User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:220.127.116.11) Gecko/20061201 Firefox/18.104.22.168 (Ubuntu-feisty)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:22.214.171.124) Gecko/20061201 Firefox/126.96.36.199 (Ubuntu-feisty)
I think that the combination of the CookieSafe and NoScript extensions is exactly how cookie and script security should work in Firefox:
* No scripts and no cookies by default.
* If I want to allow cookies for a site, I go to the site, and it's two clicks (and no typing!) to allow cookies for that site, and that site only.
Reproducible: Didn't try
I wrote up some <a href="http://meta.ath0.com/2007/02/02/firefox-hint/">notes</a> on NoScript and CookieSafe on my web site for anyone who doesn't know how they work.
I would vote against this if I could. Unfortunately I don't see the option.
I don't see why these should be part of the core at all when anyone (a small segment of users) can just install those extensions if they want it.
The only reason why I comment here is because of signature spamming this feature request on Slashdot.
The option for cookies works pretty well: you can set Firefox to throw away most cookies at the end of the session. If you want Firefox to keep cookies from a certain site, you can go to the Page Info "Permissions" pane and select "Allow". This takes a few more clicks than with the extension, but it does the right thing.
"I don't see why these should be part of the core at all..."
Because you shouldn't have to install extensions to get a simple, usable UI.
The functionality is already in Firefox. However, it's really awkward to use. All I'm asking for is the UI to be as simple as it is if you add the two extensions.
I can see something akin to YesScript (a simple on/off switch on the toolbar) being a viable option to integrate with Firefox, but NoScript is one of the most convoluted add-ons I've ever come across, a classic geek-mentality tool that would frighten anything but the most hardened Firefox user.
CookieSafe I can't comment on because I've never used it. But certainly, as written, this is one of those bugs that makes you wish you could vote against it instead of only for it.
Closing as WONTFIX. Probably could also dupe this to half-a-dozen other reports.
That's not what the request said. Quote:
'The default when Firefox is installed could be "cookies for everyone / script
for everyone" to make advertisers and newbies happy.'
Here's a news story with several million more reasons why NoScript functionality is an essential security feature which belongs in the core product:
I see you've added the per-site cookie blocking, in spite of claiming WONTFIX.
Now all you need is the same thing for scripts.
(In reply to comment #8)
What "in spite of"? I said point blank in comment 5 that I think per-site cookie and JS options are a good thing, just not blocking everything by default. (though I think blocking 3rd party cookies by default would be good, but probably not going to happen anytime soon) Fundamentally, this bug requests them all off by default, which as already stated isn't going to happen.
I suggest you not bother playing with the status and just leave this WONTFIXed, as nobody is going to fix it. The average user either won't put up with prompts for every page to use basic web functionality and those who would, frankly, wouldn't know when to allow or not.
The part you want that may get done at some point is per-site JS blocking. If there's no bug for that yet file a new one for just that. (though, there is probably one somewhere, but I can't find it at the moment; I just see the dupes to the SeaMonkey bug)
I reopened bug 320522 from being marked as a dup of a seamonkey bug.