Open
Bug 877964
Opened 11 years ago
Updated 2 years ago
Exception for blogspot.com rejects cookies from subdomain.blogspot.com
Categories
(Core :: Networking: Cookies, defect, P3)
Tracking
()
NEW
People
(Reporter: gingerbread_man, Unassigned)
Details
(Keywords: parity-chrome, regression, Whiteboard: [necko-backlog])
Last good: 21.0a1 dated 2013-02-05, built from http://hg.mozilla.org/mozilla-central/rev/2360c3c46aca First bad: 21.0a1 dated 2013-02-06, built from http://hg.mozilla.org/mozilla-central/rev/bc108d2ce8d1 This issue has been reported to occur with at least one other domain, though it's been suggested that's a separate bug specific to the handling of domain names containing hyphens. http://forums.mozillazine.org/viewtopic.php?p=12882569#p12882569 Settings are [_] Accept cookies from sites (unchecked) [_] Accept third-party cookies (unchecked, grayed out) [_] Keep until: they expire (grayed out) Options/Preferences -> Privacy -> (Firefox will: Use custom settings for history) -> Exceptions. "Accept for Session" exception for blogspot.com. If you live outside the US, to reproduce this, you'll have to create an exception for your local Blogspot domain insted (e.g. blogspot.ca for users in Canada). With the above settings in place, visit a blog that triggers an adult content warning, e.g. http://glowingraw.blogspot.com Needless to say, there is adult content at the above link. I picked the link at random and I didn't see anything overly graphic at first glance, but the faint of heart may want to disable images before loading the site. Click the "I understand and want to continue" button. You get bounced back to the same page, and clicking the button again only loads the warning page again. Options/Preferences -> Privacy -> (Firefox will: Use custom settings for history) -> Show Cookies has no cookies from blogspot.* stored. The above setup still seems to work normally for other sites. For example, creating an Allow or Allow for Session exception for mozilla.org allows cookies from addons.mozilla.org and support.mozilla.org, while an exception for mozillazine.org allows cookies from forums.mozillazine.org and kb.mozillazine.org. Changing the settings to [x] Accept cookies from sites (checked) [_] Accept third-party cookies (unchecked) [x] Keep until: ask me every time No exceptions. Shows one prompt to store a cookie from blogger.com, to which I click Deny. Clicking the "I understand and want to continue" button on the page then triggers a prompt to store a cookie from glowingraw.blogspot.com, to which I click Allow for Session. The blog then loads normally, and Options/Preferences -> Privacy -> Show Cookies has one cookie from glowingraw.blogspot.com stored.
|
Reporter | |
Updated•11 years ago
|
Keywords: regression
|
||
Comment 1•11 years ago
|
||
within the timeframe you've specified, bug 816956 has landed which at least sounds as if it might be related.
|
|
Reporter | |
Comment 2•11 years ago
|
||
https://support.mozilla.org/questions/961268#answer-443174 > In this case I notice a server redirect (HTTP/1.1 302 Moved Temporarily ) > in the initial glowingraw.blogspot.com response after leaving > the blogger.com site that may be part of this. This request comes with > a cookie create request that Firefox doesn't honor when opening > the specified location.
|
||
Comment 3•10 years ago
|
||
Is still still broken for you? Are you still able to reproduce?
|
|
Reporter | |
Comment 4•10 years ago
|
||
(In reply to Andrew Truong [:feer56] from comment #3) > Is still still broken for you? Are you still able to reproduce? Yes, fresh profile in the latest Nightly (dated 2014-04-24).
I tried this in Aurora (2014-04-24), no go! (It just updated, still no go) However, Nightly (2014-04-25) reproduces for me.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Reporter | |
Comment 6•10 years ago
|
||
(In reply to Moses Bermea [:bermea] from comment #5) > I tried this in Aurora (2014-04-24), no go! (It just updated, still no go) > > However, Nightly (2014-04-25) reproduces for me. No difference for me in the latest Aurora, 30.0a2 dated 2014-04-25. Built from https://hg.mozilla.org/releases/mozilla-aurora/rev/ec8c6e42acf2
|
|
Reporter | |
Updated•9 years ago
|
Whiteboard: [parity-chrome][parity-opera]
|
||
Updated•8 years ago
|
Whiteboard: [parity-chrome][parity-opera] → [parity-chrome][parity-opera][necko-backlog]
|
||
Comment 7•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
|
|
||
Comment 8•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3
|
||
Comment 9•6 years ago
|
||
As of mid-2013 Chrome and Opera both use Blink, so parity-opera added in 2015 is redundant for web platform bugs.
Whiteboard: [parity-chrome][parity-opera][necko-backlog] → [parity-chrome][necko-backlog]
|
|
Reporter | |
Comment 10•6 years ago
|
||
I've kept this open for several reasons: 1. It's a regression. 2. Other browsers retained the old Firefox behavior. 3. I was concerned this was just the tip of the iceberg and more such cases would pop up. However, I haven't come across even one other case like this since then. I have no objection to closing this.
|
|
||
Comment 11•6 years ago
|
||
Mass bug change to replace various 'parity' whiteboard flags with the new canonical keywords. (See bug 1443764 comment 13.)
Keywords: parity-chrome
Whiteboard: [parity-chrome][necko-backlog] → [necko-backlog]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•