Avatar for Username

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Do I need to add separate cookie exceptions for HTTP and HTTPS?

  • 2 відповіді
  • 1 має цю проблему
  • 1 перегляд
  • Остання відповідь від P1h3r1e3d13

P1h3r1e3d13
P1h3r1e3d13
more options

In the “Exceptions - Cookies and Site Data” dialog (Options > Privacy & Security > Cookies and Site Data > Exceptions), entering a domain as “foo.example.com” creates an entry for “http://foo.example.com”. Explicitly entering “https://foo.example.com” creates an entry for “https://foo.example.com”.

I don't really know how cookies work with HTTP/S. Is it useful to have an entry for each protocol? Or does the “http://...” entry cover both already? If both are necessary, is there a way to add and remove them together, automatically? It seems like a pretty unlikely case to want different rules per protocol.

In the “Exceptions - Cookies and Site Data” dialog (Options > Privacy & Security > Cookies and Site Data > Exceptions), entering a domain as “foo.example.com” creates an entry for “http://foo.example.com”. Explicitly entering “https://foo.example.com” creates an entry for “https://foo.example.com”. I don't really know how cookies work with HTTP/S. Is it useful to have an entry for each protocol? Or does the “http://...” entry cover both already? If both are necessary, is there a way to add and remove them together, automatically? It seems like a pretty unlikely case to want different rules per protocol.

Обране рішення

Well, the exception needs to match the site. In some cases, a site may support both HTTP and HTTPS access. In that case, you need to add both.

For many years, Firefox did not care what protocol was used with a site, the permissions would apply regardless. However, at some point it was decided that perhaps you might only want to grant permission for something when the site was using a secure connection, so now the protocol is required.

(I use the more general term permissions because the same approach applies to location/GPS access, microphone/camera access, and ability to set cookies, among others.)

Perhaps you can find an add-on which makes it easier to add both at once?

Читати цю відповідь у контексті 👍 1

Усі відповіді (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

Вибране рішення

Well, the exception needs to match the site. In some cases, a site may support both HTTP and HTTPS access. In that case, you need to add both.

For many years, Firefox did not care what protocol was used with a site, the permissions would apply regardless. However, at some point it was decided that perhaps you might only want to grant permission for something when the site was using a secure connection, so now the protocol is required.

(I use the more general term permissions because the same approach applies to location/GPS access, microphone/camera access, and ability to set cookies, among others.)

Perhaps you can find an add-on which makes it easier to add both at once?

P1h3r1e3d13
P1h3r1e3d13 Власник питання
more options

Thanks, that clears it up.

Hmm, maybe this is a candidate for for a UI bug. Checkboxes or something for “HTTP/HTTPS/both” would help a lot and make sense in modern usage.