[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: localhost web apps and cookie blocking

	Hi.

On Fri, Apr 16, 2021 at 09:45:13AM -0400, Celejar wrote:
> I have various web (HTTP, not HTTPS) apps (e.g., pi-hole, Home
> Assistant) running on localhost (either actually on localhost, or on
> another host but accessed via 'localhost' via ssh port forwarding
> (LocalForward) that require cookies to function (even before logging
> in). When Firefox is set to block all cookies, these don't work - even
> though I have an exception set to allow cookies from localhost.

Because firefox cookie exceptions actually apply to schema-hostname-port
triplet, but not to the hostname itself.
I.e. if you allowed Firefox to store cookies from http://localhost:80
(what you've called "localhost"), but trying to use
http://localhost:8080 to access some HTTP service - cookies from
http://localhost:8080 won't be allowed.

> (Examining the cookie store ("Manage Cookies and Site Data")
> doesn't show any cookies stored from any site other than localhost.)

"Manage Cookies and Site Data" was likely written on the assumption that
a single hostname provides a single site, at most serving both HTTP and
HTTPS versions of the same content. I suspect that your usecase differs
from these assumptions somewhat.

Reco
Reply to: