Closed Bug 102198 Opened 23 years ago Closed 9 years ago

Domain selections in cookie/image question dialogs

Categories

(Core :: Networking: Cookies, enhancement)

Product:
Core
Component:
Networking: Cookies
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: internationils, Unassigned)

References

Details

Attachments

(1 file)

UI example from Cookie Pal
3.79 KB, image/gif
Details
[I had submitted this as a comment to http://bugzilla.mozilla.org/show_bug.cgi?id=75915 but thought that it would get more attention this way since this is a separate issue.] In the Cookie or Image dialog that appears when you have 'warn me' selected should also allow for a 'domain' option. A perfect example: I go to slashdot.org with 'warn' set, and either 'all' or 'all from host' selected. I immediately get a question from images.slashdot.org, images2.slashdot.org etc. asking if they're OK too. I'd like to see this in the cookie/image dialog: [ ] Accept/Reject from Domain [...textfield.with.hostname...] This should be a check button, and the textfield should be greyed out until the check button is checked, and then people can have 'slashdot.org' there and all the servers in that domain will be OK (or rejected) depending on the Yes/No answer you give in the dialog. This is short, simple, evident, and quite effective.
Severity: normal → enhancement
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → Future
On Win32, I am now still using NS4 ONLY because of the outstanding cookie filtering I get using an addon called Cookie Pal (www.kburra.com). Their UI is very mature and the attachment shows an example of a good design. I've been emailing them once a month asking when they plan to support NS6/Mozilla, and the answer so far has been "someday we hope", not even "RSN". So my hopes are not high on that front. If Mozilla's native cookie filtering got better, I could ditch the addon approach, and even count on the feature cross-platform (CP is Win32 only). Once I can get good cookie filtering in Moz (either via CP or built in) I'll finally be able to move over (web accounts, bookmarks, etc.). Thanks everyone for your continuing efforts!
Blocks: 100573
I also have a couple issues with the way that the cookie/image acceptance dialogs work. This bug looks pretty close to what I would like to see, but I think it could go further. 1) on a page with a half dozen images from servers I haven't seen before (a reasonably possible situation), I could easily see 15 or more dialogs asking for a cookie and an image from a bunch of different ad servers. I would prefer instead that these queries be batches. First there would be a single dialog for the cookie(s) corresponding to the original document. Then there would be a single dialog for the dozen or more images. Finally there would be a dialog for all of the cookies from the images allowed from the previous step. 2) there are insufficient details given when setting a cookie or loading an image. All the dialog tells us is that a particular server wants to load an image or set a cookie. I would like to see URI of the image referenced, for example, as not all ad servers are clearly named so. Similarly, I would like to know the cookie name and the value before approving/denying. 3) wildcards. Beyond simply denying images from z0.extreme-dm.com and z1.extreme-dm.com, I'd like to be able to block *.extreme-dm.com so I never even get prompted when I hit a new letter of the alphabet. Ideally, there would be 3 dialogs (original document cookies, referenced images, and then cookies for those images). The dialogs would have a list of all cookies in the current context (original document vs. externally referenced documents/images) along with their names and values, a la: [] server1.somewhere [] cookie1name cookie1value [] cookie2name cookie2value [] cookie3name cookie3value [] server2.somewhere else [] cookie1name cookie1value [] cookie2name cookie2value [] cookie3name cookie3value ... the [] next to cookies names are checkboxes for accepting (set) or denying (not set) the individual cookies while the ones next to the servers are for accepting denying all cookies from a server. The images dialogs would look similar, except the cookie name/value pairs would get replaced by the URIs to the images. And somewhere in the dialog would be a checkbox for remembering the denial/approval of that server/image/cookie. There's one difficulty that I see immediately in the case where the initial html doc is a frameset referencing frames from another server which contain their own subframes/images, etc. But I don't see the profusion of popups from such an extreme case as being worse than the current case. Phew, I'm pretty demanding.
mvl: any interest in taking this one? specifically, the addition of an editable textfield in the 'remember this decision for...' checkbox, to the cookie/image/whatever dialogs: [ ] Remember decision for all hosts within the domain [...textfield.with.hostname...] looks like a much more useful RFE now that we've got domainwalking. this does not block bug 100573 btw, but we can leave it that way for now since they're related RFEs.
note: implementing this would obsolete the RFE in bug 199983.
-> mvl just so we don't lose track of this one.
Assignee: morse → mvl
Status: ASSIGNED → NEW
I like this RFE, but maybe we could get a bettter summary?
QA Contact: tever → cookieqa
Has the new cookie whitelist ability done anything to help this bug?
why would whitelisting have anything to do with this?
oh, we have a UI guy now! nice little rfe for you mconnor :)
eww, people actually use these still? :) I'll poke this in a couple weeks
Assignee: mvl → mpconnor
Blocks: 216743
also going to add session cookie UI here as well
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: Future → mozilla1.7alpha
so, instead of [ ] Remember the decision for this site I'm thinking a dropdown along these lines. I figure second level domain is the lowest anyone would go, hopefully .uk people are smart enough (or non-paranoid enough) to not block .co.uk if the option is there. (If not, that's what domainwalking in remove() is all about. [ ] Remember this decision for [ foo.bar.baz.com [\/] [ bar.baz.com } [ baz.com ] I may yet get this done before 1.7a, but no promises.
The "objecting to Mike's zany ideas for the dialog" bus is now leaving the station, I intend to do this on the weekend. (yes mvl, AFTER I do the button)
retargeting to 1.8 alpha
Target Milestone: mozilla1.7alpha → mozilla1.8alpha
I'm voting for this one...the ability to block domain/subdomain cookies in one dialog (yes, I'm a veteran of CookiePal too--great program!) would be great!
Not going to be working on any Seamonkey UI bugs for the foreseeable future. You can filter on "danlikesgoats" to delete this spam.
Assignee: mconnor → nobody
Status: ASSIGNED → NEW
Priority: P2 → --
Target Milestone: mozilla1.8alpha1 → ---
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: