Open Bug 389002 Opened 13 years ago Updated 1 year ago

Browsing to with blocked cookies result in Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"


(Core :: DOM: Core & HTML, defect, P5)





(Reporter: cbook, Unassigned)


(Blocks 1 open bug)


(Keywords: testcase)


(1 file)

Steps to Reproduce:

- Set Cookies from to the cookie blocklist
- Go to 
- Check the Error Console:

Error: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: " Line: 167"]
Source File:
Line: 167
Attached file testcase
Bug 365772 is a bit related.
When cookies are denied, then storage is throwing errors when trying to access it, while document.cookie just returns an empty string.
Treating persistent storage as cookies: user agents may present the persistent storage feature to the user in a way that does not distinguish it from HTTP session cookies. [RFC2965]
You could read that as "storage functions should not throw security errrors when cookie functions aren't doing it either", I guess. Although I suspect that part is more talking about the UI or something.
Assignee: dveditz → nobody
Component: Security → DOM
Keywords: testcase
QA Contact: toolkit → general
What is the cause of the security exception? Is this because it is trying to access the storage of a different domain? The spec says that doing this "must then raise a security exception." although it doesn't currently define what a "security exception" is.
Sorry, the testcase was made for http://localhost use.
If you then block cookies from localhost, you get the mentioned security errors when trying to access globalStorage['localhost.localDomain'].
This doesn't happen with cookies. You just seem to get an empty string returned when trying to get/set a cookie.
Blocks: 435025
I don't think this is just related to bug 365772, I think this is bug 365772. I've encountered this problem on the cnn video site and when I set my cookie setting to "keep until they expire", cnn's video worked... see bug 442605.
I got this error today when I was testing the tryserver build from
Here is the site I tested:

Same NS_ERROR_DOM_SECURITY_ERR error with same security code.
I can confirm this on Firefox 3.5.4:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv: Gecko/20091016 Firefox/3.5.4
and r26510
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20091031 Ubuntu/9.10 (karmic) Shiretoko/3.5.5pre 

This seems to be fixed in 3.6 Beta 1 Build 3

Ubuntu Bug:
Well, CNN video now plays with my third-party cookies turned off, or with the lifetime set to "Ask every time" and me selecting "For session". However, given that this bug is 3 years old, that could be due to changes on

But, I can still get the error if I do something that tries to set a cookie from javascript while the "Ask every time" setting is on (lifetimePolicy = 1).

Couple of examples after clearing out all of my cookies and loading

Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: " Line: 345"]

This is line 345 of that js:
                return (window.localStorage && (window.localStorage!=null));

The page then prompts me if I want it to make the International Edition my default. If I press Yes or No, I get a similar error:

Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: " Line: 521"]

The cookie that stores the default edition is set, but the prompt to make a selection does not go away. s_code.intl.js (or s_code.js on the US site) is Omniture, and there's no telling from their mangled javascript what that's trying to do, but I don't see a reference to localStorage anywhere in that javascript.

I've tried several times back and forth and have confirmed that the above errors only happen when I have the cookie lifetime policy set to '1' (Ask me every time).

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20100914 Firefox/3.6.10
(In reply to comment #7)
> But, I can still get the error if I do something that tries to set a cookie
> from javascript while the "Ask every time" setting is on (lifetimePolicy = 1).

Sorry, that was misleading. I was speculating before I looked at the js, but in the one case it's trying to access window.localStorage and in other case (the Omniture js) I can't tell what it's trying to do, though Omniture is known to get invoked (to send a usage data back to their servers via AJAX) in response to clicking a hyperlink.
We are experiencing the same problem in Firebug.
Test case + more details here:

This is reproducible on the webtogs website:

with 3rd party cookies set to "ask me every time".

Setting to "until they expire" results in the site working.

The error reported in the console is:

Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: " Line: 24"]
This bug was supposedly fixed in 3.6, but it's still there in 4.0. I can reproduce it with the following code:

        if (localStorage) {
        } else {

If cookies are disabled, I get a "security error code 1000", regardless of whether local storage is enabled or not.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.