Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

How to completely sanitise a given host from Firefox so it'd act the same as in private window?

  • 5 个回答
  • 0 人有此问题
  • 1 次查看
  • 最后回复者为 cprn

cprn
cprn
more options

I have a few websites, among them glovoapp.com and work Kibana, that don't open properly in my regular Firefox session any more even though I tried to remove cookies related to those websites and anything else I could think of. They work fine in private window but it means I have to authenticate each time. What steps do I need to perform to completely clean a website settings from Firefox memory?

In case of Glovo (and several other websites) in regular Firefox session there's an error: Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). Same doesn't happen in private window.

In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send Sec-Fetch-User header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly.

I'm using Tridactyl so I tried to use the :sanitise glovoapp.com command which, in theory, should remove everything that can be removed with API calls as described on https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/browsingData/DataTypeSet - it's not enough.

I have a few websites, among them glovoapp.com and work Kibana, that don't open properly in my regular Firefox session any more even though I tried to remove cookies related to those websites and anything else I could think of. They work fine in private window but it means I have to authenticate each time. What steps do I need to perform to completely clean a website settings from Firefox memory? In case of Glovo (and several other websites) in regular Firefox session there's an error: '''Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").''' Same doesn't happen in private window. In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send '''Sec-Fetch-User''' header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly. I'm using Tridactyl so I tried to use the ''':sanitise glovoapp.com''' command which, in theory, should remove everything that can be removed with API calls as described on https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/browsingData/DataTypeSet - it's not enough.

被采纳的解决方案

You can check for issues with Total Cookie Protection.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

定位到答案原位置 👍 1

所有回复 (5)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

选择的解决方案

You can check for issues with Total Cookie Protection.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

cprn
cprn 提问者
more options

cor-el said
You can check for issues with Total Cookie Protection. [...]

Disabling the enhanced tracking protection solved the issue with all websites that shown Content Security Policy error, including glovoapp.com - thank you! I can't edit the question to make it only about Glovo but I'll mark your answer as solution.

由cprn于修改

cprn
cprn 提问者
more options

cprn said
In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send Sec-Fetch-User header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly.

That part remains unsolved.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You may have to create a cookie allow exception to workaround cross-site cookie issues.

You can create a cookie allow exception with the proper protocol (https:// or http://) for the current domain via "Tools -> Page Info -> Permissions" or add an allow exception for third-party domains via "Settings".

  • Settings -> Privacy & Security -> Cookies and Site Data -> "Manage Exceptions"

由cor-el于修改

cprn
cprn 提问者
more options

It didn't help with Kibana-like issue. Long time ago I identified on several internal websites with a certificate (as in attachment) and checked Remember this decision. Now on half of those websites I have to use a new certificate - I've installed it in Firefox but the browser doesn't ask for the new credential, it just keeps trying to use the old one. I don't think it has anything to do with cookies. That's why the original question is about "sanitizing" given host/domain, as in: remove all settings and set them to defaults because there's apparently more than just cookies.

由cprn于修改