MozillaZine

[Ext] Cookie Controller, now with DOM storage

Announce and Discuss the Latest Theme and Extension Releases.
TuxOholic
New Member
 
Posts: 1
Joined: January 27th, 2017, 3:34 am

Post Posted January 27th, 2017, 3:52 am

Hello, I'm using CC with Firefox 51.
What I can't figure out is how I'm supposed to protect a specific cookie on a domain, and delete the rest on exit.

Most exceptions I'd like to add deal with the annoying EU cookie law banner, websites are supposed to add to their website: once you click the banner a cookie is stored for the site called cookie-policy-accept or cookie-policy-dismissed. If you delete this one on exit, the stupid banner will reappear on your next visit. If I protect the domain, everything else on that domain is stored as well, even cookie I don't need to be remembered on my next visit.

Opera 12 was able to do that. I never found a way to configure this right in firefox or chrome, all they offer is a site-based rule, not one based on specific cookies you have to cherry pick out.

vorple
 
Posts: 1
Joined: February 6th, 2017, 1:22 am

Post Posted February 6th, 2017, 1:44 am

I'm new to both Cookie Controller and posting on this board, so let me know if I'm off track.

I have Cookie Controller set to Cookies denied, generally. I go to a specific website and the perm tool shows red so that I can see it's blocking cookies. I change it to blue, meaning "cookies allowed for this session." I take a look at the cookies and I can see that cookies have been set for the site. I close the tab and look back at the cookies and the cookies are still there. Then I close Firefox and reopen it and check the cookies and the cookies are still there.

I may be confused about how this is supposed to work. When I close the tab, shouldn't the cookies for that site be deleted?

Thanks for any enlightenment.

Grat2
 
Posts: 9
Joined: February 12th, 2015, 2:57 pm

Post Posted February 10th, 2017, 4:29 pm

Hi,

I think Cookie Controller may be broken with local storage and/or session storage. It started happening at some point in 2016.
Many sites simply don't work anymore until I allow cookies through Firefox options. (I can keep 3rd party cookies forbidden: It works)
Normal cookies can still be allowed through Cookie Controller, but not local and/or session storage. The add-on does detect correctly when such storage is present according to your icon color code.

Sites I noted down include Google Docs, Slideshare, Twitter, Sourceforge, Forbes and many other sites. Many simply don't work at all, others are lacking a feature. A security error appears in the console which if I remember correctly I traced back to local storage being disabled and throwing an exception when the site tried to access it.

Example: https://trello.com/b/PC9kB14s/webextensions-roadmap
I only report this now because I thought it was a problem with an outdated Modernizr version that did not handle correctly the exception, and everything failed as a result instead of continuing without local/session storage.

But now I think it's more Cookie Controller that broke at some point in 2016. Too many sites are affected.


Regarding your question on IndexedDB, check out the developer tools! If you go in their options, you can enable a "Storage" tab which lists all kinds of data including IDB, but unfortunately it's for the current origin only, though maybe Cookie Controller could keep track of origins that have IDB internally or something... Anyway since developer tools are now mostly made in JS+HTML+CSS, open source and I think hosted on Github, you can maybe find some code sample to implement in Cookie Controller :)

Btw, do you intend to port your add-on to WebExtensions ? I hope it's not a lot of work in your case :/
Good luck either way!

ruurdjan
 
Posts: 1
Joined: February 14th, 2017, 8:14 pm

Post Posted February 14th, 2017, 8:19 pm

Feature suggestion: can we have a list of 'recently blocked cookies'?

With a site that redirects quickly it is often hard to 'allow' the right cookies, ending up in a redirect loop. For an example, look at NoScript's 'Recently Blocked Sites' feature.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted April 13th, 2017, 6:19 am

Grat2, what you're seeing probably started happening in Firefox 43 when DOM storage permissions were changed slightly. What I think you're seeing is that when cookies are blocked and you add an exception for a site of "Allow first party only", and try to access session storage, then an exception is thrown. Some pages will give up completely if this happens. So far as I can tell, it isn't fixed yet in any Firefox version. It may well end up being considered as WONTFIX.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted April 13th, 2017, 6:20 am

Recently-blocked cookies could be helpful, but unless I can convert to WebExtensions, it probably isn't going to happen.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted April 13th, 2017, 10:04 am

Good news. There is already a patch for fixing the session storage issue. Bad news is it will take days to reach nightly and then weeks to be in the release version. Meanhwhile, you should be able to get by using the "allowed" instead of "allowed ... only as 1st party" permission.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted April 13th, 2017, 12:03 pm

TuxOholic wrote:Hello, I'm using CC with Firefox 51.
What I can't figure out is how I'm supposed to protect a specific cookie on a domain, and delete the rest on exit.

Most exceptions I'd like to add deal with the annoying EU cookie law banner, websites are supposed to add to their website: once you click the banner a cookie is stored for the site called cookie-policy-accept or cookie-policy-dismissed. If you delete this one on exit, the stupid banner will reappear on your next visit. If I protect the domain, everything else on that domain is stored as well, even cookie I don't need to be remembered on my next visit.

Opera 12 was able to do that. I never found a way to configure this right in firefox or chrome, all they offer is a site-based rule, not one based on specific cookies you have to cherry pick out.


I don't think you can. Certainly not just with Firefox, and Cookie Controller can't do it either. I thought there used to be an addon that did this but can't find it now.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted April 13th, 2017, 12:12 pm

vorple wrote:I'm new to both Cookie Controller and posting on this board, so let me know if I'm off track.

I have Cookie Controller set to Cookies denied, generally. I go to a specific website and the perm tool shows red so that I can see it's blocking cookies. I change it to blue, meaning "cookies allowed for this session." I take a look at the cookies and I can see that cookies have been set for the site. I close the tab and look back at the cookies and the cookies are still there. Then I close Firefox and reopen it and check the cookies and the cookies are still there.

I may be confused about how this is supposed to work. When I close the tab, shouldn't the cookies for that site be deleted?

Thanks for any enlightenment.


Sorry for the slow response. What you say is essentially correct, but session cookies don't disappear when you close a tab. There is talk about having Firefox do this, but I'm not sure how far it got. Self-destructing Cookies addon does this, I think.

Closing Firefox completely should get rid of them, but there are some gotchas. I assume that you revert the permissions to block all cookies on the restart? Do you restart to the same page as when you closed? Or manually restore the session? Firefox helpfully restores the page exactly as it was in the previous session, right down to all the cookies! Yes, you heard right, session cookies don't completely when you close Firefox, because you might choose to continue that "session" when you start it again.

Grat2
 
Posts: 9
Joined: February 12th, 2015, 2:57 pm

Post Posted June 7th, 2017, 4:22 am

Good news. There is already a patch for fixing the session storage issue. Bad news is it will take days to reach nightly and then weeks to be in the release version. Meanhwhile, you should be able to get by using the "allowed" instead of "allowed ... only as 1st party" permission.


Sorry to get back to you only now. I found out about the right click and "allowed" thing, it really makes living with this bug bearable. But really many sites are affected now, to the point that when I need cookies I'm starting to default to the "allowed" thing instead of only allow as first party, whereas it used to just be a fix move.

Did you note down the bug URL for the patch, so we can follow advancement ?

I Really hope you'll be able to convert to WebExtensions without too much hassle. I mean, don't feel forced, we'd probably have alternatives, but Cookie Controller has a sweet spot in me heart so I hope the transition will be easy.


Does anyone have any good ideas for IndexedDB? It is theoretically controlled by the same permission settings as cookies and DOM storage, but it is very difficult to check and control. It can also be enabled entirely (I do this in my own browser), so I could add a toggle for that. I might also be able to display whether a site has IndexedDB data. even perhaps show individual IndexedDB object stores. Then they could also be deleted.


Did you figure out a solution since that time ? Didn't developer tools help ? They can do what you say on a site-by-site basis and you can find their source code on github I think. I ask because I noticed a lot of IndexedDB folders and ASM.js optimized modules (saved as IndexedDB to speed up subsequent compilations) in my profile lately. I don't want to forbid IDB permanently, especially if it speeds up ASM.js, but clearing data is essential so I'm a bit torn here, and am curious about your updated thoughts on what would be possible for an extension.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted June 16th, 2017, 1:15 pm

The transition to WebExtensions is not simple, perhaps not possible at all. Until things become clearer, there won't be much more development.

Here is the bug about 1st party only DOM storage:
https://bugzilla.mozilla.org/show_bug.cgi?id=1356277

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted August 4th, 2017, 2:00 pm

I've uploaded a version that handles containers. If you don't know what they are then you probably don't care, but there are also some improvements in private browsing mode and a bug fix or two. You can actually see cookies in private browsing now, starting with Firefox 52.

The bad news is that Cookie Controller v6.0 crashes recent Firefox nightlies. Impressive I know :) I'll put up 6.1 shortly to fix that, although something is still seriously broken in those nightlies when running in multiprocess-mode which is the default now. Firefox 55 works properly, fingers crossed.

Gingerbread Man

User avatar
 
Posts: 7450
Joined: January 30th, 2007, 10:55 am

Post Posted October 4th, 2017, 7:21 am

Thank you very much for taking the hassle out of cookie management all these years. I haven't been able to find a replacement for Cookie Controller, so it looks like I'll be in for a bad time if it can't be ported. There are only two features I really need: a quick way to toggle the global cookie setting, and another to clear session cookies on-demand. I'd think that's not too much to ask, but it doesn't look like such a WebExtension exists — only alternatives that clear on tab close, or on a timer, or based on a whitelist.

lithopsian
 
Posts: 3663
Joined: September 15th, 2010, 9:03 am

Post Posted October 10th, 2017, 4:25 am

I don't know of any way to toggle global cookie settings in WebExtensions. There is no direct access to preferences, and no API that I can see for setting permissions. So don't hold your breath for that button!

Deleting cookies is possible, and it is possible to loop through looking for session cookies, so the second button would be a possibility. I don't think it will be me writing it though. I've lost the will to jump through Mozillas hoops just to produce something barely worth the effort.

Porting Cookie Controller with any meaningful functionality just isn't possible, and I can't see it ever will be. WebExtensions is specifically designed not to allow access to Firefox internals, and that seems to include the various permissions and exceptions.

Gingerbread Man

User avatar
 
Posts: 7450
Joined: January 30th, 2007, 10:55 am

Post Posted October 10th, 2017, 8:54 am

I was surprised and disappointed to see Firefox 57 is launching without add-ons being able to do something as basic as toggling the cookie preference. At least there's the intention to fix this later on: see bug 1363860.

That's welcome news about deleting session cookies. Thanks for letting me know.

I've used Firefox for long enough to know what add-on developers have had to put up with, so I certainly can't blame you if you call it quits. I do hope you'll reconsider. Either way, thank you again for Cookie Controller =D>

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 1 guest