Some Firefox extensions require access to local storage and/or indexedDB, for instance to store data on the user device Firefox runs on.
These extensions may break if cookies are blocked. Extensions like uBlock Origin, uMatrix, or Stylus use the storage and thus require cookie permissions even if they don't set cookies to work correctly.
While some come with fallbacks built-in to overcome this limitation, it is best to address this head on instead as indexedDB usage is usually the better option to whichever fallback solution is used otherwise.
The easiest way to get to the profile folder is to load about:support, and click on the show folder button on the page that opens.
You can check the storage\default directory of the Firefox profile if extensions use indexedDB. If you have folders starting with moz-extension in there, you have extensions that use it and thus require cookie access. Note that the extensions are listed with their internal UUID and not their name. Note that the UUID is randomly assigned during installation. Means: if you uninstall and reinstall, or use the extension on multiple systems, it is different.
Firefox users have two options to address the issue:
- Allow first party cookies, and clean up cookies regularly or block cookies and storage.
- Keep the deny all setting, but use exceptions to allow extensions that need cookie access to use indexedDB storage to function properly.
Set cookie exceptions for extensions in Firefox
- Load about:debugging in Firefox to get started. The page lists all system add-ons, and all installed extensions of the Firefox browser.
- Locate the browser extension that you want to add exceptions for. You find the internal UUID listed next to extensions that you have installed in the browser. This helps with the identification.
- Click on Manifest URL underneath the extension listing.
- Right-click on the page that opens, and select View Page Info from the context menu.
- Switch to the Permissions tab of the Page Info window.
- Locate Set Cookies in the list of permissions. Remove the checkmark from "use default", and set it to allow instead.
- Repeat the process for any other extension that requires access to cookies.
- Restart Firefox.
Tip: You can manage cookie permissions under Options > Privacy & Security > History > use custom settings for history > Accept cookies from websites, Exceptions. You may use the prompt to add cookie exceptions as well. All that is required is to copy the entire folder name, replace the +++ with ://, add it under "address of website" and set it to allow. (e.g. moz-extension+++23bf26fb-1c8d-40d3-b7c2-798882a0d55c to moz-extension://23bf26fb-1c8d-40d3-b7c2-798882a0d55c)
Additional information:
- CCleaner detects extensions cookies but it makes no difference whether it cleans them or not as they get recreated automatically on the next start of the browser.
Closing Words
The Ghacks user.js file for Firefox blocks cookies by default. Users who apply it and run extensions that require cookies may run into issues afterwards. The article highlighted a method to overcome this without enabling first party cookies globally for all sites and extensions in the browser. (Thank you Pants)
> All that is required is to copy the entire folder name, add it under "address of website" and set it to allow.
Err .. nope. Better edit that, and the pic is wrong too. You need to replace "+++" with "://" (there's a colon there before the backslashes)
Here's a picture: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/exceptions02.png
Thanks, corrected.
Thanks, Pants, and Martin, For another really outstanding handy article on ghacks.net.
But what to do when you use the Add-on named self-destructing cookies (up to version 0.4.12)
I ask this because this add-on is setting the default for cookies behavior use standard as allowed for the session (also for, the uBlock Origin add-on).
So what to do should I change the setting to default on (and does that than not destroy the correct working of the add-on use?) as you suggest? Or should I do nothing?
And/ Or Is this add-on a good add-on to have the add-on in general or it's maybe wiser (better) to change the individual settings one by one, like you suggest it do?
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=api
You'd better switch to the 'Cookie Autodelete' Firefox add-on because it handles permissions in its own database independently of Firefox.
Problem is 'Cookie Autodelete' (as 'Self-Destructing Cookies') won't be pertinent (will have no use) if Cookies are globally blocked. What you can do is :
1- Set cookies as globally blocked;
2- When as site requires a cookie (either to simply appear, or because you wish it) then once on that site open Firefox's Page Info and set your choice in Permissions / Set Cookie -> This modifies Firefox's exception list.
3- With the 'Cookie Autodelete' add-on, choose
- 'Clean after tab close' (default) and the cookie will be wiped once you qit the site,
- 'Clean on browser' restart' and the cookie will be managed by 'Cookie Autodelete' as a session cookie;
- 'Never clean' and the cookie will remain.
Remember that the cookie exception you grant to Firefox has to fit with that you grant to 'Cookie Autodelete' : if you've set Firefox cookie permission to session then setting 'Cookie Autodelete' to 'never 'Never clean' won't work.
This is what I do, which allows blocking all cookies even before they get installed (then wiped by 'Cookie Autodelete' on site exit), allows what used to be called 'temporary cookies' (for this session only, not for future sessions) and even better : 'one-hit' cookies (only when visiting a site which requires a cookie afer what the cookie is removed). The best of two worlds, that of blocking all cookies and that of building highly tailored exceptions.
Note : rather than opening the Page Info for a site I still use a legacy add-on called 'Permit Cookies 2' : I therefor have two toolbar buttons, that of 'Permit Cookies 2' which grants user cookie permissions at the Firefox level, that of 'Cookie Autodelete' which grants cookie permissions at the 'Cookie Autodelete' level (considering the add-on manages cookies independently). Et voila.
It's very simple, anything sounding complicated would be explained but my lack of good English. I do hope you get the idea.
for those that want to browse the www in a (mostly) care-free manner, yet maintain a semblance of privacy as well, denying cookies globally and then manually white-listing extension data storage and whitelisting websites that require this functionality, is not a viable option in my personal opinion - it's just not something the average FF user is going to bother with - and so this needs to be automated
currently there is 'Cookies Exterminator' for those who plan to run a FF derivative which continues support for legacy add-ons (Waterfox, Pale Moon, ect.) and 'Cookie AutoDelete' which is a WebExt, though it doesn't clean LocalStorage just yet - apparently it is planned however, depending on the FF API i suppose
Martin, you mentioned in step 1 that, quote, "The page lists all system add-ons, and all installed extensions of the Firefox browser." Unfortunately, that's not the case on ESR 52.4.0 at least. What appears is the same as shown in the first screenshot on the following site: https://developer.mozilla.org/en-US/docs/Tools/about%3Adebugging#Enabling_add-on_debugging
As you can see, there are no system add-ons anywhere and no UUIDs.
Which version of Firefox do you run? On Nightly, I see them all listed. See https://imgur.com/a/nOQoa
ESR 52.4.0
Maybe it is not included in ESR yet? I just checked in Firefox Stable, and system addons are listed in it as well.
OK, it's no big deal. I don't think I have any extensions that require cookies, or at least I've never seen any requests to allow them for those that I do have installed. .