The chrome.cookies.remove API "Deletes a cookie by name".
https://developer.chrome.com/extensions/cookies#method-remove
The method only accepts {url,name}, and assumes that at most one cookie is removed.
This assumption is false, to uniquely identify a cookie the following is needed too:
- domain
- host-only
- path
(for "unique cookie" definition, see https://github.com/httpwg/http-extensions/issues/199 )
When an extension invokes chrome.cookies.remove, it may inadvertently remove more than one cookie.
This does not occur very often, and none of the extensions that I analyzed accounted for this non-uniqueness (see section 4 of https://bugzilla.mozilla.org/show_bug.cgi?id=1387957#c9).
So it would be safe (and closer with the expected behavior of extensions in the wild) to only remove the first matching cookie.
For those who wish to remove as many matching cookies as possible, the chrome.cookies.removeAll API could be introduced, similar to chrome.cookies.getAll.
And to solve the original problem that chrome.cookies.remove cannot remove a specific cookie, optional keys should be supported so that a specific cookie can be matched.
For examples, API proposal and analysis, see https://bugzilla.mozilla.org/show_bug.cgi?id=1387957#c9
Comment 1 by rob@robwu.nl
, Apr 19 2018