Closed Bug 444272 Opened 16 years ago Closed 16 years ago

Allow privileged requests to deal with cookies regardless of third party cookie prefs

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 437174

People

(Reporter: mozbugs, Unassigned)

References

Details

(Keywords: helpwanted) 

Due to bug #421494, if third party cookie blocking is enabled, there's no straightforward way for a privileged caller to make a request that gets or sets cookies. This seems to be by design, but this is an oversight, as there are legitimate cases where one needs cookies enabled for functionality.

For example, this broke all 3 services that Flock supports for webmail, since popular webmail sites don't really have real desktop client APIs, pretty much everyone uses session cookie based auth to talk to them. As another example, the GMail Checker extension (https://addons.mozilla.org/en-US/firefox/addon/3179) breaks as well.

In general, this pretty much negates some nice advantages of using the browser as an application platform, notably not having to ask the user separate for their password when integrating with websites.

I propose adding a channel load flag for consumers to say they want cookies, and possibly an XHR convenience wrapper, or including it in mozBackgroundRequest functionality (no, I haven't thought the latter completely through yet).
Blocks: 421494
Keywords: helpwanted
Or perhaps XHR should just check if the caller has is privileged, and then set the channel load flag to allow cookies through?
at this point this bug should probably be duped to bug 437174 since it's a symptom of the same problem. bug 437174 comment 27 proposes some solutions.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.