Opened 3 years ago

Last modified 16 months ago

#3546 assigned enhancement

Disabling Third party cookies breaks some REcaptcha-using sites

Reported by: mikeperry Owned by: mikeperry
Priority: normal Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation Version:
Keywords: Cc: g.koppen@…
Actual Points: Parent ID:
Points: 4

Description

We've had several anecdotal reports that our TBB default of disabling 3rd party cookies breaks REcaptcha on some sites.

It turns out there is a way to do REcaptcha without 3rd party cookies, but it is not the default mode. For example, drupal pre-6.x uses the 3rd-party cookie mechanism: http://drupal.org/node/1168740

So, do we give up? Do we enable third party cookies? I think so, but perhaps we can convince Mozilla to update the patch for #3246 for us first, so we can try it out.

If nothing happens on the Mozilla front, we should re-enable 3rd party cookies completely for TBB 2.2.x-stable and just rely on #523.

Child Tickets

TicketTypeStatusOwnerSummary
#3676taskclosedmikeperryTest Priv3 w/ Recaptcha + DisQus

Change History (7)

comment:1 Changed 3 years ago by mikeperry

We may be able to hack http://priv3.icsi.berkeley.edu/ to allow recaptcha to work.. We still need a test site though..

comment:2 Changed 3 years ago by mikeperry

  • Owner changed from erinn to mikeperry
  • Points set to 4
  • Status changed from new to assigned

comment:3 Changed 3 years ago by mikeperry

The DisQus commenting system also requires 3rd party cookies. Perhaps we can also craft a priv3 policy for it?

Example link (and interesting reading, esp the comments): http://www.docpop.org/2011/07/trapped-in-the-googlehole/

comment:4 Changed 3 years ago by mikeperry

  • Type changed from defect to enhancement

comment:5 Changed 3 years ago by mikeperry

  • Priority changed from major to normal

comment:6 Changed 3 years ago by gk

  • Cc g.koppen@… added

comment:7 in reply to: ↑ description Changed 16 months ago by arma

Replying to mikeperry:

If nothing happens on the Mozilla front, we should re-enable 3rd party cookies completely for TBB 2.2.x-stable and just rely on #523.

Mike, it looks like we didn't go this route?

Or did we, and just not close the ticket?

Note: See TracTickets for help on using tickets.