Search completed in 1.44 seconds.
Using HTTP cookies - HTTP
an http
cookie (web
cookie, browser
cookie) is a small piece of data that a server sends to the user's web browser.
...
cookies are mainly used for three purposes: session management logins, shopping carts, game scores, or anything else the server should remember personalization user preferences, themes, and other settings tracking recording and analyzing user behavior
cookies were once used for general client-side storage.
...
cookies are sent with every request, so they can worsen performance (especially for mobile data connections).
...And 63 more matches
nsICookieService
netwerk/
cookie/public/nsi
cookieservice.idlscriptable provides methods for setting and getting
cookies in the context of a page load.
... inherits from: nsisupports last changed in gecko 1.9 (firefox 3) see nsi
cookiemanager and nsi
cookiemanager2 for methods to manipulate the
cookie database directly.
... var
cookiesvc = components.classes["@mozilla.org/
cookieservice;1"] .getservice(components.interfaces.nsi
cookieservice); notifications this service broadcasts the following notifications when the
cookie list is changed, or a
cookie is rejected: topic subject data
cookie-changed broadcast whenever the
cookie list changes in some way.
...And 40 more matches
Set-Cookie - HTTP
the set-
cookie http response header is used to send a
cookie from the server to the user agent, so the user agent can send it back to the server later.
... to send multiple
cookies, multiple set-
cookie headers should be sent in the same response.
... browsers block frontend javascript code from accessing the set
cookie header, as required by the fetch spec, which defines set-
cookie as a forbidden response-header name that must be filtered out from any response exposed to frontend code.
...And 37 more matches
nsICookieManager2
the nsi
cookiemanager2 interface contains additional methods that expand upon the nsi
cookiemanager interface.
... netwerk/
cookie/nsi
cookiemanager2.idlscriptable please add a summary to this article.
... last changed in gecko 1.9.2 (firefox 3.6 / thunderbird 3.1 / fennec 1.0) inherits from: nsi
cookiemanager this interface is included in the services.jsm javascript code module.
...And 34 more matches
Document.cookie - Web APIs
the document property
cookie lets you read and write
cookies associated with the document.
... it serves as a getter and setter for the actual values of the
cookies.
... syntax read all
cookies accessible from this location all
cookies = document.
cookie; in the code above all
cookies is a string containing a semicolon-separated list of all
cookies (i.e.
...And 33 more matches
nsICookiePermission
the nsi
cookiepermission interface is used to test for
cookie permissions netwerk/
cookie/nsi
cookiepermission.idlscriptable please add a summary to this article.
... last changed in gecko 1.9 (firefox 3) inherits from: nsisupports method overview ns
cookieaccess canaccess(in nsiuri auri, in nsichannel achannel); boolean canset
cookie(in nsiuri auri, in nsichannel achannel, in nsi
cookie2 a
cookie, inout boolean aissession, inout print64 aexpiry); nsiuri getoriginatinguri(in nsichannel achannel); void setaccess(in nsiuri auri, in ns
cookieaccess aaccess); constants constant value description access_default 0 ns
cookieaccess's access default value access_allow 1 ns
cookieaccess's access allow value access_deny 2 ns
cookieaccess's access deny value access_session 8 additional values for ns
cookieaccess, which are not directly used by any methods on this interface, but are nevertheless convenient to define here.
... methods canaccess() tests whether or not the given uri/channel may access the
cookie database, either to set or get
cookies.
...And 18 more matches
Cookies - Firefox Developer Tools
when you select an origin inside the
cookies storage type from the storage tree, all the
cookies present for that origin will be listed in a table.
... the
cookies table has the following columns: name — the name of the
cookie.
... value — the value of the
cookie.
...And 18 more matches
Storage access policy: Block cookies from trackers
firefox includes a new storage access policy that blocks
cookies and other site data from third-party tracking resources.
... this policy is designed as an alternative to the older
cookie policies, which have been available in firefox for many years.
... this policy protects against cross-site tracking while minimizing the site breakage associated with traditional
cookie blocking.
...And 15 more matches
nsICookie
an optional interface for accessing the http or javascript
cookie object.
... netwerk/
cookie/nsi
cookie.idlscriptable please add a summary to this article.
...expires = 0 represents a session
cookie.
...And 15 more matches
nsICookieManager
an optional interface for accessing or removing the
cookies that are in the
cookie list.
... netwerk/
cookie/nsi
cookiemanager.idlscriptable please add a summary to this article.
...it is implemented by the @mozilla.org/
cookiemanager;1 component, but should generally be accessed via services.
cookies method overview void remove(in autf8string ahost, in acstring aname, in autf8string apath, in boolean ablocked, in jsval aoriginattributes); void removeall(); attributes attribute type description enumerator nsisimpleenumerator called to enumerate through each
cookie in the
cookie list.
...And 13 more matches
SameSite cookies - HTTP
the samesite attribute of the set-
cookie http response header allows you to declare if your
cookie should be restricted to a first-party or same-site context.
... values the samesite attribute accepts three values: lax
cookies are allowed to be sent with top-level navigations and will be sent along with get request initiated by third party website.
... strict
cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
...And 12 more matches
nsICookiePromptService
the nsi
cookiepromptservice interface is to open a dialog to ask to permission to accept the
cookie.
... extensions/
cookie/nsi
cookiepromptservice.idlscriptable please add a summary to this article.
... last changed in gecko 1.9 (firefox 3) inherits from: nsisupports method overview long
cookiedialog(in nsidomwindow parent, in nsi
cookie cookie, in acstring hostname, in long
cookiesfromhost, in boolean changing
cookie, out boolean rememberdecision); constants constant value description deny_
cookie 0 holds the value for a denying the
cookie.
...And 10 more matches
nsICookie2
the nsi
cookie2 interface provides information about a
cookie, and extends the nsi
cookie interface.
... netwerk/
cookie/nsi
cookie2.idlscriptable please add a summary to this article.
... last changed in gecko 1.9.2 (firefox 3.6 / thunderbird 3.1 / fennec 1.0) inherits from: nsi
cookie attributes attribute type description creationtime print64 the creation time of the
cookie, in microseconds since midnight (00:00:00), january 1, 1970 utc.
...And 8 more matches
nsICookieStorage
this interface represents the storage repository for
cookies.
... modules/plugin/base/public/nsi
cookiestorage.idlnot scriptable please add a summary to this article.
... last changed in gecko 1.7 inherits from: nsisupports method overview void get
cookie(in string a
cookieurl, in voidptr a
cookiebuffer, in pruint32ref a
cookiesize); void set
cookie(in string a
cookieurl, in constvoidptr a
cookiebuffer, in unsigned long a
cookiesize); methods get
cookie() retrieves a
cookie from the browser's persistent
cookie store.
...And 8 more matches
nsICookieConsent
netwerk/
cookie/public/nsi
cookieconsent.idlscriptable please add a summary to this article.
... last changed in gecko 1.9 (firefox 3) inherits from: nsisupports method overview void getconsent(); methods getconsent() gives a decision on what should be done with a
cookie, based on a site's p3p policy and the user's preferences.
... ns
cookiestatus getconsent( in nsiuri uri, in nsihttpchannel httpchannel, in boolean isforeign, out ns
cookiepolicy policy ); parameters uri the uri to find the policy for.
...And 7 more matches
Creating a Cookie Log
creating a
cookie log is often necessary to troubleshoot problems with firefox's
cookie handling.
...please follow the instructions below to run firefox with
cookie logging enabled.
... enabling
cookie logging windows open a command prompt (this is under programs or programs/accessories in normal installations of windows).
...And 6 more matches
Cookies Preferences in Mozilla
network.
cookie.
cookiebehavior default value: 0 0 = accept all
cookies by default 1 = only accept from the originating site (block third party
cookies) 2 = block all
cookies by default 3 = use p3p settings (note: this is only applicable to older mozilla suite and seamonkey versions.) 4 = storage access policy: block
cookies from trackers network.
cookie.lifetimepolicy default value: 0 0 = accept
cookies normally 1 = prompt for each
cookie (prompting was removed in firefox 44) 2 = accept for current session only 3 = accept for n days network.
cookie.lifetime.days default value...
...: 90 only used if network.
cookie.lifetimepolicy is set to 3 sets the number of days that the lifetime of
cookies should be limited to.
... network.
cookie.alwaysacceptsession
cookies default value: false only used if network.
cookie.lifetimepolicy is set to 1 true = accepts session
cookies without prompting false = prompts for session
cookies network.
cookie.thirdparty.sessiononly default value: false true = restrict third party
cookies to the session only false = no restrictions on third party
cookies network.
cookie.maxnumber default value: 1000 configures the maximum amount of
cookies to be stored valid range is from 0-65535, rfc 2109 and 2965 require this to be at least 300 network.
cookie.maxperhost default value: 50 configures the maximum amount of
cookies to be stored per host valid range is from 0-65535, rfc 2109 and 2965 require this to be at least 20 network.
cookie.disable
cookieformailnews default value: tru...
...And 4 more matches
Navigator.cookieEnabled - Web APIs
navigator.
cookieenabled returns a boolean value that indicates whether
cookies are enabled or not.
... syntax var
cookieenabled = navigator.
cookieenabled;
cookieenabled is a boolean: true or false.
... note: when the browser is configured to block third-party
cookies, and navigator.
cookieenabled is invoked inside a third-party iframe, it returns true in safari, edge spartan and ie (while trying to set a
cookie in such scenario would fail).
...And 4 more matches
Cookie - MDN Web Docs Glossary: Definitions of Web-related terms
a
cookie is a small piece of information left on a visitor's computer by a website, via a web browser.
...
cookies are used to personalize a user’s web experience with a website.
...a user can customize their web browser to accept, reject, or delete
cookies.
...And 2 more matches
nsICookieAcceptDialog
extensions/
cookie/nsi
cookieacceptdialog.idlscriptable this interface holds some constants for the
cookie accept dialog.
... inherits from: nsisupports last changed in gecko 1.7 constants constant value description accept_
cookie 0 value for accepting a
cookie object.
...
cookiesfromhost 3 value for holding the
cookie from the host.
...And 2 more matches
Set-Cookie2 - HTTP
the obsolete set-
cookie2 http response header used to send
cookies from the server to the user agent, but has been deprecated by the specification.
... use set-
cookie instead.
... header type response header forbidden header name no syntax set-
cookie2: <
cookie-name>=<
cookie-value> set-
cookie2: <
cookie-name>=<
cookie-value>; comment=<value> set-
cookie2: <
cookie-name>=<
cookie-value>; commenturl=<http-url> set-
cookie2: <
cookie-name>=<
cookie-value>; discard set-
cookie2: <
cookie-name>=<
cookie-value>; domain=<domain-value> set-
cookie2: <
cookie-name>=<
cookie-value>; max-age=<non-zero-digit> set-
cookie2: <
cookie-name>=<
cookie-value>; path=<path-value> set-
cookie2: <
cookie-name>=<
cookie-value>; port=<port-number> set-
cookie2: <
cookie-name>=<
cookie-value>; secure set-
cookie2: <
cookie-name>=<
cookie-value>; version=<version-number> // multiple directives are also possible, for example: set-
cookie2: <
cookie-name>=<
cookie-value>; domain=<domain-value>;...
...And 2 more matches
Cookie - HTTP
the
cookie http request header contains stored http
cookies previously sent by the server with the set-
cookie header.
... the
cookie header is optional and may be omitted if, for example, the browser's privacy settings block
cookies.
... header type request header forbidden header name yes syntax
cookie: <
cookie-list>
cookie: name=value
cookie: name=value; name2=value2; name3=value3 <
cookie-list> a list of name-value pairs in the form of <
cookie-name>=<
cookie-value>.
... examples
cookie: phpsessid=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1 specifications specification title rfc 6265, section 5.4:
cookie http state management mechanism ...
Cookies - Archive of obsolete content
reading existing
cookies
cookies for a given host, represented as nsi
cookie2 objects, can be enumerated as such: let enum = services.
cookies.get
cookiesfromhost("example.com"); while (enum.hasmoreelements()) { var
cookie = enum.getnext().queryinterface(ci.nsi
cookie2); dump(
cookie.host + ";" +
cookie.name + "=" +
cookie.value + "\n"); } all
cookies, regardless of host, can be enumerated using services.
cookies.enumerator rather than get
cookiesfromhost().
... setting a
cookie the following code demonstrates how to set a
cookie in firefox.
... services.
cookies.add(".host.example.com", "/
cookie-path", "
cookie_name", "
cookie_value", is_secure, is_http_only, is_session, expiry_date); see also document.
cookie nsi
cookie nsi
cookie2 nsi
cookieservice nsi
cookiemanager nsi
cookiemanager2 http
cookies ...
Blocked: Custom cookie permission
message firefox:
cookieblockedbypermission=request to access
cookies or storage on “x” was blocked because of custom
cookie permission.
... a request to access
cookies or storage was blocked because there's a custom user-defined permission set.
... the permission can be changed or removed by: going to preferences > content blocking >
cookies and site data clicking on the manage permissions button and updating the listed exceptions ...
nsICookie2 MOZILLA 1 8 BRANCH
netwerk/
cookie/public/nsi
cookie2.idlscriptable please add a summary to this article.
... last changed in gecko 1.9 (firefox 3) inherits from: nsi
cookie2 attributes attribute type description ishttponly boolean holds true if the
cookie is an http only
cookie.
... see also nsi
cookie2 ...
Cookies in Mozilla
creating a
cookie log steps to create and attach a
cookie log in order to aid in triaging a bug in
cookies.
...
cookies preferences in mozilla documentation on what the preferences used by the
cookies code actually do.
Cookie2 - HTTP
the obsolete
cookie2 http request header used to advise the server that the user agent understands "new-style"
cookies, but nowadays user agents will use the
cookie header instead, not this one.
... header type request header forbidden header name yes examples
cookie2: $version="1" specifications specification title rfc 2965:
cookie2 historic specification of http state management mechanism, obsoleted by rfc 6265 ...
Using XPCOM Components
in fact, virtually all of the functionality that you associate with a browser - navigation, window management, managing
cookies, bookmarks, security, searching, rendering, and other features - is defined in xpcom components and accessed by means of those component interfaces.
... this chapter demonstrates how mozilla uses some of these xpcom objects, such as the
cookiemanager, and shows how access to the weblock component will be defined.
...
cookie manager
cookie management is one of the many sets of functionality that is made available to the browser in the form of an xpcom component and that can be reused by developers who want similar functionality in their applications.
...And 31 more matches
Commenting IDL for better documentation
example this is an example of what the sample interface document idl would look like: /** * @brief a make-believe interface that eats and enjoys
cookies.
... * * @note the article's name should be simply "nsi
cookiemonster" but is not in * order to make it more obvious this is an example.
... * * @see nsi
cookie * @see nsi
cookiemanager */ /* * take note that this is not a doxygen style comment, there is only one * on * the line above.
...And 20 more matches
Migrating from Firebug - Firefox Developer Tools
xhr, dom,
cookie and error breakpoints are not supported yet (see bug 821610, bug 1004678, bug 895893 and bug 1165010).
...they contain a headers, params, response and
cookies panel.
... storage inspector the
cookies panel in firebug displays information related to the
cookies created by a page and allows to manipulate the information they store.
...And 15 more matches
Types of attacks - Web security
the user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any
cookies, session tokens, or other sensitive site-specific information, or lets the malicious script rewrite the html content.
...the variety of attacks based on xss is almost limitless, but they commonly include transmitting private data like
cookies or other session information to the attacker, redirecting the victim to a webpage controlled by the attacker, or performing other malicious operations on the user's machine under the guise of the vulnerable site.
...in this situation, someone includes an image that isn’t really an image (for example in an unfiltered chat or forum), instead it really is a request to your bank’s server to withdraw money: <img src="https://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory"> now, if you are logged into your bank account and your
cookies are still valid (and there is no other validation), you will transfer money as soon as you load the html that contains this image.
...And 13 more matches
XPCOM Examples - Archive of obsolete content
cookies next, we will get a list of
cookies that have been saved in the browser.
... the
cookie service can be used for such a purpose.
... it implements the nsi
cookiemanager interface which can be used to enumerate over all of the
cookies.
...And 12 more matches
Index
in fact, virtually all of the functionality that you associate with a browser - navigation, window management, managing
cookies, bookmarks, security, searching, rendering, and other features - is defined in xpcom components and accessed by means of those component interfaces.
...to create an instance, use: 448 nsi
cookie cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference an optional interface for accessing the http or javascript
cookie object.
... 449 nsi
cookie2
cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference the nsi
cookie2 interface provides information about a
cookie, and extends the nsi
cookie interface.
...And 12 more matches
Creating Sandboxed HTTP Connections
introduction starting with gecko 1.8.1 (firefox 2), it is possible to create sandboxed http connections which don't affect the user's
cookies.
... since nsistreamlistener does not cover
cookies, the current channel being used will need to be stored as a global, since another listener will be used for
cookie notifications (covered in the next section).
... }) } handling
cookies when sending a request,
cookies that apply to the url are sent with the http request.
...And 10 more matches
Cross-Origin Resource Sharing (CORS) - HTTP
servers can also inform clients whether "credentials" (such as
cookies and http authentication) should be sent with requests.
... requests with credentials the most interesting capability exposed by both xmlhttprequest or fetch and cors is the ability to make "credentialed" requests that are aware of http
cookies and http authentication information.
... in this example, content originally loaded from http://foo.example makes a simple get request to a resource on http://bar.other which sets
cookies.
...And 8 more matches
Index - Web APIs
876 document.
cookie api, dom, document, html dom, js, needsmarkupwork, reference, storage,
cookie the document property
cookie lets you read and write
cookies associated with the document.
... it serves as a getter and setter for the actual values of the
cookies.
... 877 simple
cookie framework
cookies,
cookie as
cookies are just specially formatted strings it is sometimes difficult to manage them.
...And 7 more matches
Client-Server Overview - Learn web development
client-side
cookies.
...
cookies contain session data about the client, including keys that the server can use to determine their login status and permissions/accesses to resources.
...ade-insecure-requests: 1 user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, like gecko) chrome/52.0.2743.116 safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 referer: https://developer.mozilla.org/ accept-encoding: gzip, deflate, sdch, br accept-charset: iso-8859-1,utf-8;q=0.7,*;q=0.7 accept-language: en-us,en;q=0.8,es;q=0.6
cookie: sessionid=6ynxs23n521lu21b1t136rhbv7ezngie; csrftoken=zipujsazv6pcgcbjscj1zu6pqzbfmuat; dwf_section_edit=false; dwf_sg_task_completion=false; _gat=1; _ga=ga1.2.1688886003.1471911953; ffo=true the first and second lines contain most of the information we talked about above: the type of request (get).
...And 6 more matches
Website security - Learn web development
because the injected code comes to the browser from the site, the code is trusted and can do things like send the user's site authorization
cookie to the attacker.
... when the attacker has the
cookie, they can log into a site as though they were the user and do anything the user can, such as access their credit card details, see contact details, or change passwords.
... while the data from post or get requests is the most common source of xss vulnerabilities, any data from the browser is potentially vulnerable, such as
cookie data rendered by the browser, or user files that are uploaded and displayed.
...And 5 more matches
Storage Inspector - Firefox Developer Tools
cookies — all the
cookies created by the page or any iframes inside of the page.
...
cookies created as a part of response of network calls are also listed, but only for calls that happened while the tool is open.
...for
cookies, the protocol does not differentiate the origin.
...And 5 more matches
Storage Access API - Web APIs
concepts and usage most browsers implement a number of storage access policies that restrict access to
cookies and site data for embedded, cross-origin resources.
... the semantics around third-party
cookie blocking policies in particular differ from browser to browser, but the core functionality is similar: cross-origin resources embedded in a third-party context are not given access to the same
cookies and site storage that they would have access to when loaded in a first-party context.
... these
cookie blocking policies are known to break embedded cross-origin content that requires access to its first-party storage.
...And 5 more matches
HTTP headers - HTTP
cookies, storage, cache) associated with the requesting website.
... max-forwards
cookies
cookie contains stored http
cookies previously sent by the server with the set-
cookie header.
... set-
cookie send
cookies from the server to the user-agent.
...And 4 more matches
HTTP Index - HTTP
45 http
cookies advertising, browser,
cookies,
cookies article, guide, http, history, javascript, privacy, protocols, server, storage, web development, data, request, tracking an http
cookie (web
cookie, browser
cookie) is a small piece of data that a server sends to the user's web browser.
... 68 clear-site-data http, http header, reference, header the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... 109
cookie cookies, http, reference, header, request the
cookie http request header contains stored http
cookies previously sent by the server with the set-
cookie header.
...And 4 more matches
nsIAlertsService
implemented by: @mozilla.org/alerts-service;1 as a service: var alertsservice = components.classes["@mozilla.org/alerts-service;1"] .getservice(components.interfaces.nsialertsservice); method overview void showalertnotification(in astring imageurl, in astring title, in astring text, [optional] in boolean textclickable, [optional] in astring
cookie, [optional] in nsiobserver alertlistener, [optional] in astring name, [optional] in astring dir, [optional] in astring lang, [optional] in astring data, [optional] in nsiprincipal principal,[optional] in boolean inprivatebrowsing); void closealert([optional] in astring name, [optional] in nsiprincipal principal); methods showalertnotification() displays a notification window.
... void showalertnotification( in astring imageurl, in astring title, in astring text, in boolean textclickable, optional in astring
cookie, optional in nsiobserver alertlistener, optional in astring name, optional in astring dir, optional in astring lang, optional in astring data, optional in nsiprincipal principal, optional in boolean inprivatebrowsing, optional ); parameters imageurl a url identifying the image to display in the notification alert.
...
cookie optional a blind
cookie the alert passes back to the consumer during alert listener callbacks.
...And 3 more matches
nsIHttpChannel
void getoriginalresponseheader( in acstring aheader, in nsihttpheadervisitor avisitor ); parameters aheader the case-insensitive name of the response header to query (for example "set-
cookie").
... acstring getresponseheader( in acstring header ); parameters header the case-insensitive name of the response header to query (for example "set-
cookie").
... void setemptyrequestheader( in acstring aheader ); parameters aheader the case-insensitive name of the request header to set (for example "
cookie").
...And 3 more matches
Network request list - Firefox Developer Tools
cookies: the number of request
cookies associated to the request.
... set-
cookies: the number of response
cookies associated to the request.
... has-response-header:cache-control has-response-header:x-firefox-spdy set-
cookie-domain shows the resources that have a set-
cookie header with a domain attribute that matches the specified value.
...And 3 more matches
Clear-Site-Data - HTTP
the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... // single directive clear-site-data: "cache" // multiple directives (comma separated) clear-site-data: "cache", "
cookies" // wild card clear-site-data: "*" directives all directives must comply with the quoted-string grammar.
... "
cookies" indicates that the server wishes to remove all
cookies for the origin of the response url.
...And 3 more matches
Index - HTTP
20 clear-site-data http, http header, reference, header the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... 54
cookie cookies, http, reference, header, request the
cookie http request header contains stored http
cookies previously sent by the server with the set-
cookie header.
... 55
cookie2 http, obsolete, reference, header, request the obsolete
cookie2 http request header used to advise the server that the user agent understands "new-style"
cookies, but nowadays user agents will use the
cookie header instead, not this one.
...And 3 more matches
Same-origin policy - Web security
cookies use a separate definition of origins.
... a page can set a
cookie for its own domain or any parent domain, as long as the parent domain is not a public suffix.
...the browser will make a
cookie available to the given domain including any sub-domains, no matter which protocol (http/https) or port is used.
...And 3 more matches
Index - Archive of obsolete content
177
cookies add-ons, code snippets,
cookies, extensions no summary!
...the issue that is commonly overlooked here is that the rss feed could contain some malicious javascript code and it would then execute with the privileges of the extension — meaning that it would get full access to the browser (
cookies, history etc) and to user’s files.
...this includes
cookies, history information, download information, and so forth.
...And 2 more matches
MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
[root@calaz firefox]# cat firefox.cfg //put everything in a try/catch try { //privacy & security defaultpref("signon.remembersignons", false); //proxy and cache, as it is on nfs volume, we don't want cache lockpref("browser.cache.disk.capacity", 0); lockpref("network.
cookie.
cookiebehavior", 0); defaultpref("network.proxy.autoconfig_url", "http://wpad.int-evry.fr/wpad.dat"); defaultpref("network.proxy.type", 2); lockpref("network.protocol-handler.app.mailto", "/usr/bin/thunderbird"); //firefox3 urlclassifier3.sqlite iowait/cpu pb //http://forums.mozillazine.org/viewtopic.php?p=3381133#3381133 defaultpref("browser.safebrowsing.enabled", false); defaultpref("browser.s...
...ter-arith -wcast-align -wno-long-long -pedantic -pthread -pipe c++ gcc version 3.4.3 20050227 (red hat 3.4.3-22.fc3) -fno-rtti -fno-exceptions -wall -wconversion -wpointer-arith -wcast-align -woverloaded-virtual -wsynth -wno-ctor-dtor-privacy -wno-non-virtual-dtor -wno-long-long -pedantic -fshort-wchar -pthread -pipe -i/usr/x11r6/include configure arguments --disable-mailnews --enable-extensions=
cookie,xml-rpc,xmlextras,pref,transformiix,universalchardet,webservices,inspector,gnomevfs,negotiateauth --enable-crypto --disable-composer --enable-single-profile --disable-profilesharing --with-system-jpeg --with-system-zlib --with-system-png --with-pthreads --disable-tests --disable-jsd --disable-installer '--enable-optimize=-os -g -pipe -m32 -march=i386 -mtune=pentium4' --enable-xft --enable-xineram...
...shared ac_add_options --disable-crashreporter the option --disable-crashreporter is necessary if you get compile error at this stage of the build gmake[7]: entering directory `/usr/local/moz2/commsrc/mozilla/toolkit/crashreporter/google-breakpad/src/common/linux' dump_symbols.cc build then start building [root@b008-02 commsrc]# time make -f client.mk build rm -f ../../mozilla/dist/bin/test
cookie if test -f ../../mozilla/dist/bin/testtarray; then cp ../../mozilla/dist/bin/testtarray ../../mozilla/dist/bin/test
cookie; fi; gmake[5]: quittant le répertoire « /usr/local/moz/commsrc/mail/app » gmake[4]: quittant le répertoire « /usr/local/moz/commsrc/mail » gmake[3]: quittant le répertoire « /usr/local/moz/commsrc » gmake[2]: quittant le répertoire « /usr/local...
...And 2 more matches
Client-side storage - Learn web development
old school:
cookies the concept of client-side storage has been around for a long time.
... since the early days of the web, sites have used
cookies to store information to personalize user experience on websites.
... these days, there are easier mechanisms available for storing client-side data, therefore we won't be teaching you how to use
cookies in this article.
...And 2 more matches
Network request details - Firefox Developer Tools
the tabs at the top of this pane enable you to switch between the following pages: headers messages (only for websocket items)
cookies params response cache timings security (only for secure pages) stack trace (only when the request has a stack trace, e.g.
... { "name": "server", "value": "mw1316.eqiad.wmnet" }, { "name": "server-timing", "value": "cache;desc=\"pass\"" }, { "name": "strict-transport-security", "value": "max-age=106384710; includesubdomains; preload" }, { "name": "vary", "value": "accept-encoding,treat-as-untrusted,x-forwarded-proto,
cookie,authorization,x-seven" }, { "name": "via", "value": "1.1 varnish (varnish/5.1), 1.1 varnish (varnish/5.1)" }, { "name": "x-analytics", "value": "ns=-1;special=badtitle;wmf-last-access=11-jun-2019;wmf-last-access-global=11-jun-2019;https=1" }, { "name": "x-cache", "value": "cp1075 pass, cp1075 pass" }, ...
... ] }, "request headers (665 b)": { "headers": [ { "name": "accept", "value": "*/*" }, { "name": "accept-encoding", "value": "gzip, deflate, br" }, { "name": "accept-language", "value": "en-us,en;q=0.5" }, { "name": "connection", "value": "keep-alive" }, { "name": "
cookie", "value": "wmf-last-access=11-jun-2019; wmf-last-access-global=11-jun-2019; mwphp7seed=5c9; geoip=us:ny:port_jervis:41.38:-74.67:v4" }, { "name": "dnt", "value": "1" }, { "name": "host", "value": "en.wikipedia.org" }, { "name": "referer", "value": "https://www.wikipedia.org/" }, { "nam...
...And 2 more matches
Using Fetch - Web APIs
fetch() won't can receive cross-site
cookies; you can’t can establish a cross site session using fetch.
... set-
cookie headers from other sites are silently ignored.
... fetch won’t send
cookies, unless you set the credentials init option.
...And 2 more matches
Request.credentials - Web APIs
the credentials read-only property of the request interface indicates whether the user agent should send
cookies from the other domain in the case of cross-origin requests.
... syntax var mycred = request.credentials; value a requestcredentials dictionary value indicating whether the user agent should send
cookies from the other domain in the case of cross-origin requests.
... possible values are: omit: never send or receive
cookies.
...And 2 more matches
Using the Storage Access API - Web APIs
usage notes the storage access api is designed to allow embedded content to request access to storage that would otherwise be blocked when a user’s browser is set to block all third-party
cookies.
...this is particularly true for document.
cookie access, as browsers will often return an empty
cookie jar when third-party
cookies are blocked.
... accessing a user's
cookies in an embedded cross-origin iframe in this example we show how an embedded cross-origin <iframe> can access a user’s
cookies under a storage access policy that blocks third-party
cookies.
...And 2 more matches
XMLHttpRequest.withCredentials - Web APIs
the xmlhttprequest.withcredentials property is a boolean that indicates whether or not cross-site access-control requests should be made using credentials such as
cookies, authorization headers or tls client certificates.
... in addition, this flag is also used to indicate when
cookies are to be ignored in the response.
...xmlhttprequest from a different domain cannot set
cookie values for their own domain unless withcredentials is set to true before making the request.
...And 2 more matches
net/xhr - Archive of obsolete content
if transmission of
cookies isn't prevented, malicious code could access sensitive data.
... finally, we need to also consider attenuating http/https requests such that they're "sandboxed" and don't communicate potentially sensitive
cookie information.
... functions forceallowthirdparty
cookie(xhr) force relevant
cookies to be sent with this xmlhttprequest even if normally they would not be.
... parameters xhr: xmlhttprequest the xmlhttprequest to allow third-party
cookies for.
Supporting private browsing mode - Archive of obsolete content
this includes
cookies, history information, download information, and so forth.
... when private browsing mode is enabled, temporary, databases are created to be used for
cookies and local storage; these databases are thrown away when private browsing mode is turned off, and the regular databases are re-activated.
... the temporary
cookie and local storage databases start out empty.
... all data related to pages the user has visited, including
cookies and form data.
NPN_GetValueForURL - Archive of obsolete content
« gecko plugin api reference « browser side plug-in api summary provides information to a plugin which is associated with a given url, for example the
cookies or preferred proxy.
... syntax #include <npapi.h> typedef enum { npnurlv
cookie = 501, npnurlvproxy } npnurlvariable; nperror npn_getvalueforurl(npp instance, npnurlvariable variable, const char *url, char **value, uint32_t *len); parameters this function has the following parameters: instance pointer to the current plug-in instance.
... variable selects the type of information to be retrieved (npnurlv
cookie or npnurlvproxy) url the url for which to fetch information.
... when multiple
cookies are returned for a given url, the format of the return value is:
cookie1=value1;
cookie2=value2;
cookie3=value3 len out parameter.
NPN_SetValueForURL - Archive of obsolete content
« gecko plugin api reference « browser side plug-in api summary allows a plugin to change the stored information associated with a url, in particular its
cookies.
... (while the api theoretically allows the preferred proxy for a given url to be changed, doing so does not have much meaning given how proxies are configured, and is not supported.) syntax #include <npapi.h> typedef enum { npnurlv
cookie = 501, npnurlvproxy } npnurlvariable; nperror npn_setvalueforurl(npp instance, npnurlvariable variable, const char *url, const char *value, uint32_t len); parameters this function has the following parameters: instance pointer to the current plug-in instance.
...the only supported type is npnurlv
cookie.
... description this entry point is designed to allow plugins to affect the
cookies sent by the browser back to the server.
Writing JavaScript for XHTML - Archive of obsolete content
problem: my
cookie isn't saved!
...in xml documents there is no document.
cookie.
... that is, you can write something like document.
cookie = "key=value"; in xml as well, but nothing is saved in
cookie storage.
...although this feature is not free of critics, you can use it to bypass the non-existing
cookie, if your document is of type xml.
Server-side web frameworks - Learn web development
the http request may also include information about the current session or user in a client-side
cookie.
...an http get), get or post parameters,
cookie and session data, etc.
...it contains a development server and debugger, and includes support for jinja2 templating, secure
cookies, unit testing, and restful request dispatching.
... a full-stack http and websocket client/server implementation with ipv6, tls, sni, idna, http/socks5 proxy, unix domain socket, comet (long polling), keep-alive, connection pooling, timeout,
cookie, multipart, and gzip compression support.
HTTP logging
press the enter key after each one.: for 64-bit windows: set moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 set moz_log_file=%temp%\log.txt "c:\program files\mozilla firefox\firefox.exe" for 32-bit windows: set moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 set moz_log_file=%temp%\log.txt "c:\program files (x86)\mozilla firefox\firefox.exe" (these instructions assume that you installed firefox to the default location, and that drive c: is your win...
... export moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 export moz_log_file=/tmp/log.txt cd /path/to/firefox ./firefox reproduce the problem you're debugging.
... export moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 export moz_log_file=~/desktop/log.txt cd /applications/firefox.app/contents/macos ./firefox-bin (the instructions assume that you've installed firefox directly into your startup disk's applications folder.
... copy and paste the following line into the "run" command window and then press enter: for 32-bit windows: "c:\program files (x86)\mozilla firefox\firefox.exe" -moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 -moz_log_file=%temp%\log.txt for 64-bit windows: "c:\program files\mozilla firefox\firefox.exe" -moz_log=timestamp,rotate:200,nshttp:5,cache2:5,nssockettransport:5,nshostresolver:5,
cookie:5 -moz_log_file=%temp%\log.txt (these instructions assume that you installed firefox to the default location, and that drive c: is your windows startup disk.
nsIHttpChannelInternal
introduced gecko 1.0 inherits from: nsisupports last changed in gecko 6.0 (firefox 6.0 / thunderbird 6.0 / seamonkey 2.3) method overview void getrequestversion(out unsigned long major, out unsigned long minor); void getresponseversion(out unsigned long major, out unsigned long minor); void httpupgrade(in acstring aprotocolname, in nsihttpupgradelistener alistener); void set
cookie(in string a
cookieheader); void setupfallbackchannel(in string afallbackkey); attributes attribute type description canceled boolean returns true if and only if the channel has been canceled.
... forceallowthirdparty
cookie boolean force relevant
cookies to be sent with this load even if normally they would not be.
...set
cookie() helper method to set a
cookie with a consumer-provided
cookie header, but using the channel's other information (uri's, prompters, date headers and so on.).
... void set
cookie( in string a
cookieheader ); parameters a
cookieheader the
cookie header to be parsed.
Web Console remoting - Firefox Developer Tools
examples: { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "requestheaders", "headers": 10, "headerssize": 425 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "request
cookies", "
cookies": 0 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "requestpostdata", "datasize": 1024, "discardrequestbody": false }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responsestart", "response": { "httpversion": "http/1.1", "status": "304", "statustext": "not modified", "headerssize": 194, ...
... "discardresponsebody": true } }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "eventtimings", "totaltime": 1 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responseheaders", "headers": 6, "headerssize": 194 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "response
cookies", "
cookies": 0 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responsecontent", "mimetype": "text/css", "contentsize": 0, "discardresponsebody": true } actual headers,
cookies, and bodies are not sent.
... ], "headerssize": 350 } the getrequest
cookies packet: { "to": "conn0.netevent15", "type": "getrequest
cookies" } { "from": "conn0.netevent15", "
cookies": [] } the getresponseheaders packet: { "to": "conn0.netevent15", "type": "getresponseheaders" } { "from": "conn0.netevent15", "headers": [ { "name": "date", "value": "mon, 17 sep 2012 20:05:27 gmt" }, ...
... ], "headerssize": 320 } the getresponse
cookies packet: { "to": "conn0.netevent15", "type": "getresponse
cookies" } { "from": "conn0.netevent15", "
cookies": [] } starting with firefox 19: for all of the header and
cookie values in the above packets we use longstringactor grips when the value is very long.
Fetch API - Web APIs
fetch() won't can receive cross-site
cookies; you can’t can establish a cross site session using fetch.
... set-
cookie headers from other sites are silently ignored.
... fetch() won’t send
cookies, unless you set credentials: 'same-origin'.
... if you are targetting older versions of these browsers, be sure to include credentials: 'same-origin' init option on all api requests that may be affected by
cookies/user login state.
An overview of HTTP - HTTP
but while the core of http itself is stateless, http
cookies allow the use of stateful sessions.
... using header extensibility, http
cookies are added to the workflow, allowing session creation on each http request to share the same context, or the same state.
...basic authentication may be provided by http, either using the www-authenticate and similar headers, or by setting a specific session using http
cookies.
... sessions using http
cookies allows you to link requests with the state of the server.
HTTP
http
cookies how
cookies work is defined by rfc 6265.
... when serving an http request, a server can send a set-
cookie http header with the response.
... the client then returns the
cookie's value with every request to the same server in the form of a
cookie request header.
... the
cookie can also be set to expire on a certain date, or restricted to a specific domain and path.
Proxy - JavaScript
// [{ name: 'firefox', type: 'browser' }, { name: 'seamonkey', type: 'browser' }] console.log(products.types); // ['browser', 'mailer'] console.log(products.number); // 3 a complete traps list example now in order to create a complete sample traps list, for didactic purposes, we will try to proxify a non-native object that is particularly suited to this type of operation: the doc
cookies global object created by the "little framework" published on the document.
cookie page.
... /* var doc
cookies = ...
... get the "doc
cookies" object here: https://developer.mozilla.org/docs/dom/document.
cookie#a_little_framework.3a_a_complete_
cookies_reader.2fwriter_with_full_unicode_support */ var doc
cookies = new proxy(doc
cookies, { get: function (otarget, skey) { return otarget[skey] || otarget.getitem(skey) || undefined; }, set: function (otarget, skey, vvalue) { if (skey in otarget) { return false; } return otarget.setitem(skey, vvalue); }, deleteproperty: function (otarget, skey) { if (skey in otarget) { return false; } return otarget.removeitem(skey); }, enumerate: function (otarget, skey) { return otarget.keys(); }, ownkeys: function (otarget, skey) { return otarget.keys(); }, has: function (otarget, skey) { return skey in otarget || otarget.hasitem...
...{ value: vvalue, writable: true, enumerable: true, configurable: false } : undefined; }, }); /*
cookies test */ console.log(doc
cookies.my_
cookie1 = 'first value'); console.log(doc
cookies.getitem('my_
cookie1')); doc
cookies.setitem('my_
cookie1', 'changed value'); console.log(doc
cookies.my_
cookie1); specifications specification ecmascript (ecma-262)the definition of 'proxy' in that specification.
Index - MDN Web Docs Glossary: Definitions of Web-related terms
91
cookie glossary, webmechanics a
cookie is a small piece of information left on a visitor's computer by a website, via a web browser.
... 158 forbidden response header name glossary, http, response, forbidden a forbidden response header name is an http header name (either `set-
cookie` or `set-
cookie2`) that cannot be modified programmatically.
...request headers, like accept, accept-*, or if-* allow to perform conditional requests; others like
cookie, user-agent, or referer precise the context so that the server can tailor the answer.
Blocked: All storage access requests
message firefox:
cookieblockedall=request to access
cookies or storage on “x” was blocked because we are blocking all storage access requests.
... a request to access
cookies or storage was blocked because the browser is blocking all storage access.
... the permission can be changed or removed by: going to preferences > content blocking in the custom content blocking section, selecting a value other than all
cookies for the
cookies item if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to your element.
Blocked: All third-party storage access requests
message firefox:
cookieblockedforeign=request to access
cookies or storage on “x” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.
... a request to access
cookies or storage was blocked because it came from a third-party (a different origin) and content blocking is enabled.
... the permission can be changed or removed by: going to preferences > content blocking and either adding an exception with the manage exceptions… button choosing the custom content blocking and unchecking the
cookies checkbox if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to the relevant element.
Observer Notifications
cookies these topics indicate whenever a
cookie has been changed (added, changed, cleared, or deleted) or its setting rejected by the browser.
... see nsi
cookieservice for details.
... topic description
cookie-changed called upon a
cookie change (added, changed, cleared, or deleted)
cookie-rejected called when the setting of a
cookie was rejected by the browser (per the user's preferences) http-on-response-set-
cookie this is fired only when a
cookie is created due to the presence of set-
cookie header in the response header of any network request.
Mozilla
cookies in mozilla suggestions as to needed documentation can be directed to mike connor.
...
cookies preferences in mozilla these preferences apply to most mozilla products (including firefox and seamonkey), however they are application-specific, so not all of them may apply to you.
... creating sandboxed http connections starting with gecko 1.8.1 (firefox 2), it is possible to create sandboxed http connections which don't affect the user's
cookies.
Index - Firefox Developer Tools
105 storage inspector
cookies, dev tools, firefox, guide, indexeddb, local storage, session storage, storage, tools the storage inspector enables you to inspect various types of storage that a web page can use.
...for each resource, you'll see: 107
cookies
cookies, dev tools, firefox, guide, storage, storage inspector, tools, l10n:priority when you select an origin inside the
cookies storage type from the storage tree, all the
cookies present for that origin will be listed in a table.
... the
cookies table has the following columns: 108 extension storage dev tools, extension storage, firefox, guide, storage, storage inspector, tools, l10n:priority this storage type is only shown when debugging extensions.
Browser storage limits and eviction criteria - Web APIs
we term them "quota clients" in this context: indexeddb asm.js caching cache api
cookies note: in firefox, web storage will soon start to use the same storage management tools too, as described in this document.
...local storage data and
cookies are still stored, but they are ephemeral — the data is deleted when you close the last private browsing window.
...this will only be evicted if the user chooses to (for example, in firefox you can choose to delete all stored data or only stored data from selected origins by going to preferences and using the options under privacy & security >
cookies & site data).
Writing WebSocket servers - Web APIs
this means that you don't have to bloat your server code with
cookie and authentication handlers (for example).
...also, common headers like user-agent, referer,
cookie, or authentication headers might be there as well.
... note: the server can send other headers like set-
cookie, or ask for authentication or redirects via other status codes, before sending the reply handshake.
Web Storage API - Web APIs
the web storage api provides mechanisms by which browsers can store key/value pairs, in a much more intuitive fashion than using
cookies.
... storage limit is larger than a
cookie (at most 5mb).
... note: access to web storage from third-party iframes is denied if the user has disabled third-party
cookies (firefox implements this behaviour from version 43 onwards.) note: web storage is not the same as mozstorage (mozilla's xpcom interfaces to sqlite) or the session store api (an xpcom storage utility for use by extensions).
Link prefetching FAQ - HTTP
privacy implications along with the referral and url-following implications already mentioned above, prefetching will generally cause the
cookies of the prefetched site to be accessed.
... (for example, if you google amazon, the google results page will prefetch www.amazon.com, causing amazon
cookies to be sent back and forth.
... you can block 3rd party
cookies in firefox, see disabling third party
cookies.) what about...?
Source code directories overview - Archive of obsolete content
these include:
cookies, irc, wallet, dom inspector, p3p, schema validation, spellchecker, transformiix, typeaheadfind, javascript debugger, xforms, etc.
... components contains the alerts, autocomplete, command line interface, console,
cookies, download manager, filepicker, history, password manager, typeaheadfind, view source, etc.
jspage - Archive of obsolete content
urn string(b); case false:return"null";}return null;},decode:function(string,secure){if($type(string)!="string"||!string.length){return null;}if(secure&&!(/^[,:{}\[\]0-9.\-+eaeflnr-u \n\r\t]*$/).test(string.replace(/\\./g,"@").replace(/"[^"\\\n\r]*"/g,""))){return null; }return eval("("+string+")");}});native.implement([hash,array,string,number],{tojson:function(){return json.encode(this);}});var
cookie=new class({implements:options,options:{path:false,domain:false,duration:false,secure:false,document:document},initialize:function(b,a){this.key=b; this.setoptions(a);},write:function(b){b=encodeuricomponent(b);if(this.options.domain){b+="; domain="+this.options.domain;}if(this.options.path){b+="; path="+this.options.path; }if(this.options.duration){var a=new date();a.settime(a.gettime()+this.opti...
...ons.duration*24*60*60*1000);b+="; expires="+a.togmtstring();}if(this.options.secure){b+="; secure"; }this.options.document.
cookie=this.key+"="+b;return this;},read:function(){var a=this.options.document.
cookie.match("(?:^|;)\\s*"+this.key.escaperegexp()+"=([^;]*)"); return(a)?decodeuricomponent(a[1]):null;},dispose:function(){new
cookie(this.key,$merge(this.options,{duration:-1})).write("");return this;}});
cookie.write=function(b,c,a){return new
cookie(b,a).write(c); };
cookie.read=function(a){return new
cookie(a).read();};
cookie.dispose=function(b,a){return new
cookie(b,a).dispose();};var swiff=new class({implements:[options],options:{id:null,height:1,width:1,container:null,properties:{},params:{quality:"high",allowscriptaccess:"always",wmode:"transparent",swliveconnect:true},callbacks:{},vars:{...
XUL accessibility guidelines - Archive of obsolete content
for example, under the privacy section of preferences there are three groupboxes captioned: history,
cookies, and private data.
... if the user were to tab to the "exceptions..." button they would hear "
cookies {pause} exceptions {pause} button." the next tab would read "
cookies {pause} keep until {pause} they expire {pause} one of three {pause} combobox." if the screen reader only read the label, then the user would have to guess what the "exceptions" button or the "keep until" combobox was referring to.
NPAPI plugin reference - Archive of obsolete content
npn_getvalueforurl provides information to a plugin which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plugin to change the stored information associated with a url, in particular its
cookies.
Browser Feature Detection - Archive of obsolete content
document.domain true true true document.url true true true document.body true true true document.images true true true document.applets true true true document.links true true true document.forms true true true document.anchors true true true document.
cookie true true true document.open() true true true document.close() true true true document.write() true true true document.writeln() true true true document.getelementbyid() true true true document.getelementsbyname() true true true dom css 1 support for properties/methods in d...
...e: 'title', 'supported': false}, {name: 'referrer', 'supported': false}, {name: 'domain', 'supported': false}, {name: 'url', 'supported': false}, {name: 'body', 'supported': false}, {name: 'images', 'supported': false}, {name: 'applets', 'supported': false}, {name: 'links', 'supported': false}, {name: 'forms', 'supported': false}, {name: 'anchors', 'supported': false}, {name: '
cookie', 'supported': false}, {name: 'open', 'supported': false}, {name: 'close', 'supported': false}, {name: 'write', 'supported': false}, {name: 'writeln', 'supported': false}, {name: 'getelementbyid', 'supported': false}, {name: 'getelementsbyname', 'supported': false} ], 'domcore2': [ {name: 'doctype', 'supported': false}, {name: 'implementation', 'supported': false}, {name: 'do...
Making decisions in your code — conditionals - Learn web development
human beings (and other animals) make decisions all the time that affect their lives, from small ("should i eat one
cookie or two?") to large ("should i stay in my home country and work on my father's farm, or should i move to america and study astrophysics?") conditional statements allow us to represent such decision making in javascript, from the choice that must be made (for example, "one
cookie or two"), to the resulting outcome of those choices (perhaps the outcome of "ate one
cookie" might be "still felt hungr...
...y", and the outcome of "ate two
cookies" might be "felt full, but mom scolded me for eating all the
cookies".) if...else statements let's look at by far the most common type of conditional statement you'll use in javascript — the humble if...else statement.
Introduction to the server side - Learn web development
the request includes a url identifying the affected resource, a method that defines the required action (for example to get, delete, or post the resource), and may include additional information encoded in url parameters (the field-value pairs sent via a query string), as post data (data sent by the http post method), or in associated
cookies.
...this information is an example of session information stored in
cookies.
Embedding API for Accessibility
us (or will give us), for accessibility: functionality implementation works as of images setintpref("network.image.imagebehavior", behavior); /* behavior: 0=accept, 1=accept images from originating server only, 2=no images */ moz 0.8
cookies setintpref("network.
cookie.
cookiebehavior", behavior); /* behavior: 0=accept, 1=accept
cookies from originating server only, 2=no
cookies */ setboolpref("network.
cookie.warnabout
cookies", boolwarn); moz 0.8 fonts setcharpref("font.name.monospace.x-w...
... we have a permissions system for
cookies and images based on url's.
Index
170 storage access policy: block
cookies from trackers privacy, storage access policy, tracking protection firefox includes a new storage access policy that blocks
cookies and other site data from third-party tracking resources.
...the new policy protects against cross-site tracking while minimizing the site breakage associated with traditional
cookie blocking.
Blocked: Storage access requests from trackers
message firefox:
cookieblockedtracker=request to access
cookies or storage on “x” was blocked because it came from a tracker and content blocking is enabled.
... a request to access
cookies or storage was blocked because the browser identified it as coming from a tracker and content blocking is enabled.
Partitioned: All third-party storage access requests
message firefox:
cookiepartitionedforeign=partitioned
cookie or storage access was provided to “<url>” because it is loaded in the third-party context and storage partitioning is enabled.
... a request to access
cookies or storage was partitioned because it came from a third-party (a different origin) and dynamic first-party isolation is enabled.
HTMLIFrameElement.purgeHistory()
it only deletes history, not
cookies or other stored information.
... note: to delete
cookies for a firefox os app, you could call clearbrowserdata() on the actual app itself.
Localization content best practices
as a native english speaker, you might find it natural to use delete-
cookie = delete
cookie delete-
cookies = delete
cookies in firefox this should be # localization note (delete-
cookies): semi-colon list of plural forms.
... # see: http://developer.mozilla.org/en/docs/localization_and_plurals # #1 is the number of
cookies to delete # example: delete-
cookies = delete #1
cookie;delete #1
cookies important: always include the localization note with this format if you use a plural form in firefox.
Localizing with Mozilla Translator
|-- browser-region | `-- region.properties `-- ab-cd |-- alerts | `-- notificationnames.properties |-- autoconfig | `-- autoconfig.properties |--
cookie | |--
cookieacceptdialog.dtd | `--
cookieacceptdialog.properties |-- global | |-- about.dtd | |-- apppicker.dtd .
... but in the cvs and mozilla-central repositories the locale part looks like this: toolkit |-- locales | |-- en-us | | |-- chrome | | | |-- alerts | | | | `-- notificationnames.properties | | | |-- autoconfig | | | | `-- autoconfig.properties | | | |--
cookie | | | | |--
cookieacceptdialog.dtd | | | | `--
cookieacceptdialog.properties | | | |-- global | | | | |-- about.dtd | | | | |-- apppicker.dtd .
Mozilla Web Services Security Model
please do not depend on anything in it being correct for security.) to prevent the browser from being used as a tool for web sites to obtain priveleges that belong to the browser's user (such as being behind a firewall or getting the benefits of the user's
cookies), web browsers restrict what web pages can do when accessing things in other domains.
... allow all services on a site to be accessed from any web page note that this is only a sensible thing to do if nothing on the site serves content based on
cookies, http authentication, ip address / domain origin, or any other method of authentication.
NSS 3.35 release notes
the application is then able to examine application-chosen content from the session tickets, or helloretryrequest
cookie, and decide whether to proceed with the connection.
... for an initial clienthello, an application can control whether nss sends a helloretryrequest, and include application-chosen content in the
cookie.
nsIPermission
the nsipermission interface defines a "permission" object, which is used to allow or block objects (for example
cookies, images) from certain sites based on user preferences.
... type acstring the type of permission:
cookie, image, and so on.
nsIPrivateBrowsingService
in addition, temporary, databases are created to be used for
cookies and local storage; these databases are thrown away when private browsing mode is turned off, and the regular databases are re-activated.
... the temporary
cookie and local storage databases start out empty.
nsISessionStore
note: the returned string does not include
cookies.
... if you need to retrieve
cookies as well, you should use getwindowstate() instead.
nsIWebBrowserPersist
persist_flags_force_allow_
cookies 65536 force relevant
cookies to be sent with this load even if normally they wouldn't be.
...
cookies, permanent cache, etc.) null must only be passed in the event that no such relevant context exists (ie.
Address book sync client design
* a
cookie - hmmm...cooookies!
... */ void onstopauthoperation(in nsresult astatus, in wstring amsg, in string a
cookie); /** * notify the observer that the ab sync operation has begun.
Index
18
cookies in thunderbird
cookies, guide, thunderbird in versions of thunderbird prior to 3 the
cookie policy was very restrictive (to rss only).
... thunderbird 3 uses the gecko
cookie policy with some changes.
Browser Side Plug-in API - Plugins
npn_getvalueforurl provides information to a plug-in which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plug-in to change the stored information associated with a url, in particular its
cookies.
Gecko Plugin API Reference - Plugins
npn_getvalueforurl provides information to a plug-in which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plug-in to change the stored information associated with a url, in particular its
cookies.
Document.lastModified - Web APIs
here is a possible example of how to show an alert message when the page changes (see also: javascript
cookies api): if (date.parse(document.lastmodified) > parsefloat(document.
cookie.replace(/(?:(?:^|.*;)\s*last_modif\s*\=\s*([^;]*).*$)|^.*$/, "$1") || "0")) { document.
cookie = "last_modif=" + date.now() + "; expires=fri, 31 dec 9999 23:59:59 gmt; path=" + location.pathname; alert("this page has changed!"); } …the same example, but skipping the first visit: var nlastvisit = parsefloat(documen...
...t.
cookie.replace(/(?:(?:^|.*;)\s*last_modif\s*\=\s*([^;]*).*$)|^.*$/, "$1")), nlastmodif = date.parse(document.lastmodified); if (isnan(nlastvisit) || nlastmodif > nlastvisit) { document.
cookie = "last_modif=" + date.now() + "; expires=fri, 31 dec 9999 23:59:59 gmt; path=" + location.pathname; if (isfinite(nlastvisit)) { alert("this page has been changed!"); } } note: webkit returns the time string in utc; gecko and internet explorer return a time in the local timezone.
Basic concepts - Web APIs
<iframe> content) can access the indexeddb store for the origin it is embedded into, unless the browser is set to never accept third party
cookies (see bug 1147821.) definitions this section defines and explains terms used in the indexeddb api.
...many browsers have settings that let users wipe all data stored for a given website, including
cookies, bookmarks, stored passwords, and indexeddb data.
XMLHttpRequest() - Web APIs
most important, this means that
cookies will not be sent unless explicitly added using setrequestheader.
...this can't be combined with sending
cookies or other user credentials.
XMLHttpRequest.getAllResponseHeaders() - Web APIs
return value a bytestring representing all of the response's headers (except those whose field name is set-
cookie or set-
cookie2) separated by crlf, or null if no response has been received.
... an example of what a raw header string looks like: date: fri, 08 dec 2017 21:04:30 gmt\r\n content-encoding: gzip\r\n x-content-type-options: nosniff\r\n server: meinheld/0.6.1\r\n x-frame-options: deny\r\n content-type: text/html; charset=utf-8\r\n connection: keep-alive\r\n strict-transport-security: max-age=63072000\r\n vary:
cookie, accept-encoding\r\n content-length: 6502\r\n x-xss-protection: 1; mode=block\r\n each line is terminated by both carriage return and line feed characters (\r\n).
XMLHttpRequest - Web APIs
xmlhttprequest.withcredentials is a boolean that indicates whether or not cross-site access-control requests should be made using credentials such as
cookies or authorization headers.
...if true, the request will be sent without
cookie and authentication headers.
<img>: The Image Embed element - HTML: Hypertext Markup Language
allowed values: anonymous a cors request is sent with credentials omitted (that is, no
cookies, x.509 certificates, or authorization request header).
... use-credentials the cors request is sent with any credentials included (that is,
cookies, x.509 certificates, and the authorization request header).
Evolution of HTTP - HTTP
t-encoding: gzip, deflate, br referer: https://developer.mozilla.org/docs/glossary/simple_header 200 ok connection: keep-alive content-encoding: gzip content-type: text/html; charset=utf-8 date: wed, 20 jul 2016 10:55:30 gmt etag: "547fa7e369ef56031dd3bff2ace9fc0832eb251a" keep-alive: timeout=5, max=1000 last-modified: tue, 19 jul 2016 00:59:33 gmt server: apache transfer-encoding: chunked vary:
cookie, accept-encoding (content) get /static/img/header-background.png http/1.1 host: developer.cdn.mozilla.net user-agent: mozilla/5.0 (macintosh; intel mac os x 10.9; rv:50.0) gecko/20100101 firefox/50.0 accept: */* accept-language: en-us,en;q=0.5 accept-encoding: gzip, deflate, br referer: https://developer.mozilla.org/docs/glossary/simple_header 200 ok age: 9578461 cache-control: public, max-ag...
... the introduction of security-related prefixes in the
cookie header, now helps guarantee a secure
cookie has not been altered.
A typical HTTP session - HTTP
-type: text/html; charset=utf-8 content-length: 55743 connection: keep-alive cache-control: s-maxage=300, public, max-age=0 content-language: en-us date: thu, 06 dec 2018 17:37:18 gmt etag: "2e77ad1dc6ab0b53a2996dfd4653c1c3" server: meinheld/0.6.1 strict-transport-security: max-age=63072000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block vary: accept-encoding,
cookie age: 7 <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>a simple webpage</title> </head> <body> <h1>simple html5 webpage</h1> <p>hello, world!</p> </body> </html> notification that the requested resource has permanently moved: http/1.1 301 moved permanently server: apache/2.4.37 (red hat) content-type: text/html; charset=utf-8 date: thu, 06 dec 2018 17:33:08 gmt ...
...tml; charset=utf-8 content-length: 38217 connection: keep-alive cache-control: no-cache, no-store, must-revalidate, max-age=0 content-language: en-us date: thu, 06 dec 2018 17:35:13 gmt expires: thu, 06 dec 2018 17:35:13 gmt server: meinheld/0.6.1 strict-transport-security: max-age=63072000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block vary: accept-encoding,
cookie x-cache: error from cloudfront <!doctype html...
431 Request Header Fields Too Large - HTTP
this lets users attempt to fix the problem, such as by clearing their
cookies.
... servers will often produce this status if: the referer url is too long there are too many
cookies sent in the request status 431 request header fields too large specifications specification title rfc 6585, section 5: 431 request header fields too large additional http status codes ...
Mixed content - Web security
in the case of passive content, the threat is lower (the page may contain misleading content, or the user's
cookies may be stolen).
...if the webpage is public and has no sensitive data about the user, using mixed active content still provides the attacker with the opportunity to redirect the user to other http pages and steal http
cookies from those sites.
request - Archive of obsolete content
se to be interpreted as latin-1, use overridemimetype: var request = require("sdk/request").request; var quijote = request({ url: "http://www.latin1files.org/quijote.txt", overridemimetype: "text/plain; charset=latin1", oncomplete: function (response) { console.log(response.text); } }); quijote.get(); anonymous boolean if true, the request will be sent without
cookies or authentication headers.
Code snippets - Archive of obsolete content
browser-oriented code tabbed browser code (firefox/seamonkey) basic operations, such as page loading, with the tabbed browser, which is the heart of mozilla's browser applications
cookies reading, writing, modifying, and removing
cookies page loading code used to load pages, reload pages, and listen for page loads interaction between privileged and non-privileged code how to communicate from extensions to websites and vice-versa.
Index of archived content - Archive of obsolete content
ooting unit testing using xpcom without chrome using third-party modules (jpm) bootstrapped extensions code snippets alerts and notifications autocomplete bookmarks boxes canvas code snippets
cookies customizing the download progress bar delayed execution dialogs and prompts downloading files drag & drop embedding svg examples and demos from articles file i/o finding window handles forms related code snippets html in xul for rich tooltips html to dom...
MenuButtons - Archive of obsolete content
<toolbarbutton type="menu" image="
cookies.png"> <menupopup> <menuitem label="block
cookies" type="checkbox"/> <menuitem label="clear
cookies"/> </menupopup> </toolbarbutton> the 'menu-button' button the 'menu-button' type of button is used when you want to attach a menu to a button but want to have a default action carried out when the button is pressed by itself.
Forbidden header name - MDN Web Docs Glossary: Definitions of Web-related terms
forbidden header names start with proxy- or sec-, or are one of the following names: accept-charset accept-encoding access-control-request-headers access-control-request-method connection content-length
cookie cookie2 date dnt expect feature-policy host keep-alive origin proxy- sec- referer te trailer transfer-encoding upgrade via note: the user-agent header is no longer forbidden, as per spec — see forbidden header name list (this was implemented in firefox 43) — it can now be set in a fetch headers object, or via xhr setrequestheader().
Response header - MDN Web Docs Glossary: Definitions of Web-related terms
note that strictly speaking, the content-encoding and content-type headers are entity header: 200 ok access-control-allow-origin: * connection: keep-alive content-encoding: gzip content-type: text/html; charset=utf-8 date: mon, 18 jul 2016 16:06:00 gmt etag: "c561c68d0ba92bbeb8b0f612a9199f722e3a621a" keep-alive: timeout=5, max=997 last-modified: mon, 18 jul 2016 02:36:04 gmt server: apache set-
cookie: mykey=myvalue; expires=mon, 17-jul-2017 16:06:00 gmt; max-age=31449600; path=/; secure transfer-encoding: chunked vary:
cookie, accept-encoding x-backend-server: developer2.webapp.scl3.mozilla.com x-cache-info: not cacheable; meta data too large x-kuma-revision: 1085259 x-frame-options: deny ...
Session Hijacking - MDN Web Docs Glossary: Definitions of Web-related terms
protection against session hijacking create a secure communication channel with ssh (secure shell) pass authentication
cookies over https connection implement logout functionality so the user can end the session generate the session id after successful login pass encrypted data between the users and the web server use a string or long random number as a session key learn more general knowledge session hijacking on wikipedia ...
MDN Web Docs Glossary: Definitions of Web-related terms
character set chrome cia cipher cipher suite ciphertext class client hints closure cms code splitting codec compile compile time computer programming conditional constant constructor continuous media control flow
cookie copyleft cors cors-safelisted request header cors-safelisted response header crawler crlf cross axis cross-site scripting crud cryptanalysis cryptographic hash function cryptography csp csrf css css object model (cssom) css pixel css pre...
Implementing feature detection - Learn web development
if you look at the dom inspector of your browser's developer tools, you'll see that modernizr has updated your <html> class value like so: <html class="js no-htmlimports sizes flash transferables applicationcache blobconstructor blob-constructor
cookies cors ...and loads more values!> it now contains a large number of classes that indicate the support status of different technology features.
Configuring Build Options
some extensions are not compatible with all apps, for example:
cookie is not compatible with thunderbird typeaheadfind is not compatible with any toolkit app (firefox, thunderbird) unless you know which extensions are compatible with which apps, do not use the --enable-extensions option; the build system will automatically select the proper default set of extensions.
Errors
you can find further information about them by clicking on the links below: a request to access
cookies or storage was blocked because of a custom
cookie permission blocked because it came from a tracker and content blocking is enabled blocked because we are blocking all storage access requests blocked because we are blocking all third-party storage access requests and content blocking is enabled granted partitioned access because it came from a third-party and dynamic first-party isolation is enabled ...
Tracking Protection
if tracking
cookies were present, you would be able to view the list by clicking on "blocking tracking
cookies" in the above image to view the following popup: you can click "manage content blocking" to change the blocking settings: how does firefox choose what to block?
Privacy
storage access policy: block
cookies from trackerstracking protection ...
Firefox Operational Information Database: SQLite
in the manager, select the database you want to explore in the '(select profile database)' pulldown, click 'go', select one of the tables listed in the left column and see the current contents of the database in the 'browse & search' tab.) some databases are used by the browser itself, others are used by applications that you have installed or used; for example: content-prefs.sqlite
cookies.sqlite download.sqlite formhistory.sqlite persmissions.sqlite places.sqlite search.sqlite signons.sqlite webappstore.sqlite ...
Browser API
htmliframeelement.purgehistory() clears all the resources (
cookies, localstorage, cache, etc.) associated with the browser <iframe>.
How to add a build-time test
(example to run the test
cookie program) in the test program: if the test fails, exit with a non-zero status and/or print the string "fail" to stdout if the test passes, exit with a zero status and don't print the string "fail" (bonus points for printing "pass" :) ) write the test so that you expect it to pass on all platforms, since if the test fails, the tree will go orange (once we've set this up - see...
Services.jsm
ation shell service blocklist nsiblocklistservice blocklist service cache nsicacheservice cache service cache2 nsicachestorageservice cache storage service clipboard nsiclipboard clipboard console nsiconsoleservice error console service contentprefs nsicontentprefservice content preferences service
cookies nsi
cookiemanager2
cookie manager 2 service cpmm nsimessagesender child process message manager4 crashmanager crashmanager.jsm dirsvc nsidirectoryservice nsiproperties directory service domstoragemanager nsidomstoragemanager dom storage manager domrequest nsidomrequestservice domrequest service downloa...
Patching a Localization
if you do not have these tools, take a few steps back, grab a
cookie (because, let's face it, you deserve it for all of your work), and visit the l10n prerequisites page.
JS::CompileOptions
this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's
cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
JSErrorReport
this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's
cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
JS_NewGlobalObject
it's unfortunately on the clunky side, but that's the way the
cookie crumbles.
Creating XPCOM components
om the xpcom solution gecko components interfaces interfaces and encapsulation the nsisupports base interface xpcom identifiers cid contract id factories xpidl and type libraries xpcom services xpcom types method types reference counting status codes variable mappings common xpcom error codes using xpcom components component examples
cookie manager the webbrowserfind component the weblock component component use in mozilla finding mozilla components using xpcom components in your cpp xpconnect: using xpcom components from script component internals creating components in cpp xpcom initialization xpcom registry manifests registration methods in xpcom autoregistration the shutdown process three p...
mozIThirdPartyUtil
this is done as follows: if achannel is an nsihttpchannel and has the 'forceallowthirdparty
cookie' property set, then: if auri is null, return false.
getFile
dir "tmpls" ns_win_common_startmenu_dir "cmstrt" ns_win_common_programs_dir "cmprgs" ns_win_common_startup_dir "cmstrt" ns_win_common_desktop_directory "cmdeskp" ns_win_appdata_dir "appdata" ns_win_local_appdata_dir "localappdata" ns_win_printhood "prnthd" ns_win_
cookies_dir "cookd" available on unix only these locations are supported only on unix builds of firefox os.
nsIDocShell
internal_load_flags_force_allow_
cookies 0x20 used to indicate that load_flags_force_allow_
cookies was passed as one of the flags to loaduri().
nsIEffectiveTLDService
cookie setting and domain highlighting, but you should check whether it's the right answer for your application.
nsIMacDockSupport
1.0 66 introduced gecko 2.0 inherits from: nsimacdocksupport last changed in gecko 11.0 (firefox 11.0 / thunderbird 11.0 / seamonkey 2.8) implemented by: @mozilla.org/
cookie-monster;1.
nsIPermissionManager
the nsipermissionmanager interface is used to persistently store permissions for different object types (
cookies, images, and so on) on a site-by-site basis.
nsIPropertyBag
goodies obtained from window.navigator are: appcodename:"mozilla" appname:"netscape" appversion:"5.0 (windows)" battery:batterymanager buildid:"20140529161749"
cookieenabled:true donottrack:"yes" geolocation:geolocation language:"en-us" mimetypes:mimetypearray mozalarms:null mozapps:xpcwrappednative_nohelper mozcameras:cameramanager mozconnection:mozconnection mozcontacts:contactmanager mozid:null mozkeyboard:xpcwrappednative_nohelper mozpay:null mozpermissionsettings:null mozphonenumberservice:phonenumberservice mozpower:mozpowermanager moztcpsocket:null onli...
nsIRequest
this means that things like authorization tokens or
cookie headers should not be added.
nsIScriptableIO
for example: io.getfile("profile", "
cookies.txt"); from an xpcom component, however, you will need to get a reference as with other components: var scriptableio = components.classes["@mozilla.org/io/scriptable-io;1"] .getservice(); scriptableio.getfile("profile", "
cookies.txt"); method overview nsifile getfile(in astring alocation, in astring afilename); nsifile getfilewithpath...
nsIXMLHttpRequest
for instance, as done in example 2, the flag of load_anonymous is added, this strips all user data (
cookies, tokens, etc).
XPCOM Interface Reference
ompositionstringsynthesizernsiconsolelistenernsiconsolemessagensiconsoleservicensicontainerboxobjectnsicontentframemessagemanagernsicontentprefnsicontentprefcallback2nsicontentprefobservernsicontentprefservicensicontentprefservice2nsicontentsecuritypolicynsicontentsniffernsicontentviewnsicontentviewmanagernsicontentviewernsicontrollernsicontrollersnsiconverterinputstreamnsiconverteroutputstreamnsi
cookiensi
cookie2nsi
cookieacceptdialognsi
cookieconsentnsi
cookiemanagernsi
cookiemanager2nsi
cookiepermissionnsi
cookiepromptservicensi
cookieservicensi
cookiestoragensicrashreporternsicryptohmacnsicryptohashnsicurrentcharsetlistenernsicyclecollectorlistenernsidbchangelistenernsidbfolderinfonsidnslistenernsidnsrecordnsidnsrequestnsidnsservicensidomcanvasrenderingcontext2dnsidomchromewindownsidomclientrectnsido...
XPCOM Interface Reference by grouping
nsiprotocolproxycallback nsiprotocolproxyfilter nsiprotocolproxyservice nsiproxyinfo preferences nsiiniparser nsiiniparserfactory nsiprefbranch nsiprefbranch2 nsipreflocalizedstring nsiprefservice nsistringbundle nsistringbundleservice security
cookies nsi
cookie nsi
cookie2 nsi
cookieacceptdialog nsi
cookieconsent nsi
cookiemanager nsi
cookiemanager2 nsi
cookiepermission nsi
cookiepromptservice nsi
cookieservice nsi
cookiestorage nsisessionstore crypto nsicryptohash ...
XPCOM reference
in a big change from the original nsiabcard, properties are now stored in a hash table instead of as attributes on the interface, allowing it to be more flexible.nsi
cookie2 mozilla 1 8 branchnsimsgsearchvaluedefined in comm-central/ mailnews/ base/ search/ public/ nsimsgsearchvalue.idl nsmsgmessageflagsthe nsmsgmessageflags interface describes possible flags for messages.
Firefox Developer Tools
storage inspector inspect
cookies, local storage, indexeddb, and session storage present in a page.
Cache - Web APIs
console.error(' error in fetch handler:', error); throw error; }); }) ); }); storing
cookies in caches the fetch api requires set-
cookie headers to be stripped before returning a response object from fetch().
Document.requestStorageAccess() - Web APIs
grant the document access to
cookies and other site storage and store that fact for the purposes of future calls to document.hasstorageaccess() and requeststorageaccess().
Document - Web APIs
document.
cookie returns a semicolon-separated list of the
cookies for that document or sets a single
cookie.
The HTML DOM API - Web APIs
among the things added to document by the html standard are: support for accessing various information provided by the http headers when loading the page, such as the location from which the document was loaded,
cookies, modification date, referring site, and so forth.
Using IndexedDB - Web APIs
<iframe> content) cannot access indexeddb if the browser is set to never accept third party
cookies (see bug 1147821.) warning about browser shutdown when the browser shuts down (because the user chose the quit or exit option), the disk containing the database is removed unexpectedly, or permissions are lost to the database store, the following things happen: each transaction on every affected database (or all open databases, in the case of browser shutdown) is aborted with an aborterror.
MediaDeviceInfo - Web APIs
it is reset when the user clears
cookies (for private browsing, a different identifier is used that is not persisted across sessions).
Navigator.sendBeacon() - Web APIs
window.addeventlistener("unload", function logdata() { navigator.sendbeacon("/log", analyticsdata); }); the beacon sends an http request via the post method, with all relevant
cookies available when called.
Navigator - Web APIs
navigator.
cookieenabled read only returns false if setting a
cookie will be ignored and true otherwise.
NavigatorStorage - Web APIs
there are many apis which provide ways for web content to store data on a user's computer, including
cookies, the web storage api (window.localstorage and window.sessionstorage), and indexeddb.
ParentNode.replaceChildren() - Web APIs
this html might look something like this: <h2>party food option list</h2> <main> <div> <label for="no">no thanks!</label> <select id="no" multiple size="10"> <option>apples</option> <option>oranges</option> <option>grapes</option> <option>bananas</option> <option>kiwi fruits</option> <option>chocolate
cookies</option> <option>peanut
cookies</option> <option>chocolate bars</option> <option>ham sandwiches</option> <option>cheese sandwiches</option> <option>falafel sandwiches</option> <option>ice cream</option> <option>jelly</option> <option>carrot sticks and houmous</option> <option>margherita pizza</option> <option>pepperoni pizza</option> ...
RTCDataChannel: error event - Web APIs
examples // strings for each of the sctp cause codes found in rfc // 4960, section 3.3.10: // https://tools.ietf.org/html/rfc4960#section-3.3.10 const sctpcausecodes = [ "no sctp error", "invalid stream identifier", "missing mandatory parameter", "stale
cookie error", "sender is out of resource (i.e., memory)", "unable to resolve address", "unrecognized sctp chunk type received", "invalid mandatory parameter", "unrecognized parameters", "no user data (sctp data chunk has no data)", "
cookie received while shutting down", "restart of an association with new addresses", "user-initiated abort", "protocol violation" ]; dc.addeventlisten...
Response.type - Web APIs
it can be one of the following: basic: normal, same origin response, with all headers exposed except “set-
cookie” and “set-
cookie2″.
Web Authentication API - Web APIs
this is outside the scope of the web authentication api specification, but one option would be to drop a new
cookie for the user session.
Window.open() - Web APIs
this function is the lonely key to get back the handle on a window if the developer has access only to its name (the name can be saved with
cookies or local storage but not the window object handle).
Window.sessionStorage - Web APIs
opening a page in a new tab or window creates a new session with the value of the top-level browsing context, which differs from how session
cookies work.
HTML attribute: crossorigin - HTML: Hypertext Markup Language
the "anonymous" keyword means that there will be no exchange of user credentials via
cookies, client-side ssl certificates or http authentication as described in the terminology section of the cors specification, unless it is in the same origin.
<figure>: The Figure with Optional Caption element - HTML: Hypertext Markup Language
iful mdn logo."> <figcaption>mdn logo</figcaption> </figure> code snippets <figure> <figcaption>get browser details using <code>navigator</code>.</figcaption> <pre> function navigatorexample() { var txt; txt = "browser codename: " + navigator.appcodename + "; "; txt+= "browser name: " + navigator.appname + "; "; txt+= "browser version: " + navigator.appversion + "; "; txt+= "
cookies enabled: " + navigator.
cookieenabled + "; "; txt+= "platform: " + navigator.platform + "; "; txt+= "user-agent header: " + navigator.useragent + "; "; console.log("navigatorexample", txt); } </pre> </figure> quotations <figure> <figcaption><cite>edsger dijkstra:</cite></figcaption> <blockquote>if debugging is the process of removing software bugs, then programming must be th...
Content Security Policy (CSP) - HTTP
a complete data transmission security strategy includes not only enforcing https for data transfer, but also marking all
cookies with the secure attribute and providing automatic redirects from http pages to their https counterparts.
Access-Control-Allow-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Access-Control-Allow-Methods - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Access-Control-Expose-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Trailer - HTTP
these header fields are disallowed: message framing headers (e.g., transfer-encoding and content-length), routing headers (e.g., host), request modifiers (e.g., controls and conditionals, like cache-control, max-forwards, or te), authentication headers (e.g., authorization or set-
cookie), or content-encoding, content-type, content-range, and trailer itself.
Redirections in HTTP - HTTP
…while chrome displays: this webpage has a redirect loop in both cases, the user can't do much (unless a corruption is happening on their side, like a mismatch of cache or
cookies).
HTTP resources and specifications - HTTP
rfc 7234 hypertext transfer protocol (http/1.1): caching proposed standard rfc 5861 http cache-control extensions for stale content informational rfc 8246 http immutable responses proposed standard rfc 7235 hypertext transfer protocol (http/1.1): authentication proposed standard rfc 6265 http state management mechanism defines
cookies proposed standard draft spec
cookie prefixes ietf draft draft spec same-site
cookies ietf draft draft spec deprecate modification of 'secure'
cookies from non-secure origins ietf draft rfc 2145 use and interpretation of http version numbers informational rfc 6585 additional http status codes proposed standard ...
Privacy, permissions, and information security
ocument in the frame should be allowed to access http public key pinning (hpkp) hpkp is used by servers to instruct a client to associate a specific public key with the server going forward in order to decrease the likelihood of man-in-the-middle attacks http strict transport security (hsts) hsts is used by servers to let them protect themselves from protocol downgrade and
cookie hijack attacks by letting sites tell clients that they can only use https to communicate with the server http/2 while http/2 technically does not have to use encryption, most browser developers are only supporting it when used with https, so it can be thought of in that regard as being security-related permissions api provides a way to determine the status of permissions f...
Subdomain takeovers - Web security
if an attacker can do this, they can potentially read
cookies set from the main domain, perform cross-site scripting, or circumvent content security policies, thereby enabling them to capture protected information (including logins) or send malicious content to unsuspecting users.
Web security
redirection with 301 and 302 response codes to be written data security using http
cookies an http
cookie (web
cookie, browser
cookie) is a small piece of data that a server sends to the user's web browser.