I can see that when I issue an xhr from my chrome app that it sends some cookies, and these cookies are kept track of in the app. Servers sending set-cookie headers are updating them correctly. I need to read a cookie though, and I tried using the "cookies" permission but chrome yelled at me... Is there another api I can use?

edit: I am using the new packaged apps.

Cookies is apparently a dark area of Chrome Packaged Apps.

With Extensions, the extension shares the cookie jar with normal browsing activities. For Packaged Apps, each app has a separate jar.

The current behaviour seems to be that XHR requests to sites specified in the manifest in the permissions section do set cookies in this jar but there is no way how to get rid of them, except reinstalling the app. There is no API for Packaged Apps to manage cookies and their cookies do not show in Developer tools or about://settings/cookies page.

the crbugs include

https://code.google.com/p/chromium/issues/detail?id=70391 https://code.google.com/p/chromium/issues/detail?id=152758 https://code.google.com/p/chromium/issues/detail?id=157474

and these two issues filled in response to this SO question

https://code.google.com/p/chromium/issues/detail?id=236585 https://code.google.com/p/chromium/issues/detail?id=335934

I had a similar issue where security restrictions on XHR in a packaged app with chrome.socket api permission seemed overbearing. See Setting "unsafe" headers in packaged app XHR

I ended up creating a "shim" xhr object for my use case, though it doesn't handle e.g. chunked encoding. You might find it useful: https://github.com/kzahel/jstorrent/blob/fresh/js/chromesocketxhr.js

I ended up filing a bug on crbug: https://code.google.com/p/chromium/issues/detail?id=335934