Closed Bug 1520701 Opened 6 years ago Closed 6 years ago

allow webextensions to modify the cookie whitelist

Categories

(WebExtensions :: General, defect)

Product:
WebExtensions
Component:
General
Version:
66 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1291841

People

(Reporter: karana, Unassigned)

Details

User Agent: Mozilla/5.0 (Android 8.1.0; Mobile; rv:66.0) Gecko/66.0 Firefox/66.0

Steps to reproduce:

I set cookies to block all in the Firefox settings menu.
Then i installed a cookie addon to help me whitelist sites with a few simple clicks
went to a page that only works with cookies enabled.
Whitelisted the site un the extension

Actual results:

Site didnt work because it couldn't store cookies

Expected results:

The addons whitelist should have also been able to add the site to the whitelist of firefox so that FF wouldn't overrule the addon decision.

Component: Untriaged → General
OS: Unspecified → All
Product: Firefox → WebExtensions
Hardware: Unspecified → All
Flags: needinfo?(rob)

I set cookies to block all in the Firefox settings menu.

Are you referring to the "Content Blocking" setting at the top of the preferences page, set to "Strict" option (or even "Custom" + "All cookies (will cause websites to break)" option)? If not, please clarify which setting you've used.

Then i installed a cookie addon to help me whitelist sites with a few simple clicks

Could you share a link to this "cookie addon"?
And also what you meant by "Whitelisted the site un the extension".

Flags: needinfo?(rob) → needinfo?(karana)

Settings> Block site elements>User defined > Site Cookies> All cookies (some pages might break) is what i enabled.
https://addons.mozilla.org/en-US/firefox/addon/cookiemaster/
To be able to login on a website you need to set the slider for the domain/subdomain to "cookies enabled"/green in cookie master.

Flags: needinfo?(karana)

The cookiemaster add-on works offers the ability to automatically remove cookies that haven't been whitelisted by the user in the extension. In more detail, the add-on:

  1. Detects cookie additions/modifications via the browser.cookies.onChanged event.
  2. Unless allowed by the user via the extension, it removes the cookie using browser.cookies.remove.

When you use Firefox's Content Blocking feature to reject all cookies, then these Firefox will ignore websites' requests to store data/cookies. Since cookies are not created in the first place, your add-on is unable to accept the cookies.

Firefox's Content Blocking is more thorough than what the add-on can offer *, and you can easily add or remove the site from the whitelist via the shield icon at the left of the location bar, and clicking the "Turn off Blocking for This Site" option. After that, the site appears at the "Exceptions - Content Blocking" list (found via the "Manage Exceptions" button at the "Content Blocking" section of about:preferences#privacy ).

If you want the add-on to control the cookies for a specific site, turn off Content blocking for the site and your add-on will work as before.

* cookies are the most well-known form of storage for websites, but there are many other ways to store data. Content Blocking effectively data storage regardless of the method, whereas your cookie add-on only removes cookies. If you care about storage access for privacy reasons, use Content Blocking. If you just want to manage cookies, stop blocking all cookies and use your add-on instead.

The actionable part of this bug is the request to allow extensions to modify the cookies whitelist. This is already covered by the feature request at bug 1291841.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.