In order to test some stuff, I've been using the trick of setting a cookie on the .appspot.com domain, which allows me to share data between two different .appspot.com GAE apps. This has stopped working in Firefox 6, and a google person told me:

It's because appspot.com was added to the public suffix list of domains that modern browsers should not allow cookies to be set for: http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1

which totally makes sense for regular users. But for my testing, I'd really like to have FF treat .appspot.com as a regular domain, not an "effective TLD". Is there any way to "whitelist" .appspot.com or otherwise override the effective_tld_names.dat used within FF?

(I need a hack that will work on OS X, in case that matters.)

Unfortunately for you, there is no supported way to do this. I checked the implementation of nsCookieService and method SetCookieStringInternal will reject any host names where it cannot get the base name from (which would be the case for "appspot.com" now - for the Firefox engine this is no longer a complete host name). This means that not even extensions can set a cookie for "appspot.com" other than by writing to the database "manually". But that doesn't help much here because method GetCookiesFromHost also uses the base domain for its checks so that any cookies for "appspot.com" will be ignored.

Given that effective_tld_names.dat is compiled into xul.dll the only way to change this data is using a hex editor on this file and for example replacing "appspot.com" by "bppspot.com" which should "disable" this rule. Note that a manipulation like this will break incremental updates and you will have to repeat it after the update.