Brave-browser: Chrome/Firefox importers should not import cookies
Currently, we appear to be importing all Chrome cookies into Brave when a user chooses to import cookies (presumably the same is true for Firefox and any other browsers we import from).
To avoid importing any tracking cookies, we should:
- avoid importing cookies that were set in a third-party context
- impose a 6-month limit to any cookies we import (to match the limit we impose on new cookies)
I'm not sure whether there's a way to tell third-party cookies or not, but a larger question (for @tomlowenthal) is: should we import cookies at all?
Importing legitimate login cookies does reduce the friction involved in migrating to a new browser, but perhaps migrating saved passwords is good enough to reduce the pain of having to relogin.
fmarier
All 5 comments
I don't think we need to import cookies. Let's just drop that.
tomlowenthal
on 21 Nov 2019
@tomlowenthal I assume we should still import cookies from Brave profiles?
iefremov
on 3 Dec 2019
Updated title, per https://github.com/brave/brave-core/pull/4121#issuecomment-563394176
bsclifton
on 9 Dec 2019
Bumping up to P2 after recent conversations with @BrendanEich
bsclifton
on 12 Dec 2019
Verified passed with
Brave | 1.1.22 Chromium: 79.0.3945.79聽(Official Build)聽(64-bit)
-- | --
Revision | 29f75ce3f42b007bd80361b0dfcfee3a13ff90b8-refs/branch-heads/3945@{#916}
OS | macOS Version 10.13.6 (Build 17G5019)
- Verified importing from Firefox and Chrome via brave://welcome flow does not import cookies
- Verified cookie DB is empty after importing from Firefox and Chrome.
- Verified importing from Firefox via brave://welcome flow does import History and Bookmarks. Passwords, Search Engine and Autofill are not imported - see logged issue https://github.com/brave/brave-browser/issues/2198
- Verified importing from Chrome via brave://welcome flow does import History, Bookmarks, and Passwords as expected.
- Verified importing from Firefox and Chrome via brave://settings/importData does not import cookies
- Verified cookie DB is empty after importing from Firefox and Chrome.
- Verified importing from Firefox via brave://settings/importData does import History and Bookmarks. Passwords, Search Engine and Autofill are not imported - see logged issue https://github.com/brave/brave-browser/issues/2198
- Verified importing from Chrome via brave://settings/importData does import History, Bookmarks, and Passwords as expected.
- Verified importing from Safari and Bookmarks HTML file imports Bookmarks as expected on brave://settings/importData.
Verified there is no checkbox to import Cookies when importing from Firefox or Chrome on brave://settings/importData
Cookies can still be imported via Brave (old), but this will be removed with https://github.com/brave/brave-browser/issues/7403
Verification passed on
Brave | 1.1.22 Chromium: 79.0.3945.79聽(Official Build)聽(64-bit)
-- | --
Revision | 29f75ce3f42b007bd80361b0dfcfee3a13ff90b8-refs/branch-heads/3945@{#916}
OS | Linux
- Verified importing from
brave://welcomedoesn't import any cookies from FF/Chrome - Verified importing from
brave://settings/importDatadoesn't show cookies option for Firefox
- Verified importing from
brave://settings/importDatadoesn't show cookies option for Chrome
- Verified importing data from Firefox or Chrome manually doesn't import any cookies
- Verified setting a first-party cookie on FF/Chrome and importing data doesn't import the first party cookie to Brave
- Verified setting a third-party cookie on FF/Chrome via Google login doesn't import the cookie or session into Brave
- Verified Cookie database is empty after data is imported from FF/Chrome
- Verified import fails if FF/Chrome window is still open when trying to import browser data
- Verified passwords are successfully imported but sessions are not when importing data from Chrome
- Verified browser history is imported and shows up in URL suggestions after data is imported from FF/Chrome
Verification PASSED on Win 10 x64 using the following build:
Brave | 1.1.22 Chromium: 79.0.3945.79 (Official Build) (64-bit)
--- | ---
Revision | 29f75ce3f42b007bd80361b0dfcfee3a13ff90b8-refs/branch-heads/3945@{#916}
OS | Windows 10 OS Version 1909 (Build 18363.535)
- ensured that the
To finish importing, close all Chrome windowsmodal is being displayed when importing viabrave://welcome&brave://settings/importDatawhile Chrome is opened - ensured that the
To finish importing, close all Firefox windowsmodal is being displayed when importing viabrave://welcome&brave://settings/importDatawhile Chrome is opened - ensured that
\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cookieswas empty after importing from Chrome and Firefox - ensured bookmarks, passwords and history are being imported without any issues on both Firefox and Chrome via
brave://welcome&brave://settings/importData - ensured that the imported passwords can be auto-filled on the appropriate websites
- ensures sessions are not being restored as the cookies are being cleared
LaurenWags
on 16 Dec 2019
Related issues
moritzhaller
路
3Comments
GeetaSarvadnya
路
3Comments
bsclifton
路
3Comments
kjozwiak
路
3Comments
traffisco
路
3Comments
Most helpful comment
I don't think we need to import cookies. Let's just drop that.