Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1070 closed defect (wontfix)

Setting network.cookie.cookieBehavior to 1 breaks translation on many sites in Firefox 3

Reported by: dstillman Owned by: simon
Priority: critical Milestone: 1.0.8
Component: ingester Version: 1.0
Keywords: Cc: stakats

Description

Looks like this is what's responsible for the "major translation failure" many people have experienced in Firefox 3. With the pref set to 1, which indicates that third-party cookies aren't allowed, cookies aren't sent with the translation request in Firefox 3, whereas they are in Firefox 3. To make matters worse, the pref is now exposed via the UI in Firefox 3 as "Accept third-party cookies".

I can reproduce this on ScienceDirect via the GMU proxy.

These aren't actually third-party cookies, so while we could tell people to revert the pref, there's no good reason why they shouldn't be able to use that setting for privacy reasons. I suspect this has something to do with the sandbox, though changing the sandbox URI to mutex.gmu.edu didn't seem to fix the problem.

Change History (7)

comment:1 Changed 8 years ago by dstillman

Hold the phone--Zotero.Utilities.HTTP.doGet() and doPost() show this behavior, so it appears to not be the sandbox.

comment:2 Changed 8 years ago by dstillman

(In [3038]) Addresses #1070, Setting network.cookie.cookieBehavior to 1 breaks translation on many sites in Firefox 3

Temporarily set cookieBehavior to 0 before send() in XMLHTTPRequest calls

We should figure out why exactly it's not working, since this isn't exactly an elegant solution.

comment:3 Changed 8 years ago by simon

I'm not sure there's going to be an easy way around this. While I haven't fully investigated, this bug suggests that, when a site is loaded through an iframe on another site, cookies won't get sent to that site. My guess is that doGet() and doPost() requests from within Zotero are an analogous situation, and so cookies don't get sent. If this is correct, then we shouldn't see any issues with processDocuments, although I haven't thoroughly investigated.

I'll look into possible workarounds. At worst, we can always add the appropriate cookies manually to the XMLHttpRequest using setRequestHeader.

comment:4 Changed 8 years ago by dstillman

The current workaround isn't the end of the world if there's not a clear solution. Seems like a bug to me, though--I would think XHR calls from privileged, unsandboxed code should send cookies regardless of that setting. Maybe it's doing an inappropriate check against the (chrome) window URL and determining that it's a different domain?

comment:5 Changed 8 years ago by simon

  • Resolution set to wontfix
  • Status changed from new to closed

Yup, its a bug. For now, let's just keep the workaround.

comment:6 Changed 8 years ago by dstillman

(In [3136]) Addresses #1070, Setting network.cookie.cookieBehavior to 1 breaks translation on many sites in Firefox 3

The previous workaround didn't really work. Here's one from the Mozilla ticket.

comment:7 Changed 8 years ago by dstillman

(In [3137]) Addresses #1070

Fixes OPTIONS call

Note: See TracTickets for help on using tickets.