Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

Total Cookie Protection Breaks site

  • 4 àwọn èsì
  • 0 ní àwọn ìṣòro yìí
  • 1 view
  • Èsì tí ó kẹ́hìn lọ́wọ́ Gowtham CV

more options

Hi Team,

Let me explain how our website is designed first. We have site "A", and inside it we have embedded site "B" via iframe. Site "B" contains various items in local storage based on the operation performed. So, in dev tools, we can see those local storage items under site "B". Now when clicking a link in site "B", it opens the same site ("B") in a new tab which will basically read all its local storage items. But when I open dev tools in this new tab, items of local storage is empty.

I have referred this document https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq Based on this, I disabled Enhanced Tracking Protection by clicking the toggle in the shield panel next to the address bar. Now, I can read items of local storage in new tab after disabling this setting. But, in earlier versions of Firefox I was able to access local storage for the above scenario. This got broke due to the Total Cookie Protection feature.

My doubt is that, we are not trying to access local storage of different host. We are only trying to access localstorage of Site "B" in a different tab. May I know if there is a way to fix this other than disabling Enhanced tracking protection ? Let us know if any code fix is available as well.

Hi Team, Let me explain how our website is designed first. We have site "A", and inside it we have embedded site "B" via iframe. Site "B" contains various items in local storage based on the operation performed. So, in dev tools, we can see those local storage items under site "B". Now when clicking a link in site "B", it opens the same site ("B") in a new tab which will basically read all its local storage items. But when I open dev tools in this new tab, items of local storage is empty. I have referred this document https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq Based on this, I disabled Enhanced Tracking Protection by clicking the toggle in the shield panel next to the address bar. Now, I can read items of local storage in new tab after disabling this setting. But, in earlier versions of Firefox I was able to access local storage for the above scenario. This got broke due to the Total Cookie Protection feature. My doubt is that, we are not trying to access local storage of different host. We are only trying to access localstorage of Site "B" in a different tab. May I know if there is a way to fix this other than disabling Enhanced tracking protection ? Let us know if any code fix is available as well.

All Replies (4)

more options

If there is no URL or screenshot of the issue no one can replicate nor verify what the issue is happening.

more options

Maybe try to create a cookie allow exception with the proper protocol.

more options

What is the setting for cookies in ETP in Settings > Privacy & Security? You could try the former setting "Cross-site tracking cookies".

more options

Terry said

What is the setting for cookies in ETP in Settings > Privacy & Security? You could try the former setting "Cross-site tracking cookies".

Hi, I tried setting "Cross-site tracking cookies" in settings. This indeed fixes the issue. But documentation of mozilla states that "Disabling Total Cookie Protection will make it easier for sites to track you. But Enhanced Tracking Protection will still provide some baseline protection in standard mode." . So, thinking if this option is a better way. Is there any other safer way or code fix for this issue?