Open
Bug 389002
Opened 17 years ago
Updated 2 years ago
Browsing to CNN.com with blocked cnn.com cookies result in Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: cbook, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: testcase)
Attachments
(1 file)
1.51 KB,
text/html
|
Details |
Steps to Reproduce: - Set Cookies from cnn.com to the cookie blocklist - Go to Cnn.com - Check the Error Console: Error: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://i.l.cnn.net/cnn/.element/js/2.0/StorageManager.js Line: 167"] Source File: http://i.l.cnn.net/cnn/.element/js/2.0/StorageManager.js Line: 167
Comment 1•17 years ago
|
||
Bug 365772 is a bit related. When cookies are denied, then storage is throwing errors when trying to access it, while document.cookie just returns an empty string. http://www.whatwg.org/specs/web-apps/current-work/#security5 " Treating persistent storage as cookies: user agents may present the persistent storage feature to the user in a way that does not distinguish it from HTTP session cookies. [RFC2965] " You could read that as "storage functions should not throw security errrors when cookie functions aren't doing it either", I guess. Although I suspect that part is more talking about the UI or something.
Updated•17 years ago
|
Comment 2•17 years ago
|
||
What is the cause of the security exception? Is this because it is trying to access the storage of a different domain? The spec says that doing this "must then raise a security exception." although it doesn't currently define what a "security exception" is.
Comment 3•17 years ago
|
||
Sorry, the testcase was made for http://localhost use. If you then block cookies from localhost, you get the mentioned security errors when trying to access globalStorage['localhost.localDomain']. This doesn't happen with cookies. You just seem to get an empty string returned when trying to get/set a cookie.
I don't think this is just related to bug 365772, I think this is bug 365772. I've encountered this problem on the cnn video site and when I set my cookie setting to "keep until they expire", cnn's video worked... see bug 442605.
Comment 5•16 years ago
|
||
I got this error today when I was testing the tryserver build from https://bugzilla.mozilla.org/show_bug.cgi?id=460346#c4.
Comment 6•15 years ago
|
||
Here is the site I tested: http://legisweb.state.wy.us/statutes/constitution.aspx Same NS_ERROR_DOM_SECURITY_ERR error with same security code. I can confirm this on Firefox 3.5.4: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4 and Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 and r26510 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5pre) Gecko/20091031 Ubuntu/9.10 (karmic) Shiretoko/3.5.5pre This seems to be fixed in 3.6 Beta 1 Build 3 Ubuntu Bug: https://bugs.launchpad.net/bugs/473677
See Also: → https://launchpad.net/bugs/473677
Well, CNN video now plays with my third-party cookies turned off, or with the lifetime set to "Ask every time" and me selecting "For session". However, given that this bug is 3 years old, that could be due to changes on CNN.com But, I can still get the error if I do something that tries to set a cookie from javascript while the "Ask every time" setting is on (lifetimePolicy = 1). Couple of examples after clearing out all of my cnn.com cookies and loading http://edition.cnn.com: Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://i.cdn.turner.com/cnn/.element/js/3.0/StorageManager.js?20100728 Line: 345"] This is line 345 of that js: return (window.localStorage && (window.localStorage!=null)); The page then prompts me if I want it to make the International Edition my default. If I press Yes or No, I get a similar error: Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://i.cdn.turner.com/cnn/.element/js/3.0/s_code.intl.js Line: 521"] The cookie that stores the default edition is set, but the prompt to make a selection does not go away. s_code.intl.js (or s_code.js on the US site) is Omniture, and there's no telling from their mangled javascript what that's trying to do, but I don't see a reference to localStorage anywhere in that javascript. I've tried several times back and forth and have confirmed that the above errors only happen when I have the cookie lifetime policy set to '1' (Ask me every time). Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
(In reply to comment #7) > > But, I can still get the error if I do something that tries to set a cookie > from javascript while the "Ask every time" setting is on (lifetimePolicy = 1). > Sorry, that was misleading. I was speculating before I looked at the js, but in the one case it's trying to access window.localStorage and in other case (the Omniture js) I can't tell what it's trying to do, though Omniture is known to get invoked (to send a usage data back to their servers via AJAX) in response to clicking a hyperlink.
Comment 9•14 years ago
|
||
We are experiencing the same problem in Firebug. Test case + more details here: http://code.google.com/p/fbug/issues/detail?id=3805 Honza
Comment 10•14 years ago
|
||
This is reproducible on the webtogs website: http://www.webtogs.co.uk/Icebreaker_Long_Sleeve_Base_Layers__0/ with 3rd party cookies set to "ask me every time". Setting to "until they expire" results in the site working. The error reported in the console is: Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://cdn.webtogs.com/js/mootools-1.2.5-core-yc.js Line: 24"]
Comment 11•13 years ago
|
||
This bug was supposedly fixed in 3.6, but it's still there in 4.0. I can reproduce it with the following code: if (localStorage) { alert("yes") } else { alert("no") } If cookies are disabled, I get a "security error code 1000", regardless of whether local storage is enabled or not.
Updated•6 years ago
|
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•