Open Bug 1629055 Opened 4 years ago Updated 2 years ago

Set cookie to secure on http environment by javascript for local development actually effect but cannot read.

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Version:
75 Branch
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: lyhu99m, Unassigned)

Details

Attachments

(1 file)

螢幕截圖 2020-04-10 21.26.29.png
41.74 KB, image/png
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36

Steps to reproduce:

Scenario:
sample js code about setting cookie at frontend:

let seqSample = `123`;
const now = new Date();
const expireTime = new Date();
expireTime.setDate(now.getDate() + 30);

document.cookie = `seqSample=${seqSample}; expire=${expireTime.toUTCString()}; secure; samesite=strict;`

sample js code about reading value at frontend:

const strAry = document.cookie;
console.log(`strAry: ${JSON.stringify(strAry)}`);

and has printed below information in firefox version 75:

strAry:

But this cookie show its key and value in firefox version 75 dev tools’ Application tab.

When my previous development environment with firefox version was older than 75, it will print below information:

strAry: 123

Actual results:

Using javascript code to set cookie to value of secure to true on http environment for my local development actually effect. But from section: Secure and HttpOnly cookies
of your document https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies , it won’t effected on http environment.

My environment:
Ubuntu 18.04 LTS 64bit
Firefox version 75 stable , release at April 7, 2020
Angular framework v6.10
URL link for web app: http://localhost:4200

Expected results:

I recommend you team can do one of followings:

Behavior of firefox version 75 can be consistent with ones start from version 52 and later.

  1. Provide better developer experience for setting firefox trusting local web sites with self-signed https certificate based on major operating systems, which can be clear tutorials or easy-to-configure setting.

Assigning "Core - Networking: Cookies" component.

Component: Untriaged → Networking: Cookies
Product: Firefox → Core

So this is really about console behavior? I don't see anything in the release notes about anything that changed in 75.

Component: Networking: Cookies → DOM: Core & HTML

hmm, is bug 1627653 related?

Resetting severity to default of --.

(In reply to Andy Grover [:grover] from comment #3)

hmm, is bug 1627653 related?

Yes, it's related.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: