Open Bug 1771706 Opened 3 years ago Updated 3 years ago

Disable Total Cookie Protection on file:// links with ETP - Standard Enabled

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 100
Platform:
x86_64
Linux
Type:
enhancement

Tracking

()

People

(Reporter: rsemil, Unassigned)

References

Details

Environment:
Browser / Version: Firefox 100.0.2
Operating System: Ubuntu 22.04 LTS

Prerequisites:

Create a local .html file with an iframe to some external site, for example an embedded Google Calendar.

Steps to Reproduce:

  1. Enable Enhanced Tracking Protection and enable Total Cookie Protection
  2. Open the .html file in Firefox, i.e., through a file:// URI
  3. No cookies are sent to the iframe (e.g., you cannot show the embedded Google Calendar)

Expected Behavior:

There should be a way disable Total Cookie Protection for a local file.

Actual Behavior:

There is no shield icon in the address bar. I cannot follow the instructions on https://support.mozilla.org/en-US/kb/introducing-total-cookie-protection-standard-mode

Notes:

I am using a local file as my browser homepage and use iframes as widgets.

Thanks for filing a bug! I can't reproduce the issue with an embedded Google Calendar. It loads fine and doesn't show any trackers blocked. Could you provide an html file I can use to reproduce this issue?

Flags: needinfo?(rsemil)

I'm interpreting this report as there being no option to disable storage partioning for frames embedded in local files.

STR:

  1. Visit a local file, e.g. file:///tmp/
  2. Load a remote iframe, e.g. with the devtools:
    document.body.appendChild(document.createElement("iframe")).setAttribute("src","https://example.com/");
  3. Switch the devtools to the context of that iframe (via the button in the upper-right corner).
  4. Set a cookie: document.cookie = "koek=eten"; SameSite=None; Secure
  5. Open a new tab with the domain that was embedded: https://example.com
  6. Print the value of the cookie via the devtools for the tab from step 5: document.cookie

Expected:

  • At step 6, the cookie from step 4 should somehow be printed.

Actual:

  • There is no way to get the expected result.

Extra info:

  • Via Services.cookies.getCookiesWithOriginAttributes('{"privateBrowsingId":1}'), I can retrieve the cookie. Its originAttributes.partitionKey is (file,)
  • All file:-cookies at file:/// share the same cookie jar. Their host field is an empty string (and apparently intentional - bug 209964).
Flags: needinfo?(rsemil)
See Also: → 1671589
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.