Hi Ehsan, I'm coming back to this thread because a user asked why Firefox was not working for him. I had another thought I wanted to run by you. You previously wrote,
> According to the original screenshot in the thread, your web page is > sending an HTTP request to https://www.reddit.com/api/v1/access_token. If > the user has previously visited reddit.com, this request will include the > user's reddit cookies normally. Also, the HTTP request I mentioned before > has a Referer header that points to the address of your web page by default > in most browsers. So Reddit will be able to tell which user has visited > which page on your site. In other word, Reddit will be able to see the > user's browsing history, as if they had access to the user's computer. Could Firefox selectively choose _not_ to send cookies and the referrer header in this case? This seems like a possible compromise to me for sites like revddit which rely on accessing a social media site's API with non-user-specific credentials in order to function. Regards, Rob _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
