Closed Bug 1576799 Opened 5 years ago Closed 2 years ago

cookie exceptions add http prefix - causing problems if you use OAuth2 and disabled cookies

Categories

(Thunderbird :: Preferences, defect)

Product:
Thunderbird
Component:
Preferences
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: emoore, Unassigned)

References

Details

(Whiteboard: smoketest68.0)

I'm using Thunderbird 68.0 under Windows 10 with a new profile that has just a Fastmail IMAP account. It doesn't support/use OAuth2.

I unchecked support for cookies, added "allow" exceptions for gmail.com and google.com and tried to add a Gmail IMAP account. The popup complained that cookies were disabled.

The problem turned out to be that the exceptions automatically added a http prefix to the domains. It should have added none. If one had to be added https would make a lot more sense nowadays.

Bug 1246096 (core:networking:cookies) is over 4 years old and hasn't had any comments for two years. Any Thunderbird user that is concerned about cookies and adds a Yahoo/AOL/AT&T/Verizon or Gmail account with OAuth2 is likely to run into this problem.

Given how popular Gmail accounts are and 68.0 creating a new profile by default, perhaps Thunderbird should add a workaround for this bug. A user doesn't care which group is at fault.

Is this really a regression?

See Also: → 1246096
See Also: → 1174797
Severity: normal → S3

Eric, Do you find this is still a problem?

Flags: needinfo?(emoore)

I'm now using Thunderbird 102.6.1 (64-bit) under Windows 11pro, with a new profile created on a different PC. I still have a Fastmail IMAP account configured to use SSL/TLS with normal password (not OAuth2).

I have accept cookies from sites set up in the privacy and security settings for both fastmail and gmail.

My Gmail IMAP account is using OAuth2. My mind is still recovering from recent brain surgery so I might be mis-understanding the situation but it appears the problem has been solved as I now see a https://gmail.com and a https://google.com with "allow" status in the exceptions for Gmail. Note: its using a https prefix (as hoped for) not http (what it used to use).

As an aside it appears Fastmail has added support for OAuth2 IF you use a different identity since I submitted the bug report but I have no desire to attempt to use that feature as its adds additional risk with little benefit to me. See https://www.fastmail.help/hc/en-us/articles/4409885100431-Sending-from-other-addresses-OAuth2

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(emoore)
Resolution: --- → FIXED

Thanks for the update. We use WORKSFORME when there is no patch associated with the bug report.

Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.