All geek questions in one place

Does disabling third-party cookies also disable cookies created by third-party javascript?

When a page includes third-party javascript (via <script src=... ) and that javascript then sets a cookie, this cookie becomes "first", although it was originally set by a third-party source.

My question is that. If someone has disabled third-party cookies in their browser, does this also apply to cookies set by third-party javascript? Or does it only block cookies, which are explicitly indicated in the headers for requests to a third-party domain?

And anyway, all browsers handle it the same way or make some javascript cookies, but others allow it?

+4
source share
2 answers

I just thought I was updating this after further testing, in case anyone would meet him later.

I tested Firefox 3.6, MSIE 7, Safari 4, Chrome 4 and Opera 10, and all of them actually support the creation of cookies through third-party javascript, even if third-party cookies are disabled. I conclude this because cookies are created for the first domain domain, so browsers see them as the first cookies, although they are created by a script from a third-party source.

These are only cookies created by third-party request headers that are rejected when this feature is enabled.

+5
source

I believe that most browsers do not distinguish cookies for the domain specified in the HTTP headers, and not for those set by javascript when it comes to enabling / disabling them using user settings. Of course, there MAY be exceptions - there are no technical reasons preventing someone from expanding the browser so that they have different cookie rules based on where the cookie was created, but I don’t know about it.

EDIT: I think I initially misunderstood your question - I thought you were asking for the difference between cookies set via HTTP headers and cookies set through javascript. Rather, you ask if a cookie set by javascript that is hosted in another domain is considered a third-party cookie against a cookie that is set by javascript that is directly embedded in the page or hosted in the same domain? If so, I believe the answer is no (that is, they are treated as third-party cookies). Regardless of the source domain in which the js file is located, it runs in the context of the web page that includes it, therefore it is considered to be third-party.

0
source

Source: https://habr.com/ru/post/1305818/

More articles:


All Articles