Recent Firefox and sync plugin auth issue with some settings #843
Description
When running Firefox (FF) with Enhanced Tracking Protection (ETP) set to Strict, and using ViolentMonkey as my userscript (US) manager, a new profile is unable to authorize the Sync plugin. I can reproduce this on both Android and Linux. Have not tried other platforms.
I think this started around FF 139. I do not know if this is a FF or IITC issue.
If a FF profile configured Sync before running on FF 139, it would continue to work on the upgraded profile. Unless a per-site browser setting was tweaked, then back in the same state as a new profile.
In all situations I have tried so far, it is possible to get it working with the following steps.
- Go into FF advanced settings by visiting
about:config - Setting
privacy.restrict3rdpartystorage.heuristic.window_opento true - Using the Sync plugin's
[Authorize]button and associated workflow - Reset
privacy.restrict3rdpartystorage.heuristic.window_openback to previous setting (likely false).
The situation can be verified by looking at the Site Permissions Panel while visiting Intel:
If you see a Cross-site cookies section that includes accounts.google, it should be good.
Also, clicking the X to remove that gets into the not working state from an upgraded profile.
I do know that disabling ETP for Intel works, but turning it back on will not keep access to that 3P cookie.
Logging into Intel works fine. It is just getting Sync authorized that seems to be a problem.
I need to take the time to reproduce in a more controlled manner (e.g., verify that FF 139 introduced the change, different US managers, etc).
Since this involves a lot of moving parts (browser, extension, userscript, Google account, playing Ingress), getting a reproducible case may be challenging. As would trying to explain this to in a way not related to Ingress. If anyone can reproduce this in a more isolated fashion (including "do this from the debug console"), that would be best. I first noticed this issue on nightly FF on Android some weeks ago, but did not get a chance to look into it. Until today when I went to set up a new FF installation on a laptop and ... oops.
Also, I'm not sure the above steps works on FF on Android because, about:config.
It is also possible that there is an issue in Sync. Reading https://developer.mozilla.org/en-US/docs/Web/Privacy/Guides/State_Partitioning#storage_access_heuristics seems to suggest this particular toggle is a temporary solution.
Warning: Storage access heuristics are a transitional feature meant to prevent website breakage. They should not be relied upon for current and future web development.
Anyway, there is a problem in certain configurations and a couple of work arounds.