PSA: chrome.cookies API no longer allows URLs with leading dots

[Lily Chen]

Hi developers,

The chrome.cookies.set method no longer accepts URLs with a leading dot, such as "https://.mydomain.com" as of Chrome 77. Attempting to set a cookie with such a URL will lead to an error and failure to set the cookie.

It seems that some extensions were using URLs with a leading dot as a way to set a domain cookie (i.e. a cookie that would be sent on requests to subdomains).

The proper way to set a domain cookie is to use the "domain" attribute, e.g. to set a cookie for all subdomains of mydomain.com, use a "domain" attribute of "mydomain.com" (no leading dot required).

Thanks!