Can't create cookies for .blogspot.com

[vanowm]

For some reason Firefox refuses adding new cookies for .blogspot.com (and similar .blogspot.de, .blogspot.ru, .blogspot.co.uk, etc. starting with a dot)

This is not CM+ bug, but either restriction or a bug in FF itself.

[theultramage]

Github source code search for 'blogspot' in Mozilla's Firefox repo found https://github.com/mozilla/gecko-dev/blob/master/netwerk/dns/effective_tld_names.dat (and the prepare_tlds.py script which bakes it into a C .inc file), and googling for that filename gave me https://wiki.mozilla.org/Public_Suffix_List.

This is a mechanism to prevent malicious sites from setting cookies where they shouldn't. Since apparently, subdomains are permitted to set cookies for parent domains, a rogue site might try to go one step higher and set a cookie for the whole top-level domain provider. Unfortunately, it's not possible to automatically tell where the customer's site name ends and the provider's name part begins, to enforce a security boundary, because some organizations register customers at the 3rd level. This appears to be a design flaw in http.

Firefox solved this using a manually maintained list of ccTLDs. And it seems it has evolved into a general list of registered subdomain providers. Now to find out if there is a setting to override this. According to https://wiki.mozilla.org/Public_Suffix_List/Uses the list is also used for various features that require locating a site's top-level domain, which is done by looking 1 level below the provider name part.

[Atavic]

edit: Blogspot sends to local TLDs based on your location.

http://something.blogspot.com/ will redirect to a new local address, while
http://something.blogspot.com/ncr does not redirect to a local address, as .mx for mexico or .it for italy.