Get a cookie that was not set by dash

dash_noob · March 10, 2021, 5:10pm

Hi,

I found out how to set a cookie and how to read it afterwards but is it also possible to get/read a cookie that was not set by dash?

My goal is to find out if a specific web page (that embeds my dash app) is calling my apps url or if some other client is calling it to ensure that only this specific page can access my dash app. If there is an easier/better way to ensure that I am open for any suggestions

Thanks!

jnguyen0220 · March 13, 2021, 9:32pm

Take a look at this code file.

github.com

jnguyen0220/dash-starter-kit/blob/main/router.py

import dash_core_components as dcc
import dash_html_components as html
from dash.dependencies import Input, Output
import dash_bootstrap_components as dbc
from flask import request
from app import app, ROUTER_STORE, USER_ID
from service.util import get_user_id
from view import unknown_view, people_list

_CONTEND_ID = 'page_content'
_ROUTER_ID = 'url'

@app.callback([
    Output(_CONTEND_ID, 'children'),
    Output(ROUTER_STORE, 'data'),
    Output(USER_ID, 'data')
],
    Input(_ROUTER_ID, "pathname")
)
def url_manager(url):

This file has been truncated. show original

Request object is only available in the callback. Look in the util.py for parsing the cookie.

dash_noob · March 15, 2021, 11:54am

Hi jnguyen,

thanks for your reply! I am not sure if I am doing this correct but when I try to read the cookies with the following function from your util.py:

def get_user_id(cookies):
    _cookies = dict(cookies)
    print('_cookies: ' + str(_cookies))
    # the id of your cookie
    user_cookie = _cookies.get('_name_of_your_cookie')
    print('user_cookie: ' + str(user_cookie))
    current_user = decodeBase64_message(user_cookie) if user_cookie else None
    return current_user.get('User') if current_user else 'test'

I only get an empty dict as output:

_cookies: {}
user_cookie: None
USER-ID: TEST
ImmutableMultiDict()

When I use the Chrome Web Tools to see all cookies I can see this when I select the page that embeds my dash app in an HTML container (green box):

But when I select my dash app page (red box) I cannot see any cookies here.

How can I access or at least detect if there is a specific cookie in the “superior” web page (green box) that embeds my dash app?

Any idea/help is welcome to get to my goal to find out if a specific web page (that embeds my dash app) is calling my apps url or if some other client is calling it to ensure that only this specific page can access my dash app.

Thanks!

jnguyen0220 · March 15, 2021, 12:44pm

I believe dash can only access the current request cookies. In the code samples I used flask request to access the cookies. You might be able find more info on it on by checking the flask docs. I believe accessing another site cookies could be a security concern and may not be possible.

dash_noob · March 16, 2021, 4:52pm

fyi: I am having a look at this now: CSP: frame-ancestors - HTTP | MDN to check if it can be used for my purpose…

If anyone has an example on how to apply this in dash please let me know

Thanks!

Topic		Replies	Views
How to read cookies inside a background callback? Dash Python question	20	2576	February 14, 2025
Acces to cookies from Dash app inside Django Framework Dash Python	1	1824	November 2, 2018
Best practise for cookie or GDPR permissions Dash Python	9	761	July 17, 2024
Does Dash set any cookies by default? Dash Python	5	880	July 30, 2023
Access Cookie In Serve Layout Function Dash Python	7	5599	September 16, 2024

Get a cookie that was not set by dash

Related topics