#21905: Allow third-party cookies as we are isolating them to the first party in ESR52 ---------------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability-website, ff52-esr | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ---------------------------------------------+--------------------------
Comment (by pastly): pastly said more things on IRC. {{{ [18:08:23] <pastly> Some guy that was really really sure of himself kept asserting that '3rd party' cookies aren't always third party or could somehow still be sent depending on special flags in a JavaScript request function. Idk. I made a PoC and tested with FF, Chrome, and TB. But think found that JS func and gave up trying to figure out if I was right or if he was right. [18:08:47] <pastly> s/But think found/but then I found/ [18:09:40] <pastly> https://developer.mozilla.org/en- US/docs/Web/API/XMLHttpRequest/withCredent ials [18:10:08] <pastly> I guess it allows 3rd party cookies to be sent as long as the sites are colluding with Access-Control-Allow-Origin [18:11:00] <ANON> I would guess that an ad site might ask the browser to request the first party site in such a way that passes information such that the first party deposits a cookie that contains information from the ad site. [18:11:28] <ANON> is that what ACAO does? [18:11:41] <pastly> Dunno. I stopped thinking about it. :p }}} This may not be new to you smart browser people. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21905#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs