Disgusting Little Urchins
Is there a way for me to filter a cookie based upon a regex matched against the cookie name, for each webpage, without the "Do you want to allow this site to set this cookie?"-window popping up? For instance, say I never wanted cookies with /^__utm\w+$/ to be set, even if I wanted other cookies from a site set?
A bit of Googling netted me this Netlib documentation, but seeing as it's dated 1998, I have little faith that it was even ever implemented.* (If I'm remembering the last time I looked at this correctly, I'm pretty sure I even did a quick LXR search on that pref name, too...)
An extension would be fine too... and I think I even searched for one too, but... alas, I came up with nothing.
Any pointers?
*No, I didn't bother trying this yet, since the effort to ask the LazyWeb is much lower than the effort that will be required to bang my head against the wall when it doesn't work. I figure that's precious time I could be spending fixing a Tinderbox... or something. ;-)
Comments
I've been searching for something similar. I don't need anything as fancy as regex, just simple wildcard matching. Eg, I'd like to block all cookies from:
http://*.badhost.com/
where * matches any subdomain name. Anyone know of a way to do this?
Thanks.
Posted by: nitro322 | September 5, 2006 7:31 PM
Me too, except I'd like to accept all cookies from certain domains, i.e. *.livejournal.com (this, to deal with their stupid solution to deal with their contined inability to scrub stuff).
Posted by: Preed | September 5, 2006 7:42 PM
nope, it doesn't look like the pref
is there any longer, but is replaced by the cookie permission service method CanSetCookie that can be set to block all cookies for a particular domain (tools / options / privacy / cookies - exceptions). enter in the parent domain, choose block, and voila.Posted by: justo | September 5, 2006 11:32 PM
But that is not nearly as useful as being able to write custom javascript code that can programmatically allow/deny cookies.
Am I missing something, or does this just allow/disallow domains? I know for a fact that putting in *.livejournal.com and clicking allow (for instance) does not work.
Posted by: Preed | September 5, 2006 11:52 PM
no... definitely not as useful as having a javascript callback.
the cookie extension code doesn't understand regex (and there aren't any extensions that do for cookies), but if you wanted to allow all subdomains, leave out the *. and use only the parent domain "livejournal.com" for an "allow" -- then it and all subdomains will be allowed. the code to check the cookie host walks up the domain tree.
Posted by: justo | September 6, 2006 12:06 AM
Oh, god, I hate those cookies. When I have Adblock Plus installed, I block |http://www.google-analytics.com/, |https://ssl.google-analytics.com/ and */__utm.js|, which blocks almost all of the Urchin scripts, so I can't get the cookies.
I've now taken to disabling cookies except on domains that I need them, and now that the list is so small, it only takes 30 seconds to go through and delete junk. You just have to put "utm" in the filter box and hold the delete button to get rid of them. ;)
Posted by: Matt Nordhoff | September 6, 2006 4:50 AM
That being said, a feature to block or allow cookies based on their name instead of just domain would be really great. There are all of those pointless 'CP' cookies, and different advertising cookies I don't need, and websites like the New York Times where I only need one cookie to stay logged in (NYT-S), but it sets a dozen others. Blah.
Posted by: Matt Nordhoff | September 6, 2006 4:57 AM
That would be great.
What would also be great would be some way to write rules specifying how to send referer headers (e.g. whether to send them internally for a site, between sites, for certain sites, etc, with default and exceptions). I've been meaning to try and write such an extension, but I don't know where to start.
Also site-specific JavaScript options would be useful. I don't want websites to replace the right-click menu in general, but a few I do.
Also, a "don't do anything to this domain" setting would be good, such that no custom settings (and extensions should be asked to reference this too) happen when browsing a certain site. Useful for online banking.
Posted by: Ian | September 6, 2006 12:53 PM
Jud's documentation describes the original "netlib" from Netscape 4/5. This was replaced by the "Necko" re-write (this is why we have "mozilla/netwerk" -- it's not that we can't spell, "network" was already in use).
Posted by: Daniel Veditz | September 8, 2006 3:13 PM
See https://bugzilla.mozilla.org/show_bug.cgi?id=375442 for a bug on this issue.
-Seth
Posted by: Seth Spitzer | March 26, 2007 10:48 AM