Get rid of not-used prefs in cookie service
Categories
(Core :: Networking: Cookies, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox67 | --- | fixed |
People
(Reporter: baku, Assigned: baku)
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files, 2 obsolete files)
network.cookie.leave-secure-alone, network.cookie.thirdparty.nonsecureSessionOnly, and network.cookie.thirdparty.sessionOnly are not used and not exposed to web-extensions/UI. We should remove them.
|
Assignee | |
Comment 1•5 years ago
|
||
Depends on D18960
|
|
Assignee | |
Comment 2•5 years ago
|
||
Depends on D19123
|
|
Assignee | |
Comment 3•5 years ago
|
||
Depends on D19124
|
||
Comment 4•5 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #0)
network.cookie.leave-secure-alone, network.cookie.thirdparty.nonsecureSessionOnly, and network.cookie.thirdparty.sessionOnly are not used and not exposed to web-extensions/UI. We should remove them.
Sure, let's remove network.cookie.leave-secure-alone, but I disagree about the other two. What are your reasons for wanting to remove them? I actually would like to some day experiment with enabling them by default in some form (e.g. as part of Content Blocking Strict mode, or maybe even the default configuration if we ever get there...)
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 5•5 years ago
|
||
Sure, let's remove network.cookie.leave-secure-alone, but I disagree about the other two. What are your reasons for wanting to remove them? I actually would like to some day experiment with enabling them by default in some form (e.g. as part of Content Blocking Strict mode, or maybe even the default configuration if we ever get there...)
I like this idea, but we can add them when we need them, right? Maybe we can file bugs to test and land these features and mark them as blocked by this bug.
|
|
||
Comment 6•5 years ago
|
||
When you say "add them when we need them" what are you specifically referring to?
What I was trying to say was that I think both network.cookie.thirdparty.sessionOnly and network.cookie.thirdparty.nonsecureSessionOnly are useful as they are right now. It is possible we may want to modify how they work in the future, but I'm puzzled on why we would want to remove these useful privacy prefs right now to add them again in the future potentially? Am I missing something? Did you want to do something in the cookie backend that the code behind these two prefs is blocking you to currently?
|
|
Assignee | |
Comment 7•5 years ago
|
||
These features are disabled by default and it's impossible to enabled them from the UI nor from webExtensions.
Plus, both feature work only with cookies, what about any other DOM storage APIs?
If we want to test these 2 ideas, we should transform them in a project where any component behave consistently. If we want to implement these 2 feature correctly, I think they should be removed from cookieService, and implemented in nsContentUtils::StorageAllowedForWindow()/ForChannel(), for instance.
|
|
||
Comment 8•5 years ago
|
||
network.cookie.thirdparty.nonsecureSessionOnly is a cookie specific feature, since the notion of non-secure doesn't really apply to other DOM storage APIs. network.cookie.thirdparty.sessionOnly is in theory something that we can make other DOM storage APIs support as well (even though right now only DOM Storage has any notion of session lifetime in addition to the cookie backend.) That would be a welcome improvement I would think. (Hopefully some day that could be our default behaviour for handling third-party cookies/storage.)
The fact that these can only be turned on in about:config isn't a good reason to remove them, I think. We have a lot of features which aren't togglable from our UI or or WebExtensions and we don't do work to remove them all, I usually prefer if we have better reasons for removing features (such as knowing they're dead-end ideas which we have no interest in continuing to support.)
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 9•5 years ago
|
||
Depends on D19125
|
||
Comment 10•5 years ago
|
||
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9ce3161eadeb Get rid of network.cookie.leave-secure-alone, r=Ehsan https://hg.mozilla.org/integration/autoland/rev/4000cae4b60a Get rid of telemetry for network.cookie.leave-secure-alone, r=Ehsan
|
||
Comment 11•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/9ce3161eadeb
https://hg.mozilla.org/mozilla-central/rev/4000cae4b60a
Description
•