User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0 Build ID: 20120824154833 Steps to reproduce: Disabled "Accept third-party cookies" in Privacy Settings. Loaded a webpage that requires cookies (e.g. an account settings page). Right-clicked on the page, selected "View Page Source". Reproducible: Always Actual results: When Firefox sends a new request to get the page source, it does so WITHOUT sending any cookies, causing the incorrect page to be loaded. Expected results: The page should have been requested WITH the existing cookies.
Testing shows this only happens if "Vary: Cookie" is in the HTTP headers of the requested page. If the Vary header does not include Cookie (or *), or if the Vary header is absent, Firefox performs as expected.
I've found that if a cookie exception is in place in preferences to 'Allow' cookies from a specific domain, then the cookie is sent even if 'Allow third-party cookies' remains unchecked in privacy settings. Example: Third party cookies disallowed; no cookie exception in place for x.example.com 1) Login to x.example.com 2) View source does not send any cookies to x.example.com 3) Add a privacy exception allowing cookies from x.example.com 4) View source now sends cookies to x.example.com and shows the correct page source
It also happen on firefox developper edition 37.0a2 (2015-02-12) under linux (debian wheezy)
I can confirm this happening as of the latest 42 alpha. The View Source functionality is essentially useless if you value your privacy. Previously before this was broken the View Source functionality would just show the previously downloaded source instead of reloading the page. There should never be a need to resubmit the page request especially when that could result in POST'ing a form twice.
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258