Disabling third party cookies causes View Page Source requests to not send any cookies




Networking: Cookies
5 years ago
3 months ago


(Reporter: Donald Sarratt, Unassigned)


15 Branch
Windows 7

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [necko-would-take])



5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Build ID: 20120824154833

Steps to reproduce:

Disabled "Accept third-party cookies" in Privacy Settings.
Loaded a webpage that requires cookies (e.g. an account settings page).
Right-clicked on the page, selected "View Page Source".

Reproducible: Always

Actual results:

When Firefox sends a new request to get the page source, it does so WITHOUT sending any cookies, causing the incorrect page to be loaded.

Expected results:

The page should have been requested WITH the existing cookies.

Comment 1

5 years ago
Testing shows this only happens if "Vary: Cookie" is in the HTTP headers of the requested page. If the Vary header does not include Cookie (or *), or if the Vary header is absent, Firefox performs as expected.
Component: Untriaged → Networking: Cookies
Product: Firefox → Core

Comment 2

5 years ago
I've found that if a cookie exception is in place in preferences to 'Allow' cookies from a specific domain, then the cookie is sent even if 'Allow third-party cookies' remains unchecked in privacy settings.

Third party cookies disallowed; no cookie exception in place for x.example.com

1) Login to x.example.com 
2) View source does not send any cookies to x.example.com
3) Add a privacy exception allowing cookies from x.example.com
4) View source now sends cookies to x.example.com and shows the correct page source

Comment 3

3 years ago
It also happen on firefox developper edition 37.0a2 (2015-02-12) under linux (debian wheezy)

Comment 4

2 years ago
I can confirm this happening as of the latest 42 alpha.  The View Source functionality is essentially useless if you value your privacy.  Previously before this was broken the View Source functionality would just show the previously downloaded source instead of reloading the page.  There should never be a need to resubmit the page request especially when that could result in POST'ing a form twice.
Whiteboard: [necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.