would there be a way to have extension work with privacy.firstparty.isolate = true?

[jawz101]

I like the concept behind that preference though I can't have both this extension and that Firefox pref enabled.

[pes10k]

@jawz101 Hmm, this would be good to get sorted out. However, i'm not able to find Mozilla documentation on what the flag does exactly. Do you have a link to something like that, or can you describe what changes in further detail? If I can get the extension working, I will for sure make this change :)

[Thorin-Oakenpants]

@jawz101 - I am unaware of issues with WebAPI Manager and FPI - can you elaborate?

---

Peter, here's a list of some bugzilla tickets to do with FPI - the meta ticket link is in the intro. However, that doesn't exactly explain things

FPI is causing issues to pop up all the time - eg Extensions can't yet handle cookies and subsequent storage when cookies have Origin Attributes ^firstparty. This is one many side-effects and FPI is not quite ready yet IMO.

Because it's still in development, it is off by default, and documentation is completely lacking (except in bugzilla and tortrac tickets). When/if they do flip it on, it is likely to only be in Private Browsing mode.

privacy.firstyparty.isolate is available though the Privacy API from FF58+ 1409045 and MDN info - so you could build in detecting if this is enabled or not in your dashboard and provide a warning or whatnot

PS: same goes for privacy.resistFingerprinting if that is causing issues

[jawz101]

@Thorin-Oakenpants when this add-on first came out I couldn't get the web console to log when things were blocked. It may have been resolved by now when Quantum was released.

[jawz101]

Ok. If I have privacy.firstparty.isolate = true and go to the web console while loading a page I get this line at the top of the web console

"Unable to find the Web API Manager settings for https://forum.xda-developers.com/"

Set it to privacy.firstparty.isolate = false, refresh web page, that message goes away.

[jawz101]

[ghost]

Same expirience here, been wondering about the console log after having deployed https://addons.mozilla.org/en-GB/firefox/addon/restrict-to-domain/

[pes10k]

@n8v8R @jawz101 My plan for this is to

1. not worry about it for a while, until Mozilla decides to enable it in by default in any mode.
2. If / when they do, I'll have the Firefox version of the extension start using webRequest.filterResponseData to avoid the issues with the cookie, and keep the Chrome version continuing with the cookie approach

As long as I can though, I'd like to keep both versions using the same approach, to make debugging / etc easier.

And, as a side benefit, the cookie approach in the extension seems to be triggering rarely used code paths in the Mozilla base, which is working out some bugs, which is nice too.

I'm going to mark this as closed for the medium term though, until mozilla makes some further decision on the preference. If anything changes though, please re-open or let me know. Thanks!

[jawz101]

And, as a side benefit, the cookie approach in the extension seems to be triggering rarely used code paths in the Mozilla base, which is working out some bugs, which is nice too.

Yeah. I really love this add-on. I hope more eyes start taking a look at it because it could probably reveal a lot in both browsers, standards, and the state of the web.

[ghost]

@snyderp Certainly understand your sentiment, considering that Mozilla is still cooking on WE and new privacy measures. FPI is apparently impacting cookie managment too and there are several bugs open in the bugzilla.

Similar issue with CSP and styling extentions. Those developers are heading already heading down the webRequest route.

Seems that Mozilla got a bit overwhelmed with WE API (or the lack thereof) and are now swamped with bugs. Maybe they will be better sorted by version 59/60 of FF, which is still a long way..