Closed
Bug 230350
Opened 21 years ago
Closed 14 years ago
navigator.cookieEnabled does not look at site specific enabling/disabling of cookies
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 578534
People
(Reporter: ggb.mzl, Assigned: u278084)
References
Details
Attachments
(2 files, 1 obsolete file)
753 bytes,
text/html
|
Details | |
4.78 KB,
patch
|
dwitte
:
review-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 navigator.cookieEnabled is the standard way of determining whether the navigator will accept cookies. The trouble is that Mozilla only tells you if cookies are disabled at a system wide level. This is useless, since what the script wants to know is if it can set cookies, not whether some other domain might be able to set cookies. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Reporter | ||
Comment 1•21 years ago
|
||
1. Put HTML of web server 2. Set globel cookies (in preferences) to enabled on a site by site basis. 3. Ensure that site has cookies enabled (in cookie manager). 4. Load HTML in browser - it will show cookies enabled. 5. Change site (in cookie manager) to reject cookies. 6. Reload HTML - it still says cookies are enabled (even though they should have now been disabled for the site). 7. Go into preferences, and disbale all cookies. 8. Reload HTML - it now, correctly, says that cookies are disabled.
Comment 2•20 years ago
|
||
Confirmed, marking NEW. Sending to DOM Level 0. Probably just a matter of reusing what already exists.
Status: UNCONFIRMED → NEW
Component: DOM → DOM: Level 0
Ever confirmed: true
I just (re)discovered this bug, and can confirm that it (still) exists in Firefox 2.0 and Camino 1.0.4. It also occurs in reverse: 1. disable cookies globally 2. add a site in cookie manager to accept cookies 3. verify javascript served from that site has document.cookieEnabled set to 'false' even though cookies are enabled for that site. It's important to note that this bug basically makes document.cookieEnabled useless for detecting whether the user has cookies enabled or not. IMHO, this bug should be higher priority.
bug still exists in Firefox 2.0.0.11. i agree with matt c that this should be higher priority
(In reply to comment #4) > bug still exists in Firefox 2.0.0.11. i agree with matt c that this should be > higher priority And in SeaMonkey 1.1.9 And in Firefox 2.0.0.13 (And - as an aside - in Opera...) In at least one case this bug blocks logging in for online banking. So indeed, it really should be higher - if not high - priority.
Logging in with Microsoft's Live ID or whatever it actually is seems to be blocked by this as well. Currently, I'm not able to visit the Connect Bug Tracking System of Microsoft (where Live ID is used) when my cookies are disabled. That's why I visit the site in my cookie enabled Opera for now.
Flags: wanted1.9.1?
I see it on linux too, is probably platform independent.
OS: Windows 2000 → All
Comment 8•16 years ago
|
||
Not a wanted 1.9.1 bug, but that doesn't mean we wouldn't accept a patch if someone works one up.
Flags: wanted1.9.1? → wanted1.9.1-
I figured that the code at http://mxr.mozilla.org/mozilla-central/source/dom/src/base/nsGlobalWindow.cpp#9136 only looks at the global preference. Can anyone give me a hint, how I can get the site specific preference at that point? The rest would be trivial.
Comment 10•15 years ago
|
||
not a polish bug
Assignee: general → nobody
Keywords: polish
QA Contact: ian → general
Whiteboard: [polish-hard][polish-interactive]
Assignee | ||
Comment 11•15 years ago
|
||
I guess I can take this bug. It seems easy to fix, and it sorta annoys me. Here is a first stab at it. I appreciate a quick drive-by review, but I'm not sure who the right person is. jst would you take a look at it? Tests will come soon, and that will come when I ask for actual review.
Assignee: nobody → cdolivei.bugzilla
Status: NEW → ASSIGNED
Assignee | ||
Comment 12•15 years ago
|
||
Here is a patch with tests.
Attachment #362039 -
Attachment is obsolete: true
Attachment #362326 -
Flags: review?(dwitte)
Comment 13•15 years ago
|
||
ping. Sorry. Dan seems to be very busy, is there anyone else who could review this?
Comment 14•15 years ago
|
||
Comment on attachment 362326 [details] [diff] [review] v2 with test Hmm. Seems like a good idea, but I worry that we're exposing more information by doing this. For instance, it'd be relatively simple for a site to figure out if you have an exception in place for it. Is that acceptable? jst or dveditz should probably make a call there. Also, the value of navigator.cookieEnabled has no real bearing on whether the site will be able to set or retrieve cookies, with or without this patch. There are many other things that can get in the way (user prompting, third party context, privacy addons etc). But this does get us closer to the intent of navigator.cookieEnabled, which is a good thing. On to the review... > NS_IMETHODIMP > nsNavigator::GetCookieEnabled(PRBool *aCookieEnabled) > { >- *aCookieEnabled = >- (nsContentUtils::GetIntPref("network.cookie.cookieBehavior", >- COOKIE_BEHAVIOR_REJECT) != >- COOKIE_BEHAVIOR_REJECT); >+ nsCOMPtr<nsIChannel> channel; >+ nsCOMPtr<nsIURI> uri; >+ nsCString string; You don't use |string|, you can remove it. >+ nsCOMPtr<nsICookiePermission> perm = >+ do_GetService(NS_COOKIEPERMISSION_CONTRACTID); >+ nsCookieAccess access; >+ >+ if (!perm) { >+ return NS_ERROR_NOT_IMPLEMENTED; >+ } Not having an nsICookiePermission service isn't fatal. You should fall back to the previous behavior in that case... >+ if (NS_SUCCEEDED(mDocShell->GetCurrentDocumentChannel( >+ getter_AddRefs(channel))) && >+ NS_SUCCEEDED(channel->GetURI(getter_AddRefs(uri))) && >+ NS_SUCCEEDED(uri->GetHost(string)) && You don't need the GetHost() call here. Also, I'm not sure if you're getting the correct URI here (check with jst?). (For example, http://mxr.mozilla.org/mozilla-central/source/content/html/document/src/nsHTMLDocument.cpp#1732 involves getting the codebase URI.) >+ NS_SUCCEEDED(perm->CanAccess(uri, channel, &access))) { >+ switch (access) { >+ case nsICookiePermission::ACCESS_DENY : >+ /* We explicitly deny this domain */ >+ *aCookieEnabled = PR_FALSE; >+ break; >+ case nsICookiePermission::ACCESS_ALLOW: >+ *aCookieEnabled = PR_TRUE; >+ break; >+ default: >+ /* Check preferences for ACCESS_DEFAULT */ >+ *aCookieEnabled = >+ (nsContentUtils::GetIntPref("network.cookie.cookieBehavior", >+ COOKIE_BEHAVIOR_REJECT) != COOKIE_BEHAVIOR_REJECT); If the cookieBehavior pref doesn't exist, the cookieservice will actually default to accepting cookies... so the second arg to GetIntPref should probably be COOKIE_BEHAVIOR_ACCEPT, which you can #define to be 0 above. Also, please indent the |switch| statement two spaces in from the |if|. >+ } >+ } else { >+ return NS_ERROR_FAILURE; >+ } Could just return the default value instead of erroring.
Attachment #362326 -
Flags: review?(dwitte) → review-
Comment 16•15 years ago
|
||
(In reply to comment #14) > But this does get us closer to the intent of navigator.cookieEnabled, > which is a good thing. And I think that's what this bug is actually about. I surf the web with cookies disabled myself. Unfortunately, there are a lot of websites that use cookieEnabled to check if they should show me their content or not. So even if I allow example.org to set cookies, it won't let me log in or do any other action, because cookieEnabled returns the wrong value. That's really annoying.
Comment 17•14 years ago
|
||
is flag wanted1.9.2 ?
Comment 18•14 years ago
|
||
Is there any chance of getting this fixed? It was reported SIX YEARS ago and many versions have come and gone since. Seems like a pretty important error. If anything, count this as a request to bump up the priority level on this one.
Comment 19•14 years ago
|
||
There hasn't been a patch in this bug for a year and a half, and we have another bug opened where there is progress being made. Marking this as a dupe of that. If I'm wrong for doing this, someone is more than welcome to correct my action.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•