[Touch-packages] [Bug 1457405] Re: Unconditional sb-closed cookie incompatible with some sites
** Changed in: webbrowser-app (Ubuntu) Importance: Undecided = Medium ** No longer affects: webbrowser-app ** Also affects: webbrowser-app (Ubuntu RTM) Importance: Undecided Status: New ** Changed in: webbrowser-app (Ubuntu RTM) Status: New = Confirmed ** Changed in: webbrowser-app (Ubuntu RTM) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1457405 Title: Unconditional sb-closed cookie incompatible with some sites Status in webbrowser-app package in Ubuntu: Confirmed Status in webbrowser-app package in Ubuntu RTM: Confirmed Bug description: The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs that classify extra cookies as malware or cookie poisoning. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1457405/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1457405] Re: Unconditional sb-closed cookie incompatible with some sites
This could be fixed by adding @include directives to the user script (smartbanners.js) to whitelist this cookie per site. ** Changed in: webbrowser-app (Ubuntu) Status: New = Confirmed ** Also affects: webbrowser-app Importance: Undecided Status: New ** Changed in: webbrowser-app Status: New = Confirmed ** Changed in: webbrowser-app Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1457405 Title: Unconditional sb-closed cookie incompatible with some sites Status in Web Browser App: Confirmed Status in webbrowser-app package in Ubuntu: Confirmed Bug description: The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs that classify extra cookies as malware or cookie poisoning. To manage notifications about this bug go to: https://bugs.launchpad.net/webbrowser-app/+bug/1457405/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1457405] Re: Unconditional sb-closed cookie incompatible with some sites
Removed reference to one client of mine who happens to prefer security by obscurity over crystal box approaches. Clarified description a little bit as well and changed report to public. Test cases available on request, although shouldn't really be needed unless we want to white/blacklist this cookie per site. ** Description changed: - The sb-closed cookie added by bug #1329799 fix breaks some sites like - https://www.op.fi/op - - Extraneous cookies get classified as potential malware by several SSL - sites, but please keep this part private for now / edit this line out of - summary before disclosing this report. + The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs + that classify extra cookies as malware or cookie poisoning. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1457405 Title: Unconditional sb-closed cookie incompatible with some sites Status in webbrowser-app package in Ubuntu: New Bug description: The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs that classify extra cookies as malware or cookie poisoning. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1457405/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
