Closed Bug 533985 Opened 15 years ago Closed 15 years ago

If third party cookies are disabled, extensions can't set cookies via the cookie manager

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Version:
1.9.2 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: mkaply, Unassigned)

Details

Our extension (Optout) sets optout cookies via an addon so a user doesn't have to visit different sites to set them. We received a report that it wasn't working for some people and when we debugged, we found that if third party cookies are disabled, the cookie APIs silently fail when writing cookies. Code like fails: var now = new Date(); var expired = new Date(Date.parse("January 1, " + (now.getFullYear() + 10) + " 12:00:00")); var cookie = name + "=" + value + ";expires=" + expired; // if (domain.charAt(0) == '.') { cookie += ";domain=" + domain; // } var uri = ioService.newURI("http://" + domain + "/", null, null); cookieService.setCookieString(uri, null, cookie, null); There is another extension that ran into this problem as well: https://addons.mozilla.org/en-US/firefox/addon/3255
You are passing a null channel, which is strongly discouraged for just this reason -- that's how we check whether it's a third party cookie or not http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/public/nsICookieService.idl#116 But for this use you probably want the nsICookieManager2::add() backdoor instead. The CookieSafe addon (2497) used this, for example. http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/public/nsICookieManager2.idl
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
If you use the direct CookieManager interfaces you are expected to do all the preference checking and sanity checking yourself, use carefully!
You need to log in before you can comment on or make changes to this bug.