"Uncaught (in promise) Error: Permission denied to set cookie" When using chrome.cookies.set inside of extension with manifest v3

robiot · December 24, 2023, 12:46pm

I am making a simple extension with react. But when running chrome.cookies.set, I get the following error:

{"domain":null,"expirationDate":2019035453.082,"firstPartyDomain":null,"httpOnly":null,"name":"token","partitionKey":null,"path":"/","sameSite":"no_restriction","secure":null,"storeId":null,"url":"http://localhost:3000","value":"test"}

My manifest.json includes all nessicary permissions according to the docs, so it’s strange that it isnt working. Everything works in chromium based browsers, not in firefox!.

{
  "manifest_version": 3,
  "name": "ext",
  "description": "description",
  "permissions": [
    "tabs",
    "cookies"
  ],
  "action": {
    "default_popup": "src/core/popup/index.html",
    "default_icon": "icon-34.png"
  },
  "icons": {
    "128": "icon-128.png"
  },
  "content_scripts": [],
  "web_accessible_resources": [
    {
      "resources": [
        "assets/js/*.js",
        "assets/css/*.css",
        "icon-128.png",
        "icon-34.png"
      ],
      "matches": [
        "*://*/*"
      ]
    }
  ],
  "browser_specific_settings": {
    "gecko": {
      "id": "addon@domain.com"
    }
  },
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "version": "1.0.0",
  "host_permissions": [
    "<all_urls>"
  ]
}

This is the react code that throws the error:

export const TestComponent = () => {
  useEffect(() => {
    (async () => {
      await chrome.cookies.set({
        url: "http://localhost:3000", // does not work with ex. https://example.com either
        name: "token",
        value: "thetoken",
        path: "/",
      });
    })();
  }, []);

  return <></>;
}

I also want to note that chrome.cookies.get doesn’t work either, but it doesn’t even throw an error, just returns null

juraj.masiar · December 24, 2023, 10:49pm

Did you granted the host permissions?
This may be yet again one of those many cases reported here where the permissions for hosts are not granted on install time in MV3.

I think you can manually grant it in the about:addons page (click your addon and then switch to Permissions tab). Or use permissions.request to ask for host permissions.

Migrating to MV2 for the Firefox version is also a good option!

robiot · December 24, 2023, 10:46pm

That’s interesting. Seems like I wasted 5 hours during Christmas for nothing .
Well, weird that chromium doesn’t require asking for the permissions while Firefox does, didn’t know about that until now.
Thanks for your help!

robiot · December 24, 2023, 10:49pm

It feels like it would be a great approach if you could verify that you own the domain somehow and then allow changing cookies without explicit permissions, hence the extra step that adds complexity for users.

robiot · January 4, 2024, 12:57pm

I tried changing to v2, and it seems like it recognizes the permission as required now. But when using chrome.cookies.get() it returns an empty array, even though the website has cookies.

Actually, seems like I might be able to get this to work. MV3 is very weird in firefox.