[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch

Subject: Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Jul 2014 07:41:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Jul 2014 03:42:06 -0400
In-reply-to: <049.c44714db47217319ab0938e9a72d120d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.c44714db47217319ab0938e9a72d120d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#3246: Apply third party cookie patch
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  enhancement          |     Status:  new
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  backport-to-mozilla,
   Resolution:                       |  tbb-linkability, tbb-usability-
Actual Points:                       |  website, tbb-bounty,
       Points:                       |  TorBrowserTeam201407
                                     |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by gk):

 Replying to [comment:22 michael]:
 > Replying to [comment:19 michael]:
 > > After applying msvb3246-306bbfd_a1, building, running firefox(1),
 logging in to the Facebook, browsing to a huffingtonpost.com page and
 clicking the 'Comment' button of the 'Add a comment...' Facebook widget at
 the bottom, nothing happens (as if a third party cookie transmission were
 stopped.)
 > >
 > On application of the newer msvb3246-d006262_a2, cookie transmission
 starts working again but only when cookie policy is set to 'accept all
 cookies by default' which is not what we want.
 >
 > == OBJECTIVE ==
 >
 > The desired outcome from patch application is to interpret double keyed
 cookies as first party when they refer to foreign hosts but originate from
 content associated with the domain of the 'URL bar.'
 >
 > This allows us to forego changing cookie policy to 'accept all cookies
 by default' and instead keep it to 'only accept from the originating site
 (block third party cookies)' while transmitting double key matched cookies
 to foreign hosts.

 Well, we actually want accept cookies from third parties. The example in
 your last comment is a good one in this regard. The cookie from
 facebook.com is still a third party cookie even if we bind it to the URL
 bar. So, my initial feeling is that we should have the option "Allow all
 cookies" checked (we want to allow all of them but need to bind the third
 party ones to the URL bar domain (too)) as we want the ones from other
 domains, too. That said, the logic governing whatever option we choose
 should be, of course, the double-keying logic.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3246#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #11619 [EFF-HTTPS Everywhere]: HTTPS-E v3.5.3 breaks Livejournal threads, styles, upper bar (was: HTTPS-E v3.5.1 breaks Livejournal threads and upper bar (FF 29))
Next by Author: Re: [tor-bugs] #12460 [Tor bundles/installation]: Support building TBBs based on Fx31 from Gitian
Previous by thread: Re: [tor-bugs] #11619 [EFF-HTTPS Everywhere]: HTTPS-E v3.5.3 breaks Livejournal threads, styles, upper bar (was: HTTPS-E v3.5.1 breaks Livejournal threads and upper bar (FF 29))
Next by thread: Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch
Index(es):
- Author
- Thread