single sign out with Firefox Accounts
lhilaiel at mozilla.com
Mon Nov 11 13:07:20 PST 2013
On Nov 11, 2013, at 11:00 PM, Jared Hirsch <6a68 at mozilla.com> wrote:
>> Do we understand what Safari classifies as a "third party cookie"? E.g., are x.y.com and z.y.comconsidered to have a "third party relationship"?
> This is all Same Origin Policy stuff. If the domain + protocol (+ port, optionally) don't match, they are third parties; if those pieces match, they're first parties.
I’m a little confused. The relevant challenges for us have been around the behavior of the browser with respect to local/session storage or cookies for code rendered inside an iframe embedded in code from a different domain.
Specifically. We have a domain, login.persona.org. That domain uses local storage and cookies. Whether code from that domain is rendered first party (url bar displays https://login.persona.org), or third party (url bar displays https://123done.org, and an iframe embedded therein served from https://login.persona.org) - affects its ability to access local/session storage, and affects its ability to read/write cookies.
The restrictions imposed on code rendered in an iframe vary heavily by browser and settings.
Would a longer post on this topic be useful?
More information about the Dev-fxacct