Cookie-AutoDelete: Doesn't work with Firefox's privacy.firstparty.isolate = true
With privacy.firstparty.isolate = true the cookie count is always zero and cookies are not deleted despite notification claiming that they were.
Details about the setting:
https://bugzilla.mozilla.org/show_bug.cgi?id=565965
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 3
- Comments: 48 (14 by maintainers)
Commits related to this issue
- Add support for #75 — committed to Cookie-AutoDelete/Cookie-AutoDelete by ke-d 6 years ago
- Fix clear all cookies for this domain for #75 — committed to Cookie-AutoDelete/Cookie-AutoDelete by ke-d 6 years ago
- Revert "Added notice for first-party isolation" Firefox 59 is out and the issue is fixed. Removed the notification to reduce the clutter. https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issue... — committed to anthologist/user.js by deleted user 6 years ago
FYI: 1381197 - resolved fixed 59 an hour ago
Upstream Bug 1381197.
So, OK, this happens fundamentally because of a firefox bug. Anyway, the result is very bad for the user. For months, I’ve received popups from cookie autodelete which were stating how many cookies it was deleting. In other words, because of this [firefox] bug, the extension was lying to me.
Is it possible to add a test routine, like picking a cookie before it is deleted, and checking after deletion whether it is still present? If the cookie is still present, the extension could warn the user that at least something is wrong (with some RTFM link) instead of poping up “cookies deleted”, or at least after poping it out. This would give the user a chance to notice things are wrong. And it would help detect other future similar occurrences of the same problem.
The current state of things, with this firefox bug, is that the user believes to be safe, and isn’t. Worst possible state.
My last sentence needs to be : thanks for this great extension.
@thiswillbeyourgithub : I can’t definitely answer your question. But: As an alternative you can disable
privacy.firstparty.isolateand install the add-on Temporary Containers instead. When its Automatic Mode is enabled (which is the default) it opens every tab in a temporary container. This seems to work very well. And all cookies are deleted by C-AD as expected. Cool!Works just flawlessly for me with 59b3 without any containers and with
privacy.firstparty.isolate = true.OK, did a brief testing in FF59b3 and it seems to be working. When pfi = true is set then CAD does delete cookies (& notifies you) you eg. when closing a Tab
Ah, perfect! That is working for me.
I’m not seeing notifications in the first case where the error came up, however I do get them when using the cookie clean up
@thiswillbeyourgithub unless they backport the patches to 58, correct.
Nightly (currently 59) is where they add new features. Stable (currently 57) only gets patches for critical items (such as the timing mitigations in 57.0.4 against Spectre).
When Nightly moves to 60, 59 becomes the beta channel. And again, more testing, at least a release cycle’s worth. When 59 becomes stable, then there should be no issues.
This pattern also gives devs like mrdokenny to start coding and testing so his fixes will be ready in time. So yeah, Release Calendar says we can expect this on March 13
Yes, to turn around the bug, you need to do the following
privacy.firstparty.isolateinabout:configThen the extension works like a charm for all newly created cookies.