feat: add disableCookies in requester options

Author: appurva21

CHANGELOG.yaml

@@ -1,3 +1,7 @@
+unreleased:
+  new features:
+    - GH-1533 Add support for disabling cookie jar via requester options
+
 7.49.0:
   date: 2025-10-16
   new features:

README.md

@@ -85,6 +85,9 @@ runner.run(collection, {
         // jar.allowProgrammaticAccess = function (domain) { return domain === 'postman-echo.com'; };
         cookieJar: jar,
 
+        // Prevents cookie jar from being used for in a request
+        disableCookies: false,
+
         // Controls redirect behavior (only supported on Node, ignored in the browser)
         followRedirects: true,
 

docs/protocol-profile-behavior.md

@@ -15,6 +15,9 @@ Follow HTTP 3xx responses as redirects.
 - `maxRedirects: Number`<br/>
 Set maximum number of redirects to follow.
 
+- `disableCookies: Boolean`<br/>
+Prevent cookie jar from being used in a request.
+
 - `disableBodyPruning: Boolean`<br/>
 Control request body pruning for following methods: ```GET, COPY, HEAD, PURGE, UNLOCK```
 

lib/requester/core.js

@@ -85,7 +85,10 @@ var dns = require('dns'),
         removeRefererHeader: 'removeRefererHeaderOnRedirect',
 
         // Select the HTTP protocol version to be used. Valid options are http1/http2/auto
-        protocolVersion: 'protocolVersion'
+        protocolVersion: 'protocolVersion',
+
+        // disable cookie jar
+        disableCookies: 'disableCookies'
     },
 
     /**
@@ -433,7 +436,6 @@ module.exports = {
             reqOption,
             portNumber,
             behaviorName,
-            disableCookies,
             port = url && url.port,
             hostname = url && url.hostname && url.hostname.toLowerCase(),
             proxyHostname = request.proxy && request.proxy.host;
@@ -484,13 +486,8 @@ module.exports = {
             options[reqOption] = resolveWithProtocolProfileBehavior(behaviorName, defaultOpts, protocolProfileBehavior);
         }
 
-        // set cookie jar if not disabled
-        // check per-request override first, then fall back to requester-level setting
-        disableCookies = protocolProfileBehavior.disableCookies !== undefined ?
-            protocolProfileBehavior.disableCookies :
-            defaultOpts.disableCookies;
 
-        if (!disableCookies) {
+        if (!options.disableCookies) {
             options.jar = defaultOpts.cookieJar || true;
         }
 

lib/requester/dry-run.js

@@ -315,13 +315,13 @@ function dryRun (request, options, done) {
     var cookieJar = options.cookieJar,
         implicitCacheControl = options.implicitCacheControl,
         implicitTraceHeader = options.implicitTraceHeader,
-        disabledSystemHeaders = _.get(options.protocolProfileBehavior, 'disabledSystemHeaders') || {},
-        disableCookies = _.get(options.protocolProfileBehavior, 'disableCookies');
+        protocolProfileBehavior = options.protocolProfileBehavior,
+        disabledSystemHeaders = _.get(protocolProfileBehavior, 'disabledSystemHeaders') || {},
 
-    // if protocolProfileBehavior.disableCookies is undefined, fall back to requester option
-    if (disableCookies === undefined) {
-        disableCookies = _.get(options, 'disableCookies', false);
-    }
+        // TODO: Unify the logic to read ppb properties with core.js
+        disableCookies = Object.hasOwn(protocolProfileBehavior || {}, 'disableCookies') ?
+            protocolProfileBehavior.disableCookies :
+            options?.disableCookies;
 
     async.waterfall([
         function setContentTypeHeader (next) {