cookies.get orders cookies according to RFC-6265 #36193
Conversation
github-actions
bot
added
Content:Firefox
| @@ -51,10 +51,10 @@ Trackers use third-party cookies, that is, cookies set by a website other than t | |||
| 1. You visit `a-shopping-site.com`, which uses `ad-tracker.com` to deliver its adverts on the web. `ad-tracker.com` sets a cookie associated with the `ad-tracker.com` domain. While you are on `a-shopping-site.com`, `ad-tracker.com` receives information about the products you browse. | |||
| 2. You now visit `a-news-site.com` that uses `ad-tracker.com` to deliver adverts. `ad-tracker.com` read its cookie and use the information collected from `a-shopping-site.com` to decide which adverts to display to you. | |||
|
|
|||
| Firefox includes features to prevent tracking. These features separate cookies so that trackers cannot make an association between websites visited. So, in the preceding example, `ad-tracker.com` cannot see the cookie created on `a-news-site.com` when visiting `a-shopping-site.com`. The first iteration of this protection was first-party isolation which is now being superseded by [dynamic partitioning](/en-US/docs/Web/Privacy/State_Partitioning#dynamic_partitioning). | |||
| Firefox includes features to prevent tracking. These features separate cookies so that trackers cannot make an association between websites visited. So, in the preceding example, `ad-tracker.com` cannot see the cookie created on `a-news-site.com` when visiting `a-shopping-site.com`. The first iteration of this protection was first-party isolation, which is being superseded by [dynamic partitioning](/en-US/docs/Web/Privacy/State_Partitioning#dynamic_partitioning). | |||
There was a problem hiding this comment.
@Rob--W for this and the next para, has first-party isolation to dynamic partitioning been completed?
There was a problem hiding this comment.
Both features are present.
In the Tor browser that is based on Firefox, first party isolation is enabled.
In Firefox, dFPI is enabled by default, but the behavior can be changed by users. This is documented at https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#status_of_partitioning_in_firefox
Interestingly, the fact that it is enabled by default is not documented on that section of MDN.
The bug where it was enabled by default (in Firefox 103) is https://bugzilla.mozilla.org/show_bug.cgi?id=1776760
Tagging pbz - @Trikolon - do you know why the support status of dFPI is not reflected in the MDN documentation at https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#status_of_partitioning_in_firefox ?
There was a problem hiding this comment.
The MDN article is simply outdated.
There was a problem hiding this comment.
Sounds good. Generally, while still supported via the extension API, we don't want to encourage users to use first party isolation in Firefox. It doesn't hurt to mention in in a technical article though.
…h://github.com/rebloor/content into cookies.get-orders-cookies-according-to-RFC-6265
github-actions
bot
added
the
Content:Other
|
This pull request has merge conflicts that must be resolved before it can be merged. |
Co-authored-by: Vadim Makeev <[email protected]>
Co-authored-by: Vadim Makeev <[email protected]>
files/en-us/mozilla/add-ons/webextensions/api/cookies/remove/index.md
Outdated
Show resolved
Hide resolved
|
@dotproto a reminder that I'm blocked until you've cleared your request for changes. |
| @@ -9,7 +9,12 @@ browser-compat: webextensions.api.cookies.remove | |||
|
|
|||
| The **`remove()`** method of the {{WebExtAPIRef("cookies")}} API deletes a cookie, given its name and URL. | |||
|
|
|||
| The call succeeds only if you include the "cookies" [API permission](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#api_permissions) in your [manifest.json](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json) file, as well as [host permissions](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#host_permissions) for the given URL specified in its manifest. | |||
| To use this method, in its [manifest.json](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json) file, an add-on must specify the "cookies" [API permission](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#api_permissions) and have the url of the site whose cookie it wants to remove in [host permissions](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#host_permissions). | |||
There was a problem hiding this comment.
This is a continuation of another thread.
I don't want to let perfect be the enemy of good, so consider this non-blocking feedback.
Given the overarching statement, should we also add this to get(), getAll(), and getAllCookieStores()? Or indeed - remove from here and 'set'?
Whether we keep a note about permissions or delete it from remove() and set(), I agree that we should use a consistent approach across all methods in the namespace. Between the two, I'd prefer to include mention of the permissions requirements on each method's page.
How do you feel about to replace this line in with a link to the permissions section of the cookies page? For example:
To use this method, an extension must have the
"cookies"permission and relevant host permissions. Seecookiepermissions for additional details.
If you don't like that direction, I'd suggest just removing the permissions paragraph for this PR.
There was a problem hiding this comment.
Agreed, there's no guarantee that someone who arrives on those method pages will have read the overview (or even if they have remembered the content), which is why I asked the question :-)
There was a problem hiding this comment.
@dotproto I've made some changes including edits on the cookies permissions section. There shouldn't be any issues, but in case you get the chance to have a look, I'll hold merging for 24 hours.
|
Thanks for the ping, @rebloor. It has been a busy week 😓 |
Description
Addresses the documentation needs for Bug 1818968 cookies.get() should return the cookie with the closest matching path but also makes grammar and format corrections across all the cookies API docs.
Related issues and pull requests
Related BCD changes in mdn/browser-compat-data#24634