[Solved] Re: localhost web apps and cookie blocking

To: debian-user@lists.debian.org
Subject: [Solved] Re: localhost web apps and cookie blocking
From: Celejar <celejar@gmail.com>
Date: Fri, 16 Apr 2021 10:47:15 -0400
Message-id: <[🔎] 20210416104715.3ec991b7eedb3b66808211fa@gmail.com>
In-reply-to: <[🔎] E1lXPQo-0004hn-KC@enotuniq.net>
References: <[🔎] 20210416094513.19f00eb9d529e0ff45ef357b@gmail.com> <[🔎] E1lXPQo-0004hn-KC@enotuniq.net>

On Fri, 16 Apr 2021 17:26:36 +0300
Reco <recoverym4n@enotuniq.net> wrote:

> 	Hi.
> 
> On Fri, Apr 16, 2021 at 09:45:13AM -0400, Celejar wrote:
> > I have various web (HTTP, not HTTPS) apps (e.g., pi-hole, Home
> > Assistant) running on localhost (either actually on localhost, or on
> > another host but accessed via 'localhost' via ssh port forwarding
> > (LocalForward) that require cookies to function (even before logging
> > in). When Firefox is set to block all cookies, these don't work - even
> > though I have an exception set to allow cookies from localhost.
> 
> Because firefox cookie exceptions actually apply to schema-hostname-port
> triplet, but not to the hostname itself.
> I.e. if you allowed Firefox to store cookies from http://localhost:80
> (what you've called "localhost"), but trying to use
> http://localhost:8080 to access some HTTP service - cookies from
> http://localhost:8080 won't be allowed.

Awesome, thanks so much! I think I once came up with that idea myself,
but discarded it since "Manage Cookies and Site Data" doesn't show port
numbers, only hostnames. But adding 'http:/localhost:nnnn' does indeed
work (and it shows up as schema-hostname-port in "Exceptions - Cookie
and Site Data").

> > (Examining the cookie store ("Manage Cookies and Site Data")
> > doesn't show any cookies stored from any site other than localhost.)
> 
> "Manage Cookies and Site Data" was likely written on the assumption that
> a single hostname provides a single site, at most serving both HTTP and
> HTTPS versions of the same content. I suspect that your usecase differs
> from these assumptions somewhat.

Interesting. I thought my usecase was a pretty straightforward one - I
have various typical home user services that I have no intention of
making available on the public internet, so I don't bother with SSL,
but I do want to access them relatively securely across my local
network. port forwarding via ssh seemed like an easy and solid
solution, but perhaps it's not commonly done.

Thanks again,

Celejar

Reply to:

Follow-Ups:
- Re: [Solved] Re: localhost web apps and cookie blocking
  - From: Dan Ritter <dsr@randomstring.org>

References:
- localhost web apps and cookie blocking
  - From: Celejar <celejar@gmail.com>
- Re: localhost web apps and cookie blocking
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: localhost web apps and cookie blocking
Next by Date: Re: [Solved] Re: localhost web apps and cookie blocking
Previous by thread: Re: localhost web apps and cookie blocking
Next by thread: Re: [Solved] Re: localhost web apps and cookie blocking
Index(es):
- Date
- Thread