Do I need to add separate cookie exceptions for HTTP and HTTPS?
In the “Exceptions - Cookies and Site Data” dialog (Options > Privacy & Security > Cookies and Site Data > Exceptions), entering a domain as “foo.example.com” creates an entry for “http://foo.example.com”. Explicitly entering “https://foo.example.com” creates an entry for “https://foo.example.com”.
I don't really know how cookies work with HTTP/S. Is it useful to have an entry for each protocol? Or does the “http://...” entry cover both already? If both are necessary, is there a way to add and remove them together, automatically? It seems like a pretty unlikely case to want different rules per protocol.
Chosen solution
Well, the exception needs to match the site. In some cases, a site may support both HTTP and HTTPS access. In that case, you need to add both.
For many years, Firefox did not care what protocol was used with a site, the permissions would apply regardless. However, at some point it was decided that perhaps you might only want to grant permission for something when the site was using a secure connection, so now the protocol is required.
(I use the more general term permissions because the same approach applies to location/GPS access, microphone/camera access, and ability to set cookies, among others.)
Perhaps you can find an add-on which makes it easier to add both at once?
Read this answer in context 👍 1All Replies (2)
Chosen Solution
Well, the exception needs to match the site. In some cases, a site may support both HTTP and HTTPS access. In that case, you need to add both.
For many years, Firefox did not care what protocol was used with a site, the permissions would apply regardless. However, at some point it was decided that perhaps you might only want to grant permission for something when the site was using a secure connection, so now the protocol is required.
(I use the more general term permissions because the same approach applies to location/GPS access, microphone/camera access, and ability to set cookies, among others.)
Perhaps you can find an add-on which makes it easier to add both at once?
Thanks, that clears it up.
Hmm, maybe this is a candidate for for a UI bug. Checkboxes or something for “HTTP/HTTPS/both” would help a lot and make sense in modern usage.