAN - means 'the address bar's URL would changes for this request'.falsefor iframes, images, XMLHttpRequests, and the like.- See Determining
isTopLevelBrowsingContext,requestURL, andtopLevelURLsection and section 7.1 - Browsing contexts in the HTML spec
preferredErrorLanguageSTRING - as an ISO 639-1 code- See
jetta.JettaErrorfor details
- See
publicSuffixinstanceofjetta.PublicSuffix|null- ajetta.PublicSuffixinstance used to check if a cookie's domain is a public suffix- If
nullor not given, public suffixes will not be checked (always provided when called viajetta.CookieManagerinstance)
- If
requestMethodSTRING - the request's HTTP method (i.e. 'GET', 'POST', etc.)requestURLSTRING - the URL where cookies are sent or received- This is not always the
topLevelURL. See DeterminingisTopLevelBrowsingContext,requestURL, andtopLevelURL
- This is not always the
thirdPartyCookiesAllowedBOOLEAN - whentopLevelURLoption is used, allow third-party cookies- A third-party cookie is when the cookie's domain does not match the hostname of the
topLevelURL
- A third-party cookie is when the cookie's domain does not match the hostname of the
topLevelURLSTRING - thetopLevelURLof the context
Say you are visiting example.com and example.com has an iframe for some-other-example.com. In this case: requestURL is 'some-other-example.com', topLevelURL is 'example.com', and isTopLevelBrowsingContext is false.
Notice that isTopLevelBrowsingContext is not inferred (for security reasons) via checking if requestURL is in topLevelURL on the domain level. Here is an example for how this is not always true:
- You request 'example.com'
- 'example.com' has an iframe 'some-other-example.com'
- 'some-other-example.com' pulls images from 'example.com'