Bug 1525917 was about disabling cookies. If you disable cookies and this breaks Addons, then that's OK for me. Noone should disable *all* cookies. It will break most of the internet anyway so why shouldn't it break Addons? But if Addons accessing *any* cookie are considered "3rd party", then for some Addons the only way to work properly would be to tell users to allow 3rd party cookies globally. How does Chrome handle this? For example if I want to write an Addon which, for example, synchronizes Bookmarks to an external service and to initially log in you just open the login page for this service into a new tab, then the user may log in and the cookie is set but if the Addon itself wants to transfer data and expects the session cookie to be set to be able to communicate, then this will fail as soon as 3rd party cookies are disallowed. The "moz-extension" URL already has an exception for "Same Origin Policy" to access any URL that is required for Addons to work. Why not also add an exception for 3rd party cookies so an user is able to disable 3rd party cookies for additional privacy while browsing but still have Addons work that need cookies to be set. In my case the relevant issue is this one: https://github.com/M-Reimer/android-pdf-js/issues/3 No access to PDF files behind logins as soon as 3rd party cookies are not allowed. But for me it wouldn't be too difficult to work around this case. I already cache the "Referer" header from the initial connection to readd it to the "fetch" request done by PDF.js. I could also cache the "Cookies" header the same way to also reapply it to the "fetch" request which would allow my users to access PDF's even if a cookie has to exist to access it.
Bug 1608685 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Bug 1525917 was about disabling cookies. If you disable cookies and this breaks Addons, then that's OK for me. Noone should disable *all* cookies. It will break most of the internet anyway so why shouldn't it break Addons? But if Addons accessing *any* cookie are considered "3rd party", then for some Addons the only way to work properly would be to tell users to allow 3rd party cookies globally. How does Chrome handle this? For example if I want to write an Addon which, for example, synchronizes Bookmarks to an external service and to initially log in you just open the login page for this service into a new tab, then the user may log in and the cookie is set but if the Addon itself wants to transfer data and expects the session cookie to be set to be able to communicate, then this will fail as soon as 3rd party cookies are disallowed. The "moz-extension" URL already has an exception for "Same Origin Policy" to access any URL that is required for Addons to work. Why not also add an exception for 3rd party cookies so an user is able to disable 3rd party cookies for additional privacy while browsing but still have Addons work that need cookies to be set? In my case the relevant issue is this one: https://github.com/M-Reimer/android-pdf-js/issues/3 No access to PDF files behind logins as soon as 3rd party cookies are not allowed. But for me it wouldn't be too difficult to work around this case. I already cache the "Referer" header from the initial connection to readd it to the "fetch" request done by PDF.js. I could also cache the "Cookies" header the same way to also reapply it to the "fetch" request which would allow my users to access PDF's even if a cookie has to exist to access it.
Bug 1525917 was about disabling cookies. If you disable cookies and this breaks Addons, then that's OK for me. Noone should disable *all* cookies. It will break most of the internet anyway so why shouldn't it break Addons? But if Addons accessing *any* cookie are considered "3rd party", then for some Addons the only way to work properly would be to tell users to allow 3rd party cookies globally. How does Chrome handle this? For example if I want to write an Addon which, for example, synchronizes Bookmarks to an external service and to initially log in you just open the login page for this service into a new tab, then the user may log in and the cookie is set but if the Addon itself wants to transfer data and expects the session cookie to be set to be able to communicate, then this will fail as soon as 3rd party cookies are disallowed. The "moz-extension" URL already has an exception for "Same Origin Policy" to access any URL that is required for Addons to work. Why not also add an exception for 3rd party cookies so an user is able to disable 3rd party cookies for additional privacy while browsing but still have Addons work that need cookies to be set? In my case the relevant issue is this one: https://github.com/M-Reimer/android-pdf-js/issues/3 No access to PDF files behind logins as soon as 3rd party cookies are not allowed. But for me it wouldn't be too difficult to work around this case. I already cache the "Referer" header from the initial connection to readd it to the "fetch" request done by PDF.js. I could also cache the "Cookies" header the same way to also reapply it to the "fetch" request which would allow my users to access PDF's even if a cookie has to exist to access it. I just thought it may be a good idea to fix this globally to prevent incompatibilities with Addons so disabling 3rd party cookies is impossible if the user uses some Addon that needs session cookies to be set for accessing some login protected URLs.