Open zer0byt opened 4 years ago
Do you have a source for 3? It seems to be wrong according to Mozilla developer documentation;
0 = accept all cookies by default 1 = only accept from the originating site (block third party cookies) 2 = block all cookies by default 3 = use p3p settings (note: this is only applicable to older Mozilla Suite and Seamonkey versions.) 4 = Storage access policy: Block cookies from trackers
I don't know what p3p settings are apparently for protocol obsolete for around 18 years, but I understand it to not apply to Firefox and 4 seems experimental and possibly shouldn't be recommended yet?
CC: @Thorin-Oakenpants
Do you have a source for 3? It seems to be wrong according to Mozilla developer documentation;
In the browser's privacy preferences, there are four options. From the list, select "Cookies from unvisited websites" then go to network.cookie.cookieBehavior in the about:config and check the value. It's 3. (Checked on Firefox v73.0)
^^ these are the actual words used in the UI
I'm not (edit, left out the word not :facepalm: ) sure how much you should trust that MDN page, even if it was last updated Feb 7th 2020. e.g
network.cookie.lifetimePolicy
values have changed (see next point)network.cookie.lifetime.days
is deprecated here's the proof - hence (see above values have changed)Up to you guys what you want to do: no-one is saying you have to list all the values, and value 3 is a waste of time IMO and will just confuse people. I wouldn't be surprised if it got removed and I can't see the point in such a setting TBH.
PS: this (cleaning up descriptions etc) is already slated as part of #1430 which is now been sitting waiting for some action for 3 and a half months - rather than ping me (edit: for things already on PTIO's webpage), how about getting #1430 under way .. just saying /sorry-for-being-grumpy :)
Hey there! It true, the issue has been hanging around for a while, but its the next thing on my list to work on after im done writing our new COI and whistleblower policies :)!
and 4 seems experimental and possibly shouldn't be recommended yet
heh. it's the default :)
For future reference, what is a source for documentation about these flags that can be trusted? :confused:
^^ the source code
and 4 seems experimental and possibly shouldn't be recommended yet
heh. it's the default :)
That's still the case in 81.0.1.
Up to you guys what you want to do: no-one is saying you have to list all the values, and value 3 is a waste of time IMO and will just confuse people. I wouldn't be surprised if it got removed and I can't see the point in such a setting TBH.
I think we might fix this by removing the recommendation. We could put a suggestion, there for option 1 (with a warning), but that's really going to be the only useful option, imho
note that since firefox 86, we can also set network.cookie.cookieBehavior
to 5
To disable dynamic storage partitioning for all sites you can use the network.cookie.cookieBehavior pref: 5 | Reject (known) trackers and partition third-party storage. 4 | Only reject trackers (Storage partitioning disabled). 0 | Allow all
it would be great if we could get some some direction on whether it is better to set this setting to 5 or 1
If you have FPI enabled 1 is better (5 will be downgraded to 4 AFAIK). If you don't use FPI 5 (TCP/dFPI) is better otherwise you would have no isolation.
Description
In the new versions of Firefox, there are five options to manage cookies. The website explains just three of them (number 0 to number 2).
The two other options are:
Screenshots