Firefox doesn't show third-party cookies created loading resources with tags other than iframe
Categories
(DevTools :: Storage Inspector, defect)
Tracking
(Not tracked)
People
(Reporter: antocota91, Unassigned)
Details
Steps to reproduce:
I have my website https://foo.com that inside the HTML page loads a JS file from https://bar.com/script.js with the <script> tag.
When the https://bar.com/script.js file is fetched the HTTP response contains the Set-Cookie header which, of course, creates a cookie named FAZZ. The cookie is stored, for sure, because if I reload the https://foo.com page when the https://bar.com/script.js file is fetched again, the HTTP request contains the Cookie header with FAZZ. However the FAZZ cookie cannot be found anymore, inside the Dev Tools > Storage > Cookies section the cookie is not listed anywhere.
Instead, if I load https://bar.com/index.php with the <iframe> tag and, similarly, this page sets a cookie named BAZZ then it is stored and it is visible under Dev Tools > Storage > Cookies > https://bar.com.
This happens both with ETP enabled and disabled.
The Firefox version is 104.0 (64-bit), on Ubuntu 20.04.
Actual results:
Cookies created loading resources with tags other than iframe, for example script/img/etc, are not visibile anywhere
Expected results:
I expect to find the FAZZ somewhere.
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Thanks for reporting.
I think it's because the devtool storage panel only displays cookies if there was a window of the given host loading inside the tab. In this case, only the<script>
tag won't create a window, but a <iframe>
tag does. That's why you can only see the cookies with <iframe>
tag.
I am not sure if this is the intended behavior of devtool storage panel. I will forward this issue to devtool team.
Comment 3•2 years ago
|
||
The storage inspector allows you to see cookies which match the domains relevant to the current page (so top-level page + iframe).
This is a duplicated of Bug 1578666
Description
•