Reconsider third-party-cookies-off-by-default.patch

Bug #1195547 reported by Jeremy Bicha
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Undecided
Unassigned

Bug Description

The latest version of Chromium in Saucy turns off all third-party cookies.

Last month, Firefox decided to postpone their more advanced third party cookie default block which would have only blocked third party cookies for sites the user hadn't visited yet. The feature just wasn't ready yet.

http://arstechnica.com/information-technology/2013/05/mozilla-delays-turning-on-third-party-cookie-killer-in-firefox/

The third-party-cookies-off-by-default.patch breaks web functionality (such as social networking widgets). For instance it appears to make it impossible to post a comment on news sites that use Facebook comments.

Disabling this new feature requires a user to open Settings, scroll to the bottom and click Show advanced settings, find the Content Settings button in Privacy and uncheck Block third-party cookies and site data.

Before this is enabled by default, I'd like to see an easy way for users to whitelist websites that they use. Blocking needs to be smarter as third-party cookies aren't necessarily evil; it depends on what features the user wants.

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: chromium-browser 28.0.1500.52-0ubuntu2 [origin: unknown]
ProcVersionSignature: Ubuntu 3.9.0-7.15-generic 3.9.7
Uname: Linux 3.9.0-7-generic x86_64
NonfreeKernelModules: ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs reiserfs ext2 overlayfs nls_utf8 isofs pci_stub vboxpci vboxnetadp vboxnetflt vboxdrv parport_pc ppdev rfcomm bnep dm_crypt intel_powerclamp coretemp kvm_intel kvm joydev crc32_pclmul ghash_clmulni_intel arc4 cryptd ath9k dm_multipath scsi_dh ath9k_common ath9k_hw uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core ath snd_hda_codec_hdmi snd_hda_codec_conexant mac80211 snd_hda_intel videodev ath3k btusb snd_hda_codec bluetooth cfg80211 snd_hwdep snd_pcm psmouse microcode toshiba_acpi toshiba_bluetooth serio_raw sparse_keymap snd_page_alloc snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer snd mei soundcore lpc_ich mac_hid lp parport btrfs xor zlib_deflate raid6_pq libcrc32c dm_mirror dm_region_hash dm_log ums_realtek usb_storage i915 i2c_algo_bit drm_kms_helper drm atl1c ahci libahci wmi video
ApportVersion: 2.10.2-0ubuntu3
Architecture: amd64
CrashDB: ubuntu
Date: Thu Jun 27 22:54:27 2013
Desktop-Session:
 DESKTOP_SESSION = gnome
 XDG_CONFIG_DIRS = /etc/xdg/xdg-gnome:/etc/xdg
 XDG_DATA_DIRS = /usr/share/gnome:/usr/local/share/:/usr/share/
Env:
 MOZ_PLUGIN_PATH = None
 LD_LIBRARY_PATH = None
InstallationDate: Installed on 2013-06-14 (13 days ago)
InstallationMedia: Ubuntu-GNOME 13.10 "Saucy Salamander" - Alpha amd64 (20130613)
MarkForUpload: True
SourcePackage: chromium-browser
ThirdParty: True
UpgradeStatus: No upgrade log present (probably fresh install)
chromium-default: CHROMIUM_FLAGS=""
gconf-keys: /desktop/gnome/applications/browser/exec = b'firefox\n'/desktop/gnome/url-handlers/https/command = b'firefox %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'firefox %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b'gnome\n'/desktop/gnome/interface/gtk_theme = b'Clearlooks\n'

Revision history for this message
Jeremy Bicha (jbicha) wrote :
Revision history for this message
Saikrishna Arcot (saiarcot895) wrote :

You can manually whitelist cookies, regardless of whether it is third-party or not. When you come across a website that is blocking third-party cookies necessary for functionality, a broken cookie icon with a red x will appear on the right side of the omnibox. Click on it, click on the option to see the data, switch to the Blocked tab, select domains to explicitly allow cookies from, and click on the Allow button. That should then allow cookies from that website. Alternatively, you can click on the page icon (lock icon in case of a secure/partially secure website) on the left side of the omnibox to see cookies and manage policies for the website.

Revision history for this message
Chad Miller (cmiller) wrote :

Since the way to turn on third-party cookies for an individual web site had to be explained by Saikrishna, maybe that is the real bug -- that it should be more obvious when those are blocked and how to un-block them.

Changed in chromium-browser (Ubuntu):
status: New → In Progress
assignee: nobody → Chad Miller (cmiller)
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu):
assignee: Chad Miller (cmiller) → nobody
status: In Progress → New
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers