Closed Bug 1789047 Opened 2 years ago Closed 2 years ago

Firefox doesn't show third-party cookies created loading resources with tags other than iframe

Categories

(DevTools :: Storage Inspector, defect)

Firefox 104
defect

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1578666

People

(Reporter: antocota91, Unassigned)

Details

Steps to reproduce:

I have my website https://foo.com that inside the HTML page loads a JS file from https://bar.com/script.js with the <script> tag.
When the https://bar.com/script.js file is fetched the HTTP response contains the Set-Cookie header which, of course, creates a cookie named FAZZ. The cookie is stored, for sure, because if I reload the https://foo.com page when the https://bar.com/script.js file is fetched again, the HTTP request contains the Cookie header with FAZZ. However the FAZZ cookie cannot be found anymore, inside the Dev Tools > Storage > Cookies section the cookie is not listed anywhere.
Instead, if I load https://bar.com/index.php with the <iframe> tag and, similarly, this page sets a cookie named BAZZ then it is stored and it is visible under Dev Tools > Storage > Cookies > https://bar.com.
This happens both with ETP enabled and disabled.
The Firefox version is 104.0 (64-bit), on Ubuntu 20.04.

Actual results:

Cookies created loading resources with tags other than iframe, for example script/img/etc, are not visibile anywhere

Expected results:

I expect to find the FAZZ somewhere.

The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Privacy: Anti-Tracking
Product: Firefox → Core
Severity: -- → S2
Priority: -- → P1

Thanks for reporting.

I think it's because the devtool storage panel only displays cookies if there was a window of the given host loading inside the tab. In this case, only the<script> tag won't create a window, but a <iframe> tag does. That's why you can only see the cookies with <iframe> tag.

I am not sure if this is the intended behavior of devtool storage panel. I will forward this issue to devtool team.

Severity: S2 → --
Component: Privacy: Anti-Tracking → Storage Inspector
Priority: P1 → --
Product: Core → DevTools

The storage inspector allows you to see cookies which match the domains relevant to the current page (so top-level page + iframe).
This is a duplicated of Bug 1578666

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.