User agent:
This bug appears in the latest Nightly (Firefox 34). It behaves correctly in the current stable version (Firefox 31).
Steps to reproduce:
- Start with a page that sets a cookie and redirects (HTTP 302) in the same request
- Load that page in an iframe
- Make sure the page that serves the iframe is on a different host/origin from the page in the iframe
Expected behavior:
- The cookie is set
Actual behavior:
- The cookie is not set
Test case: (clone this gist to try it yourself)
This defines a simple server that sets a cookie before redirecting the page to a new destination. The destination checks to see if the cookie was set.
(To run the server, install Flask [pip install -r requirements.txt] and run server.py)
To see the bug in action: open iframe.html in your browser, as a local file. As you'll see, the iframe is redirected to the new page, but the cookie is not set.
If you now open the root of the server, which serves the exact same content, you'll see that, this time, the cookie is set successfully.
(Note that the page with the iframe doesn't have to be served over file://; the bug also appears if it's served over http or https, as long as the host/origin is different from that of the iframe.)
Extra:
- I reproduced this on a fresh profile, with no extensions.
- I cannot reproduce in Firefox 31, the current stable version.