Open Bug 1174797 Opened 4 years ago Updated 4 years ago

Add a cookie exception for GMail OAuth

Categories

(MailNews Core :: Networking: IMAP, defect)

defect
Not set

Tracking

(thunderbird_esr38+ affected)

Tracking Status
thunderbird_esr38 + affected

People

(Reporter: rkent, Unassigned)

Details

I think you want tracking esr
Context: if you disabled cookies, trying to do OAuth2 authentication for gmail will show a "Oops! Your browser seems to have cookies disabled. Make sure cookies are enabled or try opening a new browser window. [?] " message in the OAuth dialog. 

I'm not so sure it's ok to add it silently though, as that lets google track you elsewhere (to a limited extent) - which is probably one of the reasons you disabled cookies in the first place.
(In reply to Magnus Melin from comment #3)
> Context: if you disabled cookies, trying to do OAuth2 authentication for
> gmail will show a "Oops! Your browser seems to have cookies disabled. Make
> sure cookies are enabled or try opening a new browser window. [?] " message
> in the OAuth dialog. 

Also, even if cookies are enabled, if you have two different google oauth accounts, there may be conflicts (at least this has happened for twitter). For twitter, the cookies are removed once oauth is complete, cf. https://dxr.mozilla.org/comm-central/source/chat/protocols/twitter/twitter.js#866.

> I'm not so sure it's ok to add it silently though, as that lets google track
> you elsewhere (to a limited extent) - which is probably one of the reasons
> you disabled cookies in the first place.

Cleaning up the cookies on completion would also help with that issue.
i would prefer sticking to imap only or making oauth opt-in. i have disabled google 2-factor-authentication for a reason. Adding a cookie exception for gmail seems to be violating privacy by design principles.
You need to log in before you can comment on or make changes to this bug.