Hi. On Fri, Apr 16, 2021 at 09:45:13AM -0400, Celejar wrote: > I have various web (HTTP, not HTTPS) apps (e.g., pi-hole, Home > Assistant) running on localhost (either actually on localhost, or on > another host but accessed via 'localhost' via ssh port forwarding > (LocalForward) that require cookies to function (even before logging > in). When Firefox is set to block all cookies, these don't work - even > though I have an exception set to allow cookies from localhost.
Because firefox cookie exceptions actually apply to schema-hostname-port triplet, but not to the hostname itself. I.e. if you allowed Firefox to store cookies from http://localhost:80 (what you've called "localhost"), but trying to use http://localhost:8080 to access some HTTP service - cookies from http://localhost:8080 won't be allowed. > (Examining the cookie store ("Manage Cookies and Site Data") > doesn't show any cookies stored from any site other than localhost.) "Manage Cookies and Site Data" was likely written on the assumption that a single hostname provides a single site, at most serving both HTTP and HTTPS versions of the same content. I suspect that your usecase differs from these assumptions somewhat. Reco