Closed
Bug 431517
Opened 16 years ago
Closed 16 years ago
blocking cookies from "co.uk" blocks all cookies from "anydomain.co.uk"
Categories
(Firefox :: Security, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 252342
People
(Reporter: chris.bugzilla, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 In attempting to block a generic cookie for "co.uk" it appears that I blocked all cookies from domains which ended in "co.uk". Reproducible: Always Steps to Reproduce: 1. Ensure preferences are set to accept cookies, with an exception to block "co.uk" 2. Visit a site which is a subdomain of ".co.uk" and uses cookies 3. Actual Results: Cookie for subdomain.co.uk is refused There needs to be a mechanism for blocking generic second level domains for ccTLDs without blocking cookies from more specific domains. say "=co.uk" to block only co.uk domains, "co.uk" to block co.uk and subdomains or "co.uk" to block only co.uk domains and "*.co.uk" to block co.uk and subdomains Note, the help documentation makes no mention that blocking a domain blocks all subdomains of that domain.
Comment 1•16 years ago
|
||
This was supposed to be fixed by bug 252342 (in a way) - you can't place cookies anymore on co.uk, so there's anymore no reason to block these cookies. It's actually normal that blocking a cookie would also block the subdomains, since those subdomains would also receive the cookie anyway, if it weren't blocked.
Reporter | ||
Comment 2•16 years ago
|
||
You can't. I beg to differ. This all came about after I discovered two cookies on ".co.uk" domain in my Firefox cookies. Try this script, it will attempt to set a cookie on "co.uk" domain. http://wiki.jalakai.co.uk/tester499.php
Comment 3•16 years ago
|
||
in Firefox 2, yes it will. In Firefox 3 the cookie is not set. Regardless of whether we do or don't block .co.uk, the subdomain blocking is intentional. If you block a higher-level domain you must individually allow the subdomains within that domain for which you want cookies. This applies to all our facilities that use the "permission manager", such as image blocking and popup blocking/allowing.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•