(In reply to Daniel Veditz [:dveditz] Out until Jan 9 from comment #16) > (In reply to Tom Schuster (MoCo) from comment #15) > > I think that means we should not set [`isForeignAndNotAddon`](https://searchfox.org/mozilla-central/rev/43cb6eca1c3069d46d589d52ab4949257e630d19/netwerk/cookie/CookieService.cpp#674-678) for top level documents. > > Yes, that looks right. We also have to make the equivalent change in [CookieServiceChild.cpp](https://searchfox.org/mozilla-central/rev/17aeb39742eba71e0936ae44a51a54197100166d/netwerk/cookie/CookieServiceChild.cpp#597-601) > Unfortunately, not setting `isForeignAndNotAddon` for top level documents seems not a right approach for this bug. Or maybe that site has been changed recently? I just tested this again before wiring this comment. It looks like this issue is caused by the fist redirect from `http://my.ccc.edu/` to `https://my.ccc.edu/`. And then, firefox looks at the whole redirect history [here](https://searchfox.org/mozilla-central/rev/4cc23dcad1142ec79256f449a55460215fc75498/netwerk/cookie/CookieCommons.cpp#607-626) and find out that the first redirect is not [schemeful samesite](https://searchfox.org/mozilla-central/rev/4cc23dcad1142ec79256f449a55460215fc75498/netwerk/cookie/CookieCommons.cpp#619). I think the correct approach might be having the same implementation as chromium (as said in comment #9), but I am not sure if it's easy to change in a few days. Valentin, Tom, what do you think?
Bug 1800273 Comment 26 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Daniel Veditz [:dveditz] Out until Jan 9 from comment #16) > (In reply to Tom Schuster (MoCo) from comment #15) > > I think that means we should not set [`isForeignAndNotAddon`](https://searchfox.org/mozilla-central/rev/43cb6eca1c3069d46d589d52ab4949257e630d19/netwerk/cookie/CookieService.cpp#674-678) for top level documents. > > Yes, that looks right. We also have to make the equivalent change in [CookieServiceChild.cpp](https://searchfox.org/mozilla-central/rev/17aeb39742eba71e0936ae44a51a54197100166d/netwerk/cookie/CookieServiceChild.cpp#597-601) > Unfortunately, not setting `isForeignAndNotAddon` for top level documents seems seems not a right approach for this bug. Or maybe that site has been changed recently? I just tested this again before wiring this comment. It looks like this issue is caused by the fist redirect from `http://my.ccc.edu/` to `https://my.ccc.edu/`. And then, firefox looks at the whole redirect history [here](https://searchfox.org/mozilla-central/rev/4cc23dcad1142ec79256f449a55460215fc75498/netwerk/cookie/CookieCommons.cpp#607-626) and find out that the first redirect is not [schemeful samesite](https://searchfox.org/mozilla-central/rev/4cc23dcad1142ec79256f449a55460215fc75498/netwerk/cookie/CookieCommons.cpp#619). I think the correct approach might be having the same implementation as chromium (as said in comment #9), but I am not sure if it's easy to change in a few days. Valentin, Tom, what do you think?