Closed Bug 1705875 Opened 9 months ago Closed 5 months ago

Cookies not sent when using view-source on localhost

Categories

(Core :: Privacy: Anti-Tracking, defect, P2)

Firefox 88
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: kontakt, Unassigned)

References

(Regression)

Details

(Keywords: regression)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0

Steps to reproduce:

While developing a local applicaction running on localhost:8080, I logged in to the app (using simple cookie-with-session-id-based auth), visited the user page and pressed "view source".

The application is 100% server-side rendered, no DOM manipulation on the front-end.

Actual results:

The "view source" tab revealed the view that is being shown when the user is not logged in - not the one I was currently visiting.

When I've pinned some.domain.com to 127.0.0.1 in /etc/hosts and then visited the app on 127.0.0.1:8080, the bug did not occur.

Expected results:

The source of the exact page I was visiting should show up.

The Bugbug bot thinks this bug should belong to the 'Core::Networking: Cookies' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Networking: Cookies
Product: Firefox → Core

Could you check if setting privacy.partition.network_state to false in about:config fixes the bug?
Seems similar to bug 1705389

Flags: needinfo?(kontakt)

Yes, setting setting privacy.partition.network_state to false in about:config fixes the bug. Although I don't know what other side effects it might have 🤔

Flags: needinfo?(kontakt)

(In reply to Kuba Orlik from comment #3)

Yes, setting setting privacy.partition.network_state to false in about:config fixes the bug. Although I don't know what other side effects it might have 🤔

Technically it makes you a little more fingerprintable :) but shouldn't change behaviour too much.
Should be OK to use during development.

Component: Networking: Cookies → Privacy: Anti-Tracking
Regressed by: 1651134
Severity: -- → S2
Priority: -- → P2
Severity: S2 → S3
Blocks: dfpi-hq

I cannot reproduce with neither Firefox 88 nor latest Nightly (93). If I set a cookie via HTTP header in a normal tab and then open view-source for the given tab, the previously set cookie is sent to the server.
Here is my test code: https://gist.github.com/Trikolon/5ea7020e299090a0723734ed8dbc62d7

Reporter, could you provide a minimal PoC?

Flags: needinfo?(kontakt)

I've just tried it on a clean profile and the issue doesn't occur. Must be one of my addons, will check which one, one by one. But given that, it doesn't seem like it's an issue with Firefox itself.

Status: UNCONFIRMED → RESOLVED
Closed: 5 months ago
Flags: needinfo?(kontakt)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.