Hacker News new | past | comments | ask | show | jobs | submit login

Ive been using it since Firefox 58, where they fixed a bug that broke cookie-whitelisting.

Ive been pretty happy. The only website where it really is a problem is Playstation Network, but I have an addon that disables FPI when I really need to temporarily.




How can you tell it works? I've been trying now 5 times to enable it, and testing if it works. If I understand correctly, if I log in to gmail.com (mail.google.com), google.com should be logged in, but google.dk and youtube.com shouldn't since First-Party Isolation should be isolating them, but no matter how hard I try, it doesn't work. If I log in to mail.google.com, I get logged into youtube.com, google.com and google.dk.

Am I misunderstanding how it is supposed to work?

I've tried completely uninstalling firefox 5 times now - including wiping the profile from my machine - but the same thing keeps happening.


Cooperating websites can subvert first-party isolation by redirecting the top level page through multiple first-party domains (with an ID in the URL). And Google does exactly that when you login. How to properly prevent it is still an open question:

https://bugzilla.mozilla.org/show_bug.cgi?id=1319839




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: