If third party cookies are disabled, extensions can't set cookies via the cookie manager

RESOLVED INVALID

Status

()

Core
Networking: Cookies
RESOLVED INVALID
9 years ago
9 years ago

People

(Reporter: mkaply, Unassigned)

Tracking

1.9.2 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
Our extension (Optout) sets optout cookies via an addon so a user doesn't have to visit different sites to set them.

We received a report that it wasn't working for some people and when we debugged, we found that if third party cookies are disabled, the cookie APIs silently fail when writing cookies.

Code like fails:

      var now = new Date();
      var expired = new Date(Date.parse("January 1, " + (now.getFullYear() + 10) + " 12:00:00"));

      var cookie = name + "=" + value +
                        ";expires=" + expired;
//      if (domain.charAt(0) == '.') {
        cookie += ";domain=" + domain;
//	  }

      var uri = ioService.newURI("http://" + domain + "/", null, null);

      cookieService.setCookieString(uri, null, cookie, null);


There is another extension that ran into this problem as well:

https://addons.mozilla.org/en-US/firefox/addon/3255
You are passing a null channel, which is strongly discouraged for just this reason -- that's how we check whether it's a third party cookie or not
http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/public/nsICookieService.idl#116

But for this use you probably want the nsICookieManager2::add() backdoor instead. The CookieSafe addon (2497) used this, for example.

http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/public/nsICookieManager2.idl
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
If you use the direct CookieManager interfaces you are expected to do all the preference checking and sanity checking yourself, use carefully!
You need to log in before you can comment on or make changes to this bug.