"Allow sites to set cookies for the original site only" missing from cookie preferences




12 years ago
10 years ago


(Reporter: Per Ångström, Unassigned)


({regression, relnote})

2.0 Branch
regression, relnote
Dependency tree / graph
Bug Flags:
blocking-firefox2 -

Firefox Tracking Flags

(Not tracked)



(1 attachment)



12 years ago
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060817 Minefield/3.0a1

It seems that the preference "Allow sites to set cookies for the original site only" has gone missing, at least from my Linux trunk build 20060817. Unless blocking third-party cookies has been made mandatory, that option needs to be restored.

How to reproduce:
1) Open the Preferences window.
2) Select the Privacy tab.
3) Scan the Cookies section.

Current behavior: There is only one checkbox: "Accept cookies from sites".

Desired behavior: There should also be a "Allow sites to set cookies for the original site only" checkbox.

Comment 1

12 years ago
Created attachment 234926 [details]
Screenshot of Preferences:Privacy tab

Comment 2

12 years ago
it was mentioned in http://groups.google.com/group/mozilla.dev.apps.firefox/browse_frm/thread/7e558f7d9ab7e184/c916bad0e8e168f3#c916bad0e8e168f3 (although I don't agree either, I would prefer that it was the default)

"Allow sites to set cookies for the original site only" was considered to difficult for most users to understand. "Only accept cookies from sites that I visit" wasn't much better.

Comment 3

12 years ago
As for the wording, I suggest that the option should be stated in terms of disallowing a questionable feature. Hy suggestions are: "Disallow 3rd-party cookies", or "Disallow alien cookies".

No matter the wording, there should still be a GUI for changing this setting, especially since the default is bad for one's privacy.
OS: Linux → All
Hardware: PC → All

Comment 4

12 years ago
The options are gone both with Minefield nightlies and Bon Echo nightlies.  Related to/dupe of Bug 216743?
I think it would be reasonable to confirm this as a bug different from bug 216743  sincte this is about dropping what was in Firefox before and taking away an important configuration option from users, while bug 216743 is about some wonderful perfect way how to do it in the future. I'd rather have the old dialog instead of the current one until that perfect solution is going to happen.

Comment 6

12 years ago
Request blocking Firefox 2. I know it's late in the game, but this is an important privacy feature that has disappeared. If it's impossible to come up with a new wording, why not simply keep the old one for now?
Ever confirmed: true
Flags: blocking-firefox2?
Whiteboard: regression
Version: Trunk → unspecified
Bug 324397 is about setting the default option to deny third-party cookies (no UI change).
This was regressed by bug 345516. The strings were removed, so I'm not sure if it will even be possible to add this back for Firefox 2 due to string freeze. :(
Keywords: regression
Whiteboard: regression
Version: unspecified → 2.0 Branch

Comment 9

12 years ago
Since this most probably won't make Firefox 2.0, we might at least want to add a minor release note as to how to revert this pref in case somebody accidentally set it and is now running into troubles because of this.
Keywords: relnote
As I understand things from mconnor, this option never worked in the first place, which is why we removed it. I'm happy to add a release note about how to enable it, but we're not going to block release on a full solution, since misleading UI (ie: an option that doesn't do what it claims to do) is no better than missing UI. 

Tempted to WONTFIX, really. 
Flags: blocking-firefox2? → blocking-firefox2-
> As I understand things from mconnor, this option never worked in the first
> place

Er... the back end should work fine.  Was the UI just not hooked up to it?

Requesting 1.9 blocking; need to evaluate how this change will affect the alpha.
Flags: blocking1.9?
Looks like the original trunk changed that caused this is bug 340677.  Two months ago people questioned this change in that bug.... and received absolutely no response.
Blocks: 340677
No longer depends on: 340677
Boris, we did talk about this in dev.apps.firefox as Waldo pointed out in bug 340677 comment 76. Also, mconnor points out that bug 200716 indicates that the way we currently guard from third-party cookies doesn't really work. Finally, dveditz points out in bug 324397 comment 1 that since a lot of sites have easy workaround for third-party cookies, it's mostly a "feel good" setting.

I stick to my original point: I'm not saying that the value of such a setting is useless. I'm saying that the value of such a setting which doesn't do *exactly* what it says it does is useless, which is what we presently have.
As dveditz noted in Bug 324397, this option doesn't really work due to iframes/redirects, and the methods they're using can't effectively be stopped without breaking the web in general.  We've been through this before, and there really isn't a good way to make this effective.

As much as it would be nice to have it just work, it doesn't, and there's unfixable ways around it, so the UI is either pointless (barely works) or damaging (users perceive the app as broken).
Last Resolved: 12 years ago
Flags: blocking1.9? → blocking1.9-
Resolution: --- → WONTFIX
*** Bug 355483 has been marked as a duplicate of this bug. ***
*** Bug 361021 has been marked as a duplicate of this bug. ***
*** Bug 362908 has been marked as a duplicate of this bug. ***
Duplicate of this bug: 366597
Duplicate of this bug: 375136
Duplicate of this bug: 391336

Comment 21

10 years ago
This feature is back in Firefox 3, and works better than ever.
Duplicate of bug: 421494
You need to log in before you can comment on or make changes to this bug.