439784 - Chrome XMLHttpRequest does not send/set cookies if third-party cookie's are blocked

Status: RESOLVED DUPLICATE of bug 437174

(Core :: Networking: Cookies, defect)

Description

[Michael Kraft [:morac]]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

If the accept third-party cookie option is not checked, then cookies are not sent when extensions issue a XMLHttpRequest send request to a web site nor cookies received when the response come in.

This effectively breaks any extension which accesses a web site that requires logging in, via the XMLHttpRequest component.  An example of two extensions which don't work with the "accept third-party cookies" check box option unchecked are Google Toolbar and Yahoo Toolbar, but there are a number of other ones.

A work around is to specify an "allow" or "allow for session" exception for the web site being accessed via the XMLHttpRequest.

Reproducible: Always

Steps to Reproduce:
1. Install Google Toolbar or Yahoo Toolbar extension
2. Log in to Google or Yahoo respectively

Actual Results:  
Neither extension can read/set cookie via the XMLHttpRequest so they will not acknowledge that the user is logged in.

Expected Results:  
They should indicate the user is logged in.

This is a regression from Firefox 2.0.

Comment 1

[Michael Kraft [:morac]]

I'd really like to get this fixed ASAP, since I'm now getting a few messages a day telling me my extension no longer works in Firefox 3.0 and I have to write back telling them to add an allow exception.

Comment 2

[Joseph Morlan]

FWIW, this is confirmed by me and needs to be addressed.