FirefoxCookiesManagerPlus
FirefoxCookiesManagerPlus copied to clipboard
Can't create cookies for .blogspot.com
For some reason Firefox refuses adding new cookies for .blogspot.com (and similar .blogspot.de, .blogspot.ru, .blogspot.co.uk, etc. starting with a dot)
This is not CM+ bug, but either restriction or a bug in FF itself.
Github source code search for 'blogspot' in Mozilla's Firefox repo found https://github.com/mozilla/gecko-dev/blob/master/netwerk/dns/effective_tld_names.dat (and the prepare_tlds.py script which bakes it into a C .inc file), and googling for that filename gave me https://wiki.mozilla.org/Public_Suffix_List.
This is a mechanism to prevent malicious sites from setting cookies where they shouldn't. Since apparently, subdomains are permitted to set cookies for parent domains, a rogue site might try to go one step higher and set a cookie for the whole top-level domain provider. Unfortunately, it's not possible to automatically tell where the customer's site name ends and the provider's name part begins, to enforce a security boundary, because some organizations register customers at the 3rd level. This appears to be a design flaw in http.
Firefox solved this using a manually maintained list of ccTLDs. And it seems it has evolved into a general list of registered subdomain providers. Now to find out if there is a setting to override this. According to https://wiki.mozilla.org/Public_Suffix_List/Uses the list is also used for various features that require locating a site's top-level domain, which is done by looking 1 level below the provider name part.
edit: Blogspot sends to local TLDs based on your location.
http://something.blogspot.com/
will redirect to a new local address, while
http://something.blogspot.com/ncr
does not redirect to a local address,
as .mx for mexico or .it for italy.