Cookies in Service Worker

[Evan Carothers]

Hi folks -- I have a scenario where I need to use some cookies for a fetch request in the service worker. The cookies are set already and accessible/usable in tabs/extension pages, but not the service worker and I got it working but it's VERY wonky so wanted to see if anybody else had experience with this.

With proper host permissions + cookie permission I can read them from the chrome.cookies API in the service worker, but the cookies are *NOT* present and included in the fetch call by default. I was able to make things work by reading the cookies I need via chrome.cookies.get then just setting them again (in the service worker) but using chrome.cookies.set, and then they DO get passed on the fetch request.

The confusing thing is that in the dev tools in the SW, it still shows NO cookies set at all, and if I check the local cookieStore.getAll() in the SW, it's still completely empty. I have no idea why this is behaving like this or how it SHOULD be behaving, and I can find no documentation to determine if this is a feasible strategy, or a security hole that will get fixed in the future? 

[Evan Carothers]

Upon further testing it seems that I don't actually have to get/set the cookies -- but rather if I have proper HOST permissions for the site I'm calling with fetch, then the cookies from the main browser are indeed included in the request -- they just aren't shown anywhere in dev tools in the Service Worker, nor is this behavior documented anywhere I can find.