I am developing a web app which consists of a Chrome extension for google meet as well as a web dashboard. I have setup google oauth2 for authentication and I am using cookies to track user session. A user is considered logged in if they send a cookie along with their request.
For development purpose I am running the frontend on localhost port 3000 and backend on port 8080. Once the user is logged in, whenever they want to make requests to the backend from the chrome extension they need to send their localhost’s cookie to prove to the server that they are indeed logged in. But in order to access localhost’s cookie from google meet I need to set SameSite attribute of the cookie to None. I understand that for security reasons SameSite=None requires Secure=true, but since my server is running on localhost, I cannot set Secure=true.
Is there a way to access cookies from localhost in my Chrome extension?
PS: I have tried starting Chrome with the –disable-web-security flag to disable the same-origin policy, but it is no longer supported in the latest versions of Chrome.