Https-everywhere: "nsICookieManager.remove()" has been changed, passing of correct originAttributes is now needed

Created on 24 Jul 2016 · 9Comments · Source: EFForg/https-everywhere

I am running Ubuntu GNOME 16.04 with GNOME 3.20, Firefox 47 and the latest stable version of HTTPS Everywhere made available. I was looking through my Firefox log today and found this message which I thought I should report:

bug firefox

Source

ghost

Most helpful comment

It actively spams the browser console, very annoying. Could somebody merge that PR please?

Forkest on 9 Feb 2017

👍2

All 9 comments

If you can turn off signing verification, then changing lines 164 and 165 from
cookieManager.remove(c.host, c.name, c.path, false); cookieManager.add(c.host, c.path, c.name, c.value, true, c.isHTTPOnly, c.isSession, expiry);
to
cookieManager.remove(c.host, c.name, c.path, false, c.originAttributes); cookieManager.add(c.host, c.path, c.name, c.value, true, c.isHTTPOnly, c.isSession, expiry, c.originAttributes);
in [email protected]/chrome/content/code/HTTPS.js will solve your problem

Vednier on 28 Jul 2016

Do you have an example website that triggers the warning? I assume it only shows up when a website serves cookies over HTTP...?

salty-horse on 10 Aug 2016

@salty-horse, Seemingly whenever I am in one of the chat rooms on the following site: https://chat.stackexchange.com/

ghost on 10 Aug 2016

I think the site does not matter. Also on GitHub I can reproduce this error.

These errors spam my browser console:

"nsICookieManager.remove()" wurde verändert. Aktualisieren Sie Ihren Code und übergeben Sie die korrekten originAttributes. Lesen Sie mehr auf MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManagerHTTPS.js:164:6
"nsICookieManager2.add()" wurde verändert. Aktualisieren Sie Ihren Code und übergeben Sie die korrekten originAttributes. Lesen Sie mehr auf MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2HTTPS.js:165:6
Allowing request to domain NOT in the block-list.(unbekannt)
"nsICookieManager.remove()" wurde verändert. Aktualisieren Sie Ihren Code und übergeben Sie die korrekten originAttributes. Lesen Sie mehr auf MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManagerHTTPS.js:164:6
"nsICookieManager2.add()" wurde verändert. Aktualisieren Sie Ihren Code und übergeben Sie die korrekten originAttributes. Lesen Sie mehr auf MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2HTTPS.js:165:6

The errors point to this file.

rugk on 5 Oct 2016

I also get TypeError: uri is undefined here.

And again. It seriously spams my whole console:
console

rugk on 5 Oct 2016

Can't reproduce it consistently. I only got the errors once while refreshing this page. :(

salty-horse on 5 Oct 2016

Buzzfeed makes the errors go nuts.
_(Warning: Content at the following links may be upsetting to some readers; you can just look at the console.)_ Check out https://www.buzzfeed.com/danvergano/trump-on-nukes or https://www.buzzfeed.com/williamalden/a-tech-mogul-said-hed-push-for-california-to-secede-if-trump to see if you can reproduce it there. There are two errors that alternate back and forth (so it doesn't accumulate with the red number):

HTTPS.js:165:6:
“nsICookieManager2.add()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2

HTTPS.js:164:6:
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager

HBR does this too, e.g. https://hbr.org/2016/11/what-artificial-intelligence-can-and-cant-do-right-now