Opened 4 years ago

Closed 4 years ago

#20754 closed defect (duplicate) and aren't obeying first-party isolation

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: ctang@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Discovered by Cynthia Tang of the Mozilla QA team.

Here is the Firefox Bug:

Child Tickets

Attachments (1)

gmail_redirects.png (191.8 KB) - added by arthuredelstein 4 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 4 years ago by arthuredelstein

(This issue is seen in both Firefox and Tor Browser.)

Changed 4 years ago by arthuredelstein

Attachment: gmail_redirects.png added

comment:2 Changed 4 years ago by arthuredelstein

When I log into gmail, I can see with the Network Monitor that several 302 redirects occur before we finally reach a 200 response at One of these redirects is at, and it includes a Set-Cookie header:

It's clear that 302 redirects are Google's way of ensuring that when you log into gmail, you are also logged into youtube.

This clearly looks like another case of #14085.

comment:3 Changed 4 years ago by gk

Resolution: duplicate
Status: newclosed

Yes. And actually #3600 is the canonical bug. Closing this as duplicate of #14085 for now.

Note: See TracTickets for help on using tickets.