403 forbidden
My TIFF (Toronto International Film Festival) membership would not load I got 403 forbidden when I click on the account manager locked. I emailed them and they said the account was active. I think tried again from a Chrome browser and had no issues was able to log in . Back on Mozilla Firefox however I am blocked.
Is there a fix or do I need to migrate all my browsing to Chrome ? [email removed from public]
James modificouno o
All Replies (3)
The 403 error isn't very explanatory, is it... but let me take a wild guess: this page is displayed because the server didn't receive your cookie showing you are logged in, and therefore you aren't allowed to see that page.
Firefox 96 made three changes related to cookies. I don't think we know enough to guess which change is affecting that site, so I'll provide information on all three changes.
(1) If the server does not specify the SameSite setting for its cookies, Firefox changed from treating it as SameSite=None (allow serving as a third party cookie) to SameSite=Lax (partially restricts serving as a third party cookie).
This seems to be the one that affects Canvas/Kaltura users. However, it turns out to be difficult to find the relevant host names so that you can set an exception for those sites.
It also seems to affect iCloud two-factor authentication. See: https://support.mozilla.org/questions/1364242
(2) If the cookie was set on an HTTPS page, it is not automatically passed to HTTP pages on the same server. In other words, SameSite consider the protocol (scheme) as well as the host name. This is a problem for older sites that use HTTP for most pages but do the login over HTTPS. Example: https://www.reddit.com/r/firefox/comments/s3iych/south_korea_cant_sign_in_to_some_websites_after/
(3) If the server specifies that third party cookies are okay by setting SameSite=None, this is only honored for HTTPS pages, not HTTP pages. I don't know whether this is causing problems on any sites.
How to test whether this is issue #1:
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(B) In the search box in the page, type or paste laxByDefault and pause while the list is filtered
(C) Double-click the network.cookie.sameSite.laxByDefault preference to switch the value from true to false
I don't know whether that takes effect immediately or whether you need to quit Firefox and start it up again.
Hopefully we will get a better understanding of how to set exceptions in the future so you can benefit from this change while using other sites.
I am sorry to say your reply is not suited to a layman...TIFF.net used to work now it doesn't on my Firefox browser...I need a way to fix that issue not about:config that has over 1000 lines of who knows what to scroll through
You don't need to scroll if you follow step (B). Only two preferences match that filter.