GNOME Bugzilla – Bug 337826
Ability to accept/reject cookies on a per-case basis
Last modified: 2015-09-24 17:55:40 UTC
With the abundant use of cookies in advertising, or other cases of tracking not actually neccesitated by the use of the website, firefox's abililty to "ask every time" when setting cookies is useful. It allows me to decide exactly how much of my private browsing activity is made available back to the website. The current preference dialog lacks such an option. It was not immediatly obvious to me if an gconf option/about:config option/extension provides such a privacy-protection feature in cookie management.
I think this is related to http://bugs.debian.org/357904 Theoretically, it is possible to set the network.cookie.lifetimePolicy option to obtain this behavior, but in this case epiphany just stalls instead of showing the dialog box. According to the bug submitter, this used to work when building against mozilla, but it doesn't work when using xulrunner, so this bug should be a regression and not a feature request.
I really would like this feature too please, just a "Ask me" dialog box would be great please. This is one of the thing that miss me a lot in Epiphany.
If this is in fact a regression, then this is priority high, and not an enhancement request. Changing accordingly, unless someone feels this is in error.
Not a regression. Epiphany has never supported these prefs before.
Created attachment 83736 [details] [review] implement cookie prompt service
Committed to trunk. Leaving this bug open for eventually adding a pref in the prefs dialogue for this.
I saw a screenshot of this patch here: http://www.0d.be/captures/epiphany-accept-cookie.png This dialog, especially the 'apply this decision to all cookies' checkbox looks very "un-Epiphany" to me. Yes, we should have a way in Personal Information > Cookies to revert the decision. But not only that. The secondary explanation adds no information whatsoever. It should say something like "If you reject the cookie, the functionality of the site may be reduced. If you accept, the site may track your visits, thereby invading your privacy." Then, I think there should be four buttons and no checkboxes: [Reject Always] [[Reject Once]] [Accept Always] [Accept once].
Is this dialog enabled by default? If so, why? It probably doesn't buy you any security. Most users will just instinctively click "accept" aka "just let me view the *bleep*ing page instead of interrupting me with stupid questions". It does however interrupt the user's flow and asks a question they haven't got the slightest chance to give an "educated" answer to. Nor should they. (Accept cookie?... yes, why not... I like cookies...). (By educated I mean most people don't want to know how or have to time to learn how a browser works.) How does this increase security? Havoc had a blog post about a similar dialog a couple of years ago, the ssl certificate dialog (but I can't find it right now). Also, there was a big thread on one of the Fedora mailinglists (if I remember correctly... or was it desktop-devel... oh well, can't find that quickly right now either) about dialogs like these. In short, these dialogs are a way for us (programmers) to cop out and dump the responsibility on the user. There are better ways. </rant> :)
If it's not enabled by default, please ignore the spam.
Martin: it is not enabled by default, to enable it you need to go in about:config and set network.cookie.lifetimePolicy to 1. However, i agree with Reinout to the "un-Epiphany"-ness of this dialog. Also, it would be good to add an "Ask" option to "Preferences -> Privacy -> Cookies" to enable it, instead of messing with about:config (I can provide a patch if you agree with this).
Reinout: The current secondary text tells you whether you already have cookies from that site (If you do have one, it says "The site %s wants to set another cookie. You already have %d cookies from this site."), but the text when you don't have any cookies yet doesn't make that clear, it could certainly be improved. Code is in embed/mozilla/GeckoCookiePromptService.cpp, if anyone wants to fix it :)
I'd have to disagree with you Reinout. I don't see how a checkbox is "un-Epiphany". Having a complete sentence asking if you would like to accept all cookies from this site makes more sense than [Always Accept] or [Always Reject]. Having buttons like that would make me wonder; if by "Always" does the program mean that particular cookie, or all cookies from that site? Plus I think that the current screenshot of the dialog looks very clean and simple and is easier on the eyes than a dialog with four buttons would be. Also, typically when a dialog asks a question, it almost always has two buttons or in less common cases three (ex: a cancel button on a save dialog). That is just my opinion though. This debate would probably be better if brought to the mailing list than through Bugzilla if we want to get some more opinions or suggestions on the issue.
@Nicholas: feel free to bring it up on epiphany-list. Thanks.
The "fix" was only for Epiphany/Gecko. The same should also be possible with Epiphany/Webkit in the future. Also, I think this really belongs into the preferences: Cookies ( ) Always accept (o) Ask me ( ) Never accept [x] Accept only from sites I visit "Only from sites you visit" does not belong into the radio as it should cover both "Always accept" and "Ask me". The string should be "I", as it is the user who reads the dialog (not the dialog talking to the user).
Not going to ask about each individual cookie....