Firefox cookies

[crackcomm]

Force acception cookies seem not to work. In network I've seen 302 Found on POST and 404 Not found on GET to https://jmurnk64.api.sanity.io/v1/auth/testCookie.

It's same for localhost and manage.sanity.io, it works on Chrome.

[bjoerge]

Hi @crackcomm! Thanks for reporting.

I'm not able to reproduce this (Firefox 57, clean profile). Did this by any chance happen in a private window? If not, which version of Firefox were you using?

Ping @skogsmaskin

[skogsmaskin]

Hi @crackcomm, thank you for your report. Could it be that Firefox is configured to never accept third party cookies? It needs to be set to "Accept from visited" in order to work with our login.

[crackcomm]

@bjoerge I forgot to mention it happened on Firefox Developer Edition 57.0b14 (64-bit). It was not a private window.

I cannot find in settings nothing about cookies except

Firefox Developer Edition will remember your browsing, download, form and search history, and keep cookies from websites you visit.You may want to clear your recent history, or remove individual cookies.

When I search sanity.io only one cookie is found for api.sanity.io and it's name is connect.sid.

[skogsmaskin]

That cookie is the temporary cookie set during the login flow. The final authentication cookie is called sanitySession.

I have now tested with Firefox Nightly (v. 58) and I can't reproduce this with any setting. :(

The cookie settings in Firefox is under "Privacy and Security". Then under the heading "History", and if it is set to "Never remember history" or "Remember history", all the cookie settings will be hidden (doh). Switch to "Use custom settings for history" in order to see the actual cookie settings.

[crackcomm]

Accept third-party cookies is set to Always.

[skogsmaskin]

@crackcomm, Ok, I think I've been able to reproduce this. Seems like it is related to the setting "Always use private browsing mode" in Firefox:

I only was able to reproduce this when "Always use private browsing mode" is checked, and "Accept third-party cookies" was set to "From visited". I see you have it set to "Always". Maybe that is a difference from the official version (57) and your version (58). Anyway, it seems like there might be a bug in Firefox here, as "Accept from visited" definitely should allow our cookie to be set.

[crackcomm]

I am not using this option though.

[skogsmaskin]

That is really weird @crackcomm. Could it be that you are using any extensions that may block it somehow? (Thank you for your time helping us to debug this btw.)

[crackcomm]

I was indeed using adblock but I turned it off after first try. Now I tried with all add-ons disabled.

[crackcomm]

I now confirmed it works on same Firefox version but on Linux.

[skogsmaskin]

OK, I guess this can be closed then. However I think Firefox has a bug when in a private window. It doesn't seem to respect the "Accept cookies from visited" policy. But that that is something for a bug report in Bugzilla. Thank you for debugging this with ut @crackcomm.