New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NOTICE: v96 CHANGE YOUR SITE PERMISSIONS [AF disables FPI for ETP Strict] #1281
Comments
Migrating is not as simple as changing prefs. Permissions for FPI are keyed with OA's (origin attributes) and are incompatible, you can read more in Bugzilla 1649876. Cookies are also keyed. Here are some screenshots permission exceptions
Here's how I am migrating
That's it. Permissions
Cookies (and site data)
|
Hi, I have 2 questions relating to this change 1: just to clarify how best to convert from FPI to dFPI a) what prefs should be removed/reset that was previously set for FPI? what should now be set instead? b) what is the override recipe is meant to override, is it to make it emulate FPI's old behaviour (being more strict)? 2: firefox also has another "protection" feature, site isolation, that was introduced into stable relatively recently and can be enabled with how does the change in FPI interact with site isolation? do you have any recommendations/comments about this? thanks! |
you update to arkenfox v96 and run prefsCleaner
it will be obsolete: it was for those who want to flip from FPI to dFPI before updating to arkenfox v96. it is not to emulate FPI, it is to change FROM fpi to dFPI
you are mixing fission (site isolation = processes) up with state partitioning (network partitioning + Total Cookie Protection (also known as dFPI) processes vs state |
Is it recommended to use v95 on FF v96(.0.1) or is it better to wait for v96 Arkenfox? |
use the live master which is basically 96 final |
Thanks for the fast answer! |
How to add per-container cookie exception? |
use Ctrl-I |
I have something set incorrectly or it does not work. Ctrl+i does not seem to be aware about container concept - config set inside container is visible outside. Trying to set exception manually (with
|
but have containers ever needed a contextid syntax before? I just opened a site in a container and added exceptions for cookies and location, and it just adds things like normal are you saying that it's not respecting exceptions? |
I have to scoot for now (people to do and things to see) .. but assuming there is an issue, is it in here? |
I was using CAD to keep google cookies in "gmail" container and clean them everywhere else. You are recommending to ditch CAD in favor of browser native cleaning. I'm just trying to convert my setup. |
OT: https://bugzilla.mozilla.org/show_bug.cgi?id=1681701#c1 - looks like lifetime cookie is close to being nixed
Are you using MAC, because that can cause differences in testing - not saying that is the case here, but something to keep in mind. If it's a cross-domain login you probably need to add both domains AFAIK This is a bit "messy": containers and a cross-domain login flow with dFPI. Can we start with something simple like github and some steps to reproduce
restarted
I still only have the one |
so contextID syntax is not needed - I think your problem is you need to add both domains: gmail and google |
So what if I want keep cookies for personal GitHub account in container and clear them for other/test accounts without container? |
How did you before? You couldn't - it was only because we used FPI which required syntax so it was not the same key. This is clearly a long standing limitation of containers and sanitizing. Must be a bugzilla floating around somewhere In the meantime, if you're going to be doing that (multiple accounts/testing/other containers/no-container) where you want to keep one and delete all the rest, then you'll need to work around it, probably with an extension. IDK what's out there since I never use these, but I'm guessing you can still use delete cookies and site data on close (currently cookie behavior pref), add exceptions to keep (e.g. github) and then in TC or CAD just add rules for github to suit? |
Did you solve your issue with gmail? |
By reinstalling CAD. |
In v96 arkenfox will be moving to Total Cookie Protection (also known as dFPI or dynamic FPI)
You can read more about it in #1051 , but essentially FPI is no longer maintained. Also read the next post on how to migrate your permissions etc
To clarify
dFPI/network partitioning
network partitioning is already enabled by default (when FPI is not used), so this change is focused on Total Cookie Protection
There is already an override recipe for this: which I will repeat here, but it's not as simple as just changing prefs (see next post)
🔻 FF87+ : use ETP Strict mode
The text was updated successfully, but these errors were encountered: