Site can read cookies even though they are blocked #987
Comments
|
+1 I'll add that sites can write cookies even though they are blocked in the matrix. Note that it seems to be related to first party cookies only (third party are blocked by firefox anyway so I can't tell). Firefox 61.0a1 and uMatrix 1.3.4. |
|
@guakamole Writing cookies is allowed by uMatrix. Read the doc. |
|
uMatrix is working properly. Cookies are not leaving your browser at all. |
|
Thank you for your answers. I didn't know that cookies are actually allowed to be written. This is quite counter-intuitive. When I block something in the matrix, I would expect for it to be... blocked. And if people want to inspect what is going on (as stated in the doc), free for them to temporarily unblock the domain in the matrix. There is still a problem somewhere anyway, even with the "Delete blocked cookies" option checked, cookies never get deleted. Here are my settings:
By the way, what is up with the 15min limit ? Why can't I set it to 5 or 10min ? |
|
They are currently issues with cookie deletion in some cases, see #878. The minimum interval is set by the browser AFAIK. |
|
That requirement is most of the times a workaround to bypass adblockers or grab as much data as possible from the visitor's browsers. That's why we should block scripts when not needed. |
|
The idea is if someone is unhappy with the 0-120 seconds gap before cookies are deleted by uMatrix, whitelist cookies in uMatrix and use a specialized extension which does what you want if you can find one. |
Cookie-AutoDelete works great for me with uMatrix and uBlock Origin: |
solved - umatrix does currently (April 2018) not block JS from reading cookies, therefore the cookie block can be easily circumvented
The text was updated successfully, but these errors were encountered: