Closed
Bug 299160
Opened 19 years ago
Closed 19 years ago
Set cookies from originating website only - all cookies are set regardless of origin
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
VERIFIED
DUPLICATE
of bug 200716
People
(Reporter: zach, Assigned: darin.moz)
References
()
Details
From BFT day, see the testcase at http://testrunner.mozilla.org/tr_caselogform.cgi?id=55329. The "set cookies from originating website only" option should be restricting the cookies that can be set, but the option has no effect; all cookies are set. Steps to reproduce: 1. Prefs->Privacy->Cookies 2. Allow site to set cookies for the originating website only, keep until they expire 3. Close prefs 4. Load aol.com 5. Reopen Prefs->Privacy->Cookies 6. View cookies In addition to the aol.com cookie, a cookie from edge.ru4.com is saved, yet it should not have been as aol.com does not equal ru4.com. Seen on FF 20050629 trunk with OS 10.4.1 and by a BFT tester on Windows.
Reporter | ||
Comment 1•19 years ago
|
||
This should probably be a 1.1 beta blocker if not alpha.
Flags: blocking-aviary1.1?
Reporter | ||
Comment 2•19 years ago
|
||
*** Bug 149115 has been marked as a duplicate of this bug. ***
Comment 3•19 years ago
|
||
confirmed on Mac OS X 10.2.8 Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050629 Firefox/1.0+ So that's why I currently have so many cookies in my list ...
Comment 4•19 years ago
|
||
do I need a special login for testrunner? If so, the caption is misleading. I logged out of mozilla, had to submit a change password request, logged in again, and still couldn´t log in to testrunner. Bug 299174 cookie pref: "for the orginating site only" doesn't strictly block all non orginating site cookies has a more explicit description of what is going on, and mentions Bug 287571 Remove UI for 'Load Images for the originating web site only' pref
Reporter | ||
Comment 5•19 years ago
|
||
Sorry yes. You will need access to testrunner to be able to view the testcase. However, it is functionally the same as the steps to reproduce I posted.
Comment 6•19 years ago
|
||
(In reply to comment #5) > Sorry yes. You will need access to testrunner to be able to view the testcase. > However, it is functionally the same as the steps to reproduce I posted. A testcase has the big advantage you don´t need to switch between two tabs to see how to proceed, and everybody commenting is following the same link. I can understand that the access to testrunner is restricted, but what I can´t understand is that I´m not told that I don´t have sufficient privilegs. I was logged in to Bugzilla, got the message 'This is Bugzilla ... Login' This triggered my debugging reflexes, ask for new password, ok. I got a mail to change my password, and reused my old one, as I use my bugzilla account on more than one machine. Same behaviour. Then I retried the email address I used before, and got a correct error message, something like I need special privileges, mail Asa.
Comment 7•19 years ago
|
||
*** Bug 299174 has been marked as a duplicate of this bug. ***
Comment 8•19 years ago
|
||
from my dupe: - Set the prefs in Tools | Privacy | cookies to [x] Allow sites to set cookies (pref on) [ ] for the originating site only ( pref off) - clear your cookies - visit www.aol.com - view cookies [+]edge.ru4.com [+]aol.com [+]2o7.net the above sites have cookies set. then try it with: [x] "for the originating site only" (pref on) - clear your cookies - visit www.aol.com - view cookies [+]edge.ru4.com [+]aol.com the above sites have cookies set. cookies from 2o7.net were not allowed. Is that expected, or should the cookies for edge.ru4.com have been blocked as well. a strict interpretation of the pref wording would be that all cookies except those from aol.com would be blocked.
Seems like a dupe of <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=200716">Bug 200716</a>
Comment 10•19 years ago
|
||
This is gonna need to make b4 if it's gonna make 1.1 so shifting the nomination.
Flags: blocking-aviary1.1? → blocking1.8b4?
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4-
Comment 11•19 years ago
|
||
"Normal" cookies don't seem to be set regardless of origin.. those with cross site javascripts seem to set the cookies though. *** This bug has been marked as a duplicate of 200716 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•