Add compatibility heuristics to third-party cookie blocking
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox76 | --- | fixed |
People
(Reporter: englehardt, Assigned: baku)
References
(Blocks 1 open bug)
Details
Attachments
(5 files)
Apple has just announced that Safari will block third-party cookies for all origins: https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more.
We currently block third-party cookies for tracking origins, and have added in compatibility heuristics to prevent breakage under that policy. We have not added compatibility heuristics to blanket third-party cookie blocking, and we know that--without those heuristics--third-party cookie blocking causes too much breakage to ship. Now that it's clear Apple feels comfortable blocking all third-party cookies with the heuristics, it would be great to test that condition in Firefox.
We should do the following when third-party cookie blocking is enabled (i.e., when network.cookie.cookieBehavior = 1)
- Grant access with both window.open heuristics
- Grant access with the Storage Access API
Let's add this behind a pref, make the pref default to true on Nightly, and do some messaging on dev-platform.
|
Reporter | |
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
(In reply to Steven Englehardt [:englehardt] from comment #0)
Let's add this behind a pref, make the pref default to true on Nightly, and do some messaging on dev-platform.
Note, that this does not mean make blocking third party cookies default on Nightly. But, if a Nightly user chooses on their own to block all third party cookies, enable the heuristics and storage access api so that websites can get access to third party cookies when it seems necessary. We will email dev-platform, so that users who have chosen this setting are aware and can tweak this new pref if they don't want the heuristics and storage access api to work.
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
|
Assignee | |
Comment 3•4 years ago
|
||
Depends on D69046
|
|
Assignee | |
Comment 4•4 years ago
|
||
Depends on D69047
|
|
Assignee | |
Comment 5•4 years ago
|
||
Depends on D69048
|
|
Assignee | |
Comment 6•4 years ago
|
||
Depends on D69249
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/112e2a3c3037 Add compatibility heuristics to third-party cookie blocking - part 1 - pref to add heuristics and storage access API to cookie behavior REJECT_FOREIGN, r=dimi,timhuang https://hg.mozilla.org/integration/autoland/rev/ab03e8641f1a Add compatibility heuristics to third-party cookie blocking - part 2 - enable storageAccess API and heuristics, r=dimi,timhuang https://hg.mozilla.org/integration/autoland/rev/bcbea743bdc1 Add compatibility heuristics to third-party cookie blocking - part 3 - redirect heuristic, r=dimi,timhuang https://hg.mozilla.org/integration/autoland/rev/3faee0cf2c83 Add compatibility heuristics to third-party cookie blocking - part 4 - tests, r=dimi,timhuang https://hg.mozilla.org/integration/autoland/rev/07f22519f90f Add compatibility heuristics to third-party cookie blocking - part 5 - extra code to enable heuristics, r=timhuang
|
||
Comment 8•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/112e2a3c3037
https://hg.mozilla.org/mozilla-central/rev/ab03e8641f1a
https://hg.mozilla.org/mozilla-central/rev/bcbea743bdc1
https://hg.mozilla.org/mozilla-central/rev/3faee0cf2c83
https://hg.mozilla.org/mozilla-central/rev/07f22519f90f
Description
•