Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Privacy, Add-ons, and Cookie-less HTTP Requests

Guest BSchwarz

By Guest BSchwarz
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest BSchwarz

Guest BSchwarz

Posted
Posted

A recent article incorrectly suggested that Internet Explorer add-ons must send and store cookies when making HTTP requests. That&rsquos simply not true-- Internet Explorer APIs enable add-ons to respect the user&rsquos privacy and not leak information. Existing APIs are available to add-ons running in any version of IE to accomplish the task described in the article.

 

 

 

An add-on using WinINET to issue HTTP requests can suppress default cookie behavior by passing the flag INTERNET_FLAG_NO_COOKIES, which will suppress automatic sending and storage of cookies.

 

 

 

 

 

 

0x00080000

 

 

 

Does not automatically add cookie headers to requests, and does not automatically add returned cookies to the cookie database.

 

 

 

 

 

 

If the add-on is making HTTP requests using URLMon, it can pass BINDF2_DISABLEAUTOCOOKIEHANDLING in the bind flags.

 

 

 

 

 

 

Do not automatically add cookie headers to requests, and do not automatically add returned cookies to the cookie database. Setting this flag adds the Microsoft Win32 Internet (WinInet) flag INTERNET_FLAG_NO_COOKIES on the current moniker binding. You can still set cookies manually on the request, and read them from the response.

 

 

 

 

 

 

If the add-on wants to use a higher-level construct and the server supports Access-Control, IE8 offers the XDomainRequest object which suppresses cookies and authentication automatically.

 

 

 

If the add-on is hosting a Web Browser Control, it can implement an IInternetSecurityManager and/or the WinINET Privacy functions for fine-grained control over cookie behavior. Alternatively, the add-on could choose to make its HTTP requests using WinHTTP (which doesn&rsquot support automatic handling of cookies at all).

 

 

 

Beyond the existing APIs to control whether or not cookies are sent along with HTTP requests, Internet Explorer 8 exposes new Privacy APIs to allow add-ons to support Delete Browsing History and become InPrivate Browsing-aware.

 

 

 

Thanks for your help in respecting users&rsquo privacy!

 

 

 

Eric Lawrence

 

Program Manager

 

 

 

 

 

55aee254bfd9e2eedd499436f9dc26d4._.gif.9c2c5c22ba5a089df1c6c9c9f4da09ef.gif

 

 

 

Read the Full Story

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...