clarification needed for 3rd party cookies behavior change in Fx4

[al...@yahoo.com]

I've reproduced this issue with a simple synthetic test, but I'll describe
in terms of the real site where I encountered it.

Verizon wireless (VZW) bill payment site has an iframe which loads
verifiedbyvisa.com. The visa page onload, replace navigates (as opposed to
a sub requests) back to VZW. With 3rd party cookies disabled, this
VISA->VZW replacement request sends VZW cookies in Fx 3.6.17, but not in
4.0.1 where the transaction fails.

Why this change? I think Fx3.6 behavior is correct. For a request to be
considered 3rd party, it has to be a subrequest of a 1st party navigation,
but here VZW replaces VISA it's not a sub-request to the VISA request. If
it's to be considered a sub-request at all, it would be of the parent page,
which is VZW, so it's a 1st party sub-request.

[al...@yahoo.com]

<al...@yahoo.com> wrote in message
news:SZKdnVbP7O6aimfQ...@mozilla.org...

https://bugzilla.mozilla.org/show_bug.cgi?id=664721