blocking cookies from "co.uk" blocks all cookies from "anydomain.co.uk"

RESOLVED DUPLICATE of bug 252342

Status

()

enhancement
RESOLVED DUPLICATE of bug 252342
11 years ago
11 years ago

People

(Reporter: chris.bugzilla, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

In attempting to block a generic cookie for "co.uk" it appears that I blocked all cookies from domains which ended in "co.uk".

Reproducible: Always

Steps to Reproduce:
1.  Ensure preferences are set to accept cookies, with an exception to block "co.uk"
2.  Visit a site which is a subdomain of ".co.uk" and uses cookies
3.  
Actual Results:  
Cookie for subdomain.co.uk is refused


There needs to be a mechanism for blocking generic second level domains for ccTLDs without blocking cookies from more specific domains.

say "=co.uk" to block only co.uk domains, "co.uk" to block co.uk and subdomains
or "co.uk" to block only co.uk domains and "*.co.uk" to block co.uk and subdomains

Note, the help documentation makes no mention that blocking a domain blocks all subdomains of that domain.

Comment 1

11 years ago
This was supposed to be fixed by bug 252342 (in a way) - you can't place cookies anymore on co.uk, so there's anymore no reason to block these cookies.

It's actually normal that blocking a cookie would also block the subdomains, since those subdomains would also receive the cookie anyway, if it weren't blocked.
(Reporter)

Comment 2

11 years ago
You can't.  I beg to differ.  This all came about after I discovered two cookies on ".co.uk" domain in my Firefox cookies.

Try this script, it will attempt to set a cookie on "co.uk" domain.

http://wiki.jalakai.co.uk/tester499.php
in Firefox 2, yes it will. In Firefox 3 the cookie is not set.

Regardless of whether we do or don't block .co.uk, the subdomain blocking is intentional. If you block a higher-level domain you must individually allow the subdomains within that domain for which you want cookies. This applies to all our facilities that use the "permission manager", such as image blocking and popup blocking/allowing.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 252342
You need to log in before you can comment on or make changes to this bug.