On Fri, Jan 25, 2019 at 2:51 PM Daniel Veditz <dved...@mozilla.com> wrote:
> > Your description equating cookies and storage within a document lifetime > makes sense. Is this intended to also apply to network requests? The > first-party document already has no access to 3rd party cookies so it > shouldn't matter at that level if Necko's rules change "live". If I'm on > twitter/facebook (which make constant background requests) and I clear my > entire cookie jar those documents are going to break. If I just tossed all > my cookies that's what I want! Discovering that I'm still logged into those > sites would be disturbing. Similarly, if I flip the "block 3rd-party > cookies" pref I'm going to react negatively if I still see tracker cookies > showing up just because I've left an active page open somewhere. > Cookies have been dynamic and racey since the dawn of time, both at the HTTP layer and in their reflection in DOM (document.cookie). Clearing your cookies isn't something that is changed by this proposal. I'm not too sure how Andrea was planning to handle cookie policy at the Necko layer but we have a lot of flexibility here and pages also can probably tolerate dynamic changes to document.cookie. I *think* handling the cookie policy globally at the Necko layer is probably easier but I'm curious to know Andrea's thoughts. -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
