security: track cookie-imported domains and scope cookie imports#615
Open
halbert04 wants to merge 1 commit intogarrytan:mainfrom
Open
security: track cookie-imported domains and scope cookie imports#615halbert04 wants to merge 1 commit intogarrytan:mainfrom
halbert04 wants to merge 1 commit intogarrytan:mainfrom
Conversation
- Add cookie origin tracking to BrowserManager (trackCookieImportDomains, getCookieImportedDomains, hasCookieImports). Every cookie import path now records which domains were imported. - cookie-import-browser direct mode already required --domain; this adds --all as the explicit opt-in for importing all cookies. Without either flag, the interactive picker UI opens instead. - cookie-import (JSON file) now tracks imported domains on BrowserManager. - The --all flag works but emits a warning recommending --domain for tighter scoping. This is the foundation for origin-pinned JS execution (separate PR) — the BrowserManager now knows which domains have imported cookies, so downstream commands can restrict operations to those origins. Made-with: Cursor
This was referenced Mar 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BrowserManager— every cookie import path now records which domains were importedcookie-import-browserdirect CLI mode now requires either--domain <domain>(scoped) or--all(explicit opt-in) for non-interactive usecookie-import(JSON file) path also tracks imported domains--allflag works but emits a warning recommending--domainfor tighter scopingWhy this matters
When cookies are imported without domain scoping, the headless browser gets access to every authenticated session in the user's real browser — Gmail, GitHub, banking, corporate SSO. A prompt injection via web page content could instruct the agent to navigate to a sensitive domain and exfiltrate data.
By tracking which domains had cookies imported, downstream commands can restrict operations to those origins. This PR is the foundation for origin-pinned JS execution (separate PR) — the
BrowserManagernow knows which domains have imported cookies.Changes
browse/src/browser-manager.tscookieImportedDomainsset +trackCookieImportDomains(),getCookieImportedDomains(),hasCookieImports()methodsbrowse/src/write-commands.tscookie-import-browser: added--allflag with warning, domain tracking on import.cookie-import: added domain trackingBackward compatibility
cookie-import-browser chrome --domain .example.com— works as before, now also trackedcookie-import-browser chrome(no flags) — opens picker UI as before (unchanged)cookie-import-browser chrome --all— new explicit opt-in for all cookiescookie-import cookies.json— works as before, now also trackedNo breaking changes. The
--allflag is additive.Test plan
cookie-import-browser chrome --domain .github.comimports only github cookies and tracks the domaincookie-import-browser chrome --allimports all cookies with a warningcookie-import-browser chrome(no flags) opens the picker UI as beforecookie-import cookies.jsontracks domains from the JSON filebm.hasCookieImports()returns true after any import, false beforeMade with Cursor