search

EFForg / https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
https://eff.org/https-everywhere
Other
3.37k stars 1.09k forks source link

Incompatibility with First Party Isolation #15045

Closed Bisaloo closed 6 years ago

Bisaloo commented 6 years ago

Type: code issue

Found on reddit. I'm reporting myself because OP has not done it yet and they might have forgotten about it.

Unchecked lastError value: Error: First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set. background.js:481

Link to L481 of background.js

I could not reproduce myself but I'm still reporting because after reading the MDN documentation, it does look like we are not handling FPI as we should:

The cookies.get(), cookies.getAll(), cookies.set() and cookies.remove() APIs all accept a firstPartyDomain option. When first-party isolation is on, you must provide this option or the API calls will fail.

Source: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/cookies

@Hainish

cschanaj commented 6 years ago

15048 should work, but I can't reproduce this issue on my machine so I cannot confirm it.