On Fri, 16 Apr 2021 17:26:36 +0300 Reco <recovery...@enotuniq.net> wrote:
> Hi. > > On Fri, Apr 16, 2021 at 09:45:13AM -0400, Celejar wrote: > > I have various web (HTTP, not HTTPS) apps (e.g., pi-hole, Home > > Assistant) running on localhost (either actually on localhost, or on > > another host but accessed via 'localhost' via ssh port forwarding > > (LocalForward) that require cookies to function (even before logging > > in). When Firefox is set to block all cookies, these don't work - even > > though I have an exception set to allow cookies from localhost. > > Because firefox cookie exceptions actually apply to schema-hostname-port > triplet, but not to the hostname itself. > I.e. if you allowed Firefox to store cookies from http://localhost:80 > (what you've called "localhost"), but trying to use > http://localhost:8080 to access some HTTP service - cookies from > http://localhost:8080 won't be allowed. Awesome, thanks so much! I think I once came up with that idea myself, but discarded it since "Manage Cookies and Site Data" doesn't show port numbers, only hostnames. But adding 'http:/localhost:nnnn' does indeed work (and it shows up as schema-hostname-port in "Exceptions - Cookie and Site Data"). > > (Examining the cookie store ("Manage Cookies and Site Data") > > doesn't show any cookies stored from any site other than localhost.) > > "Manage Cookies and Site Data" was likely written on the assumption that > a single hostname provides a single site, at most serving both HTTP and > HTTPS versions of the same content. I suspect that your usecase differs > from these assumptions somewhat. Interesting. I thought my usecase was a pretty straightforward one - I have various typical home user services that I have no intention of making available on the public internet, so I don't bother with SSL, but I do want to access them relatively securely across my local network. port forwarding via ssh seemed like an easy and solid solution, but perhaps it's not commonly done. Thanks again, Celejar