The issue is that the user is navigating in private session, and as a result of downloading a file, a cookie get written (`user=priv`). This cookie must be only available on private browsing but it's getting shared with normal sessions. As if the download were performed on a normal session.
From the AC, we are not handling cookies when initiating downloads.
> The way GV API works, the API users are supposed to set the FETCH_FLAGS_ANONYMOUS flag on the download. With that flag, the cookies are not supposed to be passed. Am I understanding the bug correctly that the flag is set but the cookies are still being passed?
I think the
Bug 1663261 Comment 8 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
The issue is that the user is navigating in private session, and as a result of downloading a file, a cookie get written (`user=priv`). This cookie must be only available on private browsing but it's getting shared with normal sessions. As if the download were performed on a normal session.