search

Lusito / forget-me-not

Make the browser forget website data, except for the data you want to keep.
zlib License
226 stars 25 forks source link

ForgetMeNot does what Firefox cannot #132

Closed ghost closed 5 years ago

ghost commented 5 years ago

Hi,

Forget Me Not 1.05 / Firefox 65.0.1 (x64) / Windows 7 (x64)

I recently discovered that even with network.cookie.cookieBehavior = 2 = Block all cookies cookies appeared when they were set by a site called from a Webextension.

I reported this to BugZilla at Webextensions don't respect cookie policy

The conclusion was that this is normal. Given the complexity of Firefox Quantum's policy which is to mix cookies' and storage behavior I can understand the reasons evoked. But the consequences bother me.

I've been using ForgetMeNot for some time now. I neglected it's option in Settings, Remove Thirdparty Cookies on creation given I had set network.cookie.cookieBehavior to 2 (block all).

After reading the conclusions of the Mozilla devs on BugZilla, I remembered this Remove Thirdparty Cookies on creation option, so I decided to give it a try. And it works.

I've added a comment about how an extension is able to perform what Firefox cannot on the BugZilla thread.

Note : Remove Thirdparty Cookies on creation does the job but in my case the Experimental Deny Thirdparty Cookies failed. It is experimental, I know.

So, simply put, thanks for this great extension.

Lusito commented 5 years ago

Glad you like it. Thanks for these kind words.

About your note: That experimental setting filters http headers based on the current tab

Since extension requests dont belong to a tab, they are not seen as thirdparty by FMN.

Even if it belongs to a tab (sidebar or popup maybe?), it would probably still not count as third party, unless its document url was different from the request url setting the cookie.

I guess I could say that if a request doesnt belong to a tab, it counts as third party, but at this moment, I could not tell you what side effects blocking these cookies might have.. some of them might even be firefox requests (no extension).

I hope this explains the situation a bit.

ghost commented 5 years ago

@Lusito I understand your comment and it corresponds to what had been mentioned by the Mozilla dev on BugZilla.

But then why is it that FMN's Settings / Remove ThirdParty Cookies on creation fixes the issue encountered with updating uBO' filters and updating Feedbro's RSSs?

Remove ThirdParty Cookies on creation : unchecked : uBO and Feedbro leave cookies Remove ThirdParty Cookies on creation : checked : uBO and Feedbro leave no cookies (because removed by FMN).

I was surprised as well but FMN just happens to wipe those cookies even if, as you write it, they are not ThirdParty cookies in the convential sens of the word.

That's why I opened this thread, to emphasize on a great surprise.

Lusito commented 5 years ago

My comment is about the mentioned experimental feature.. the delayed removal of third party cookies works a bit different. It watches cookies rather than requests. If a cookie gets added and no tab, which the cookie domain belongs to, is open, it is identified as third party.. delayed removal has at least less potential of causing unwanted side effects (unless you set it to 0 seconds)

ghost commented 5 years ago

My comment is about the mentioned experimental feature.. the delayed removal of third party cookies works a bit different.

1- I thought your comment included both (experimental & delayed) 2- I ignored that the delayed removal of third party cookies works a bit different than from experimental, I had in mind the only difference was that the experimental feature blocked before rather than removing after. Now i understand with the end of your comment:

If a cookie gets added and no tab, which the cookie domain belongs to, is open, it is identified as third party.. delayed removal has at least less potential of causing unwanted side effects (unless you set it to 0 seconds)

OK. I've set the delay to 0 second because I avoid registering on sites that require a third-party site (such as YouTube calling Google) so I don't have to worry about possible side-effects (moreover with delay=0 second). But otherwise indeed, we'd have to remain cautious and at least provide a higher delay.

Nice and clear now, many thanks @Lusito

practik commented 5 years ago

Thanks for opening that issue at Bugzilla, @StanGets. I had noticed similar cookies from my own installation of uBlock. It's great to know that FMN can clear them now.