Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Warn about third-party cookies #3600

Closed
ianb opened this issue Oct 5, 2017 · 4 comments
Closed

Warn about third-party cookies #3600

ianb opened this issue Oct 5, 2017 · 4 comments
Assignees
@ianb
Milestone
Sprint 2 (59-1) 🚌

Comments

@ianb
Copy link
Contributor

ianb commented Oct 5, 2017

Since we won't get any blocked-third-party-cookies fix into 57 (or 56), maybe we should put a warning on the site (for users with that pref off).

Detection techniques are kind of obtuse (you need to send a cookie-setting request to a different domain, wait for it to return, and then send a second request that checks if the cookie stuck around), but we can run them behind the scenes. We could do it only for new shots and My Shots, so we don't make extra overhead from regular viewers.
@jaredhirsch
Copy link
Member

We can just check the network.cookie.cookieBehavior pref from the bootstrap side. Its values are documented in the nsCookieService interface.

We can also set up a pref listener to notify the user when they flip this value.

@ianb
Copy link
Contributor Author

ianb commented Oct 5, 2017

We can do those things... in a new add-on release! But I'm proposing a server-side fix that can apply to 56 and 57.

@ghost
Copy link

ghost commented Oct 9, 2017

Disabling upload for these folks will fix this so no need for a warning.

@ghost ghost closed this as completed Oct 9, 2017
@ghost ghost reopened this Oct 12, 2017
@ghost ghost added the needs:UX label Oct 12, 2017
@ghost
Copy link

ghost commented Oct 12, 2017

Let's do the second ping to the server and if the shot wasn't deleted we'll let the user know.

@ianb ianb self-assigned this Oct 12, 2017
ianb added a commit that referenced this issue Oct 12, 2017
@ianb
WIP for #3600, warn about failed login due to third party cookies
6d23a2d 
This adds backupCookieRequest to the sitehelper login process, to tell the site if third party cookies SHOULD work. If the site sees that third party cookies might not be enabled, then it does a second check to GET /api/set-login-cookie?check=1. If that request shows the cookie isn't set, then it changes the model to warn the user.

TODO: set something on My Shots too
TODO: write a proper LoginFailedWarning language/design
TODO: remove the changes that disable third party cookie support (it's disabled to make this easier to test)
@ghost ghost added this to the Launch 58 milestone Oct 13, 2017
@johngruen johngruen modified the milestones: Bucket ☕️, Sprint 2 (59-1) Oct 31, 2017
ianb added a commit that referenced this issue Nov 28, 2017
@ianb
Fix #3600, warn about failed login due to third party cookies
a08f247 
This adds backupCookieRequest to the sitehelper login process, to tell the site if third party cookies SHOULD work. If the site sees that third party cookies might not be enabled, then it does a second check to GET /api/set-login-cookie?check=1. If that request shows the cookie isn't set, then it changes the model to warn the user.
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@ianb ianb

Labels
None yet
Projects
None yet
Milestone
Sprint 2 (59-1) 🚌
Development

No branches or pull requests
3 participants
@ianb @jaredhirsch @johngruen