Closed Bug 430538 Opened 17 years ago Closed 16 years ago

Third-party cookie-blocking breaks auth-required XPI downloads

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 462739

People

(Reporter: toddsf, Unassigned)

References

Details

If a site hosting an XPI requires that a user present a cookie before downloading, installation fails if the user has disabled third-party cookies. Specifically, if a site hosts a page that contains a link to a script that checks the user's cookie before returning the XPI, installation fails in the second phase. In the first phase, the user clicks on the link, and everything is good: the site's cookie is sent to the script because the originating uri is the page's uri, and its domain matches that of the cookie. When Firefox sees the XPI being downloaded, the extension manager steps in to issue its warning. If the user confirms that he really wants to do the download (by allowing the site), Firefox issues another download request, but this time there is no originating uri. The cookie is thus not sent and the download fails with error -207. This fails on the Foxmarks beta site (http://beta.foxmarks.com/)
Blocks: 421494
Looks like this got fixed in bug 462739, right?
Component: Networking: Cookies → Installer: XPInstall Engine
QA Contact: networking.cookies → xpi-engine
Yeah it's the same issue.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.