Add a cookie exception for GMail OAuth

NEW
Unassigned

Status

4 years ago
3 years ago

People

(Reporter: rkent, Unassigned)

Tracking

Thunderbird Tracking Flags

(thunderbird_esr38+ affected)

Details

Comment 1

4 years ago
I think you want tracking esr
status-thunderbird_esr38: --- → affected
tracking-thunderbird_esr38: --- → ?
(Reporter)

Comment 2

4 years ago
Right.
tracking-thunderbird38: + → ---
tracking-thunderbird_esr38: ? → +
Context: if you disabled cookies, trying to do OAuth2 authentication for gmail will show a "Oops! Your browser seems to have cookies disabled. Make sure cookies are enabled or try opening a new browser window. [?] " message in the OAuth dialog. 

I'm not so sure it's ok to add it silently though, as that lets google track you elsewhere (to a limited extent) - which is probably one of the reasons you disabled cookies in the first place.

Comment 4

3 years ago
(In reply to Magnus Melin from comment #3)
> Context: if you disabled cookies, trying to do OAuth2 authentication for
> gmail will show a "Oops! Your browser seems to have cookies disabled. Make
> sure cookies are enabled or try opening a new browser window. [?] " message
> in the OAuth dialog. 

Also, even if cookies are enabled, if you have two different google oauth accounts, there may be conflicts (at least this has happened for twitter). For twitter, the cookies are removed once oauth is complete, cf. https://dxr.mozilla.org/comm-central/source/chat/protocols/twitter/twitter.js#866.

> I'm not so sure it's ok to add it silently though, as that lets google track
> you elsewhere (to a limited extent) - which is probably one of the reasons
> you disabled cookies in the first place.

Cleaning up the cookies on completion would also help with that issue.

Comment 5

3 years ago
i would prefer sticking to imap only or making oauth opt-in. i have disabled google 2-factor-authentication for a reason. Adding a cookie exception for gmail seems to be violating privacy by design principles.
You need to log in before you can comment on or make changes to this bug.