How to deal with HttpOnly cookies?
I wrote a fix for https://startlivehealthonline.com/loginConsumer.htm to allow logging in, but because I couldn't figure out how to get the CSRF token from an "HttpOnly" cookie, I added an additional input box where the user can paste the CSRF token (from the "Storage" tab in the dev toolbar). Obviously, this is not very convenient, and since the official scripts submit the token automatically, it should be possible for a script in Haketilo to do the same. I do not know how the site's official scripts are adding the token to the request though (I generally don't look at the site's own scripts (with an exception noted in this fix that I saw the beginning of a script that sets the visibility of the page, and the method seemed like the obvious method, so I thought it better to explicitly copy that then to try to come up with something dissimilar after seeing the official method).).
The fix I wrote is attached, and it does allow logging in if you paste the CSRF token in the proper spot. Even if you don't have an account, you should be able to just click on the login button and a request without any login info will be sent, but the token will still be sent. Do you know how the official scripts might be accessing HttpOnly cookies, or how the scripts might affect the page so the CSRF token is part of the form?
Thanks! I uploaded a better version of the script here: https://codeberg.org/JacobK/unfinished-site-fixes/src/branch/main/LiveHealth/livehealth-login.js (I decided to upload my "unfinished" scripts to that repository, though there's some I didn't upload, mostly due to hardcoded authentication keys and stuff. Anyway, they're not meant to be included in any repository yet, but I figured it would be good to publish them in case others happen to be working on a site that I'm not working on anymore.)