single sign out with Firefox Accounts

Lloyd Hilaiel lhilaiel at
Mon Nov 11 13:07:20 PST 2013

On Nov 11, 2013, at 11:00 PM, Jared Hirsch <6a68 at> wrote:

>> Do we understand what Safari classifies as a "third party cookie"? E.g., are and z.y.comconsidered to have a "third party relationship"?
> This is all Same Origin Policy stuff[1]. If the domain + protocol (+ port, optionally) don't match, they are third parties; if those pieces match, they're first parties.

I’m a little confused.  The relevant challenges for us have been around the behavior of the browser with respect to local/session storage or cookies for code rendered inside an iframe embedded in code from a different domain.

Specifically.  We have a domain,  That domain uses local storage and cookies.  Whether code from that domain is rendered first party (url bar displays, or third party (url bar displays, and an iframe embedded therein served from - affects its ability to access local/session storage, and affects its ability to read/write cookies.  

The restrictions imposed on code rendered in an iframe vary heavily by browser and settings.

Would a longer post on this topic be useful?


More information about the Dev-fxacct mailing list