349680 - "Allow sites to set cookies for the original site only" missing from cookie preferences

Status: RESOLVED DUPLICATE of bug 421494

(Firefox :: Settings UI, defect)

Description

[Per Ångström]

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060817 Minefield/3.0a1

It seems that the preference "Allow sites to set cookies for the original site only" has gone missing, at least from my Linux trunk build 20060817. Unless blocking third-party cookies has been made mandatory, that option needs to be restored.

How to reproduce:
1) Open the Preferences window.
2) Select the Privacy tab.
3) Scan the Cookies section.

Current behavior: There is only one checkbox: "Accept cookies from sites".

Desired behavior: There should also be a "Allow sites to set cookies for the original site only" checkbox.

Comment 1

[Per Ångström]

Attachment: Screenshot of Preferences:Privacy tab

Comment 2

[Jo Hermans]

it was mentioned in http://groups.google.com/group/mozilla.dev.apps.firefox/browse_frm/thread/7e558f7d9ab7e184/c916bad0e8e168f3#c916bad0e8e168f3 (although I don't agree either, I would prefer that it was the default)

"Allow sites to set cookies for the original site only" was considered to difficult for most users to understand. "Only accept cookies from sites that I visit" wasn't much better.

Comment 3

[Per Ångström]

As for the wording, I suggest that the option should be stated in terms of disallowing a questionable feature. Hy suggestions are: "Disallow 3rd-party cookies", or "Disallow alien cookies".

No matter the wording, there should still be a GUI for changing this setting, especially since the default is bad for one's privacy.

Comment 4

[Jackie Liu]

The options are gone both with Minefield nightlies and Bon Echo nightlies.  Related to/dupe of Bug 216743?

Comment 5

[johann.petrak@gmail.com]

I think it would be reasonable to confirm this as a bug different from bug 216743  sincte this is about dropping what was in Firefox before and taking away an important configuration option from users, while bug 216743 is about some wonderful perfect way how to do it in the future. I'd rather have the old dialog instead of the current one until that perfect solution is going to happen.

Comment 6

[Per Ångström]

Request blocking Firefox 2. I know it's late in the game, but this is an important privacy feature that has disappeared. If it's impossible to come up with a new wording, why not simply keep the old one for now?

Comment 7

[Steve England [:stevee]]

Bug 324397 is about setting the default option to deny third-party cookies (no UI change).

Comment 8

[Reed Loden [:reed]]

This was regressed by bug 345516. The strings were removed, so I'm not sure if it will even be possible to add this back for Firefox 2 due to string freeze. :(

Comment 9

[Simon Bünzli]

Since this most probably won't make Firefox 2.0, we might at least want to add a minor release note as to how to revert this pref in case somebody accidentally set it and is now running into troubles because of this.

Comment 10

[Mike Beltzner [:beltzner, not reading bugmail]]

As I understand things from mconnor, this option never worked in the first place, which is why we removed it. I'm happy to add a release note about how to enable it, but we're not going to block release on a full solution, since misleading UI (ie: an option that doesn't do what it claims to do) is no better than missing UI. 

Tempted to WONTFIX, really. 

Comment 11

[Boris Zbarsky [:bzbarsky]]

> As I understand things from mconnor, this option never worked in the first
> place

Er... the back end should work fine.  Was the UI just not hooked up to it?

Requesting 1.9 blocking; need to evaluate how this change will affect the alpha.

Comment 12

[Boris Zbarsky [:bzbarsky]]

Looks like the original trunk changed that caused this is bug 340677.  Two months ago people questioned this change in that bug.... and received absolutely no response.

Comment 13

[Mike Beltzner [:beltzner, not reading bugmail]]

Boris, we did talk about this in dev.apps.firefox as Waldo pointed out in bug 340677 comment 76. Also, mconnor points out that bug 200716 indicates that the way we currently guard from third-party cookies doesn't really work. Finally, dveditz points out in bug 324397 comment 1 that since a lot of sites have easy workaround for third-party cookies, it's mostly a "feel good" setting.

I stick to my original point: I'm not saying that the value of such a setting is useless. I'm saying that the value of such a setting which doesn't do *exactly* what it says it does is useless, which is what we presently have.

Comment 14

[Mike Connor [:mconnor]]

As dveditz noted in Bug 324397, this option doesn't really work due to iframes/redirects, and the methods they're using can't effectively be stopped without breaking the web in general.  We've been through this before, and there really isn't a good way to make this effective.

As much as it would be nice to have it just work, it doesn't, and there's unfixable ways around it, so the UI is either pointless (barely works) or damaging (users perceive the app as broken).

Comment 15

[Phil Ringnalda (:philor)]

*** Bug 355483 has been marked as a duplicate of this bug. ***

Comment 16

[Phil Ringnalda (:philor)]

*** Bug 361021 has been marked as a duplicate of this bug. ***

Comment 17

[:Gavin Sharp [email: gavin@gavinsharp.com]]

*** Bug 362908 has been marked as a duplicate of this bug. ***

Comment 21

[Jesse Ruderman]

This feature is back in Firefox 3, and works better than ever.