From 3207478033fefc19e933dab4eef6445125341ec4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 10 May 2022 15:03:36 +0000 Subject: [PATCH] make 2803 inactive: thirdparty.sessionOnly reasons why - third party cookies are NOT are not real ... they are partitioned to the first party (with dFPI) - at the very least nonsecure is redundant - no one in this day and age is going to want the config of keeping all secure but not insecure, it doesn't make any sense: especially since 85% (from memory) of traffic from telemetry is secure, and 70+% of the top 1M sites are secure ( https://scotthelme.co.uk/top-1-million-analysis-november-2021/ shows almost 72% of the sites in the Top 1 Million now actively **_redirecting_** traffic to use HTTPS) - in other words, the reasons for keeping secure cookies (like banks, logins) but ditching the rest in the old days are over as being secure is not a distinction, but the norm - we previously blocked all third party cookies, so this was never really used - we then moved to lifetime pref = 2 (which makes everything session only), so again, this isn't really adding anything - we sanitize on close (always have) - we will be moving off lifetime pref (because deprecation), but we still sanitize on close - when we move off lifetime pref, I think these prefs could cause issues with dFPI / sanitizing (wouldn't surprise me: they are old and outdated as a concept), and I think we're better off making them inactive We could also remove them. If that's not enough to convince you, then I have no more words --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index df7b372..0937912 100644 --- a/user.js +++ b/user.js @@ -799,8 +799,8 @@ user_pref("network.cookie.lifetimePolicy", 2); * [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and * .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ -user_pref("network.cookie.thirdparty.sessionOnly", true); -user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] + // user_pref("network.cookie.thirdparty.sessionOnly", true); + // user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] /** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/ /* 2810: enable Firefox to clear items on shutdown (2811)