Closed Bug 1486944 Opened 7 years ago Closed 7 years ago

Make the reject foreign cookie behavior honor the content blocking pref

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox63 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

Attachments

(2 files)

Part 1: Make the reject foreign cookie behavior also depend on the browser.contentblocking.enabled pref
3.38 KB, patch
baku
: review+
Details | Diff | Splinter Review
Part 2: Add tests to ensure that the reject foreign cookie behavior also depends on the browser.contentblocking.enabled pref
4.04 KB, patch
baku
: review+
Details | Diff | Splinter Review
This option is being exposed as part of the Content Blocking UI, so we would like to make it honor the same pref as well.
Attachment #9004713 - Flags: review?(amarchesini) → review+
Attachment #9004714 - Flags: review?(amarchesini) → review+
Is the browser_contentblocking_enabled pref currently non-existent, and will it be enabled by default when introduced?
Flags: needinfo?(ehsan)
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5fc45a7e2b35 Part 1: Make the reject foreign cookie behavior also depend on the browser.contentblocking.enabled pref; r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/b536e2deff08 Part 2: Add tests to ensure that the reject foreign cookie behavior also depends on the browser.contentblocking.enabled pref; r=baku
(In reply to Mats Palmgren (:mats) from comment #3) > Is the browser_contentblocking_enabled pref currently non-existent, > and will it be enabled by default when introduced? That pref is an existing pref, defined here: https://hg.mozilla.org/mozilla-central/file/b75561ff5ffe/modules/libpref/init/StaticPrefList.h#l1270
Flags: needinfo?(ehsan)
Hmm, so if a user currently have blocked 3rd party cookies, but haven't enabled content blocking, are 3rd party cookies still blocked or not? The logic in the patch seems to suggest it's not - am I missing something?
Flags: needinfo?(ehsan)
Or to phrase it more generally - does these planned changes potentially result in reduced privacy for any user?
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/188b13da9862 Part 1: Make the reject foreign cookie behavior also depend on the browser.contentblocking.enabled pref; r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/ceb6a933997f Part 2: Add tests to ensure that the reject foreign cookie behavior also depends on the browser.contentblocking.enabled pref; r=baku
(In reply to Mats Palmgren (:mats) from comment #7) > Or to phrase it more generally - does these planned changes potentially > result > in reduced privacy for any user? They shouldn't, since the browser.contentblocking.enabled pref is enabled *by default*. The only case where third-party cookie blocking would stop for the said user is if they go and turn this new pref off, and only if they're blocking all third-party cookies *or* blocking third-party cookies from trackers. Does this answer your question?
Flags: needinfo?(ehsan) → needinfo?(mats)
https://hg.mozilla.org/mozilla-central/rev/188b13da9862 https://hg.mozilla.org/mozilla-central/rev/ceb6a933997f
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
(In reply to :Ehsan Akhgari from comment #10) > Does this answer your question? Yes it does, thank you. > The only case where third-party cookie blocking would stop > for the said user is if they go and turn this new pref off, > and only if they're blocking all third-party cookies *or* > blocking third-party cookies from trackers. OK, fair enough. I think it's a rather serious flaw though that our UI is basically lying now if you do turn content blocking off and have cookies set to "Blocked: All 3rd party...". There's no indication whatsoever that that configuration will not work as advertised. Perhaps the "Cookies and Site Data" and "Content Blocking" UIs needs to be integrated now, so that it doesn't mislead users about what's actually blocked or not.
Flags: needinfo?(mats)
(In reply to Mats Palmgren (:mats) from comment #12) > > The only case where third-party cookie blocking would stop > > for the said user is if they go and turn this new pref off, > > and only if they're blocking all third-party cookies *or* > > blocking third-party cookies from trackers. > > OK, fair enough. I think it's a rather serious flaw though > that our UI is basically lying now if you do turn content > blocking off and have cookies set to "Blocked: All 3rd party...". > There's no indication whatsoever that that configuration > will not work as advertised. > > Perhaps the "Cookies and Site Data" and "Content Blocking" > UIs needs to be integrated now, so that it doesn't mislead > users about what's actually blocked or not. Indeed, this is something we have also paid attention to. I'm waiting for a UX mock-up to write the last patch in this series which will finish this UI by addressing this one last major flaw, but while the mock is being made, I filed bug 1487556 to keep track of the work and CCed you there. :-)
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: