Closed Bug 87440 Opened 23 years ago Closed 23 years ago

Cannot log into CIBC PC Banking

Categories

(Core :: DOM: Core & HTML, defect)

x86
Linux
defect
Not set
major

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: jim, Assigned: ddrinan0264)

References

()

Details

(Keywords: regression)

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.15-4mdk i686; en-US; rv:0.9.1)
Gecko/20010607 Netscape6
BuildID:    2001062212

When attempting to log onto CIBC PC Banking, upon clicking
"Sign On" (after filling in login info), a page is displayed that 
says that  "page cannot be viewed with the method you've chosen". 

The same thing happens if you click "Browser Security Info" on the LHS
of the page.

This has always worked before (including mozilla 0.9.1)

Reproducible: Always
Steps to Reproduce:
1. goto https://www.pcbanking.cibc.com/english/servlet/SignOn
2. click "Browser Security Info" on the left side of page
     OR
1. goto https://www.pcbanking.cibc.com/english/servlet/SignOn
2. fill in bogus 13 digit card # and 6 letter password
3. click "Sign On"


Actual Results:  A page with the below message is displayed:

  We are sorry...

  This page cannot be viewed with the method you've chosen. Please use   the
button below to go to the sign on page (Ref. #R690).


Expected Results:  If trying to sign on,  should be able to sign on. If
clicking "Browser Security Info", should get a page talking about secuirty.

If signing on with bogus entries should see a page saying this:

   We are sorry...

   Your CIBC card number or password is invalid, or you have not yet  
registered (Ref. #R107).


This was tried with and without TLS enabled.

This has always worked in the past, including with mozilla 0.9.1

[note user-agent field above contains Netscape6 because I set 
"general.useragent.vendor" to Netscape6 to keep another site happy.
I tried CIBC login page with and without "general.useragent.vendor" set.]
Umm have you tried using other browser's useragent? I'm going to mark this
invalid as the site says:

For Netscape users:
CIBC PC Banking does not currently support Netscape 6.x browsers. Please do not
upgrade your browser at this time. 
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
I have tried using other browser's useragent. It makes no difference.

As for the statement that "CIBC PC Banking does not currently support Netscape
6.x browsers", what they are saying is that if you are having trouble,
and call them up, they won't help you. CIBC is *not* saying that their site
is known to not work with Netscape6.X (mozilla 5). If this was the case
mozilla 0.9.1 would not work; yet it does, as do all previous versions of
mozilla.

Basically, between 0.9.1 and 20010622 there was a change in mozilla that
prevents it from working on the CIBC site. Additionally, both konqueror
and opera have no difficulty in working correctly on this site.
So, for these reasons I would ask
that you reconsider the "invalid" status that this bug now has. 

Finally, I would point out that CIBC is one of only 6 major banks
in Canada. What this means is that a significant percentage of Canadians
who do online banking cannot hope to use Netscape6/mozilla as their
browser. If it is a goal of the mozilla/netscape6 teams to make 
mozilla/netscape6 a widely accepted browser, then fixing this problem
would help achieve this goal.

If this problem is not fixed, I will stick with 0.9.1 for some time
and then eventually, and reluctanly, move on to konqueror (or opera).
I would like very much to stay with mozilla, but I do expect that the
browser I use be able to handle  the sites that I depend on in
order to perform real tasks. 

Thank you for your time.




Addendum to above: in order for konqueror and opera to access the
CIBC site, they have to use a mozilla user agent string. Ironic, eh?
this is a regression, and i'd like to see if form submission can examine it.

otherwise this goes to evangelism, please do not resolve this bug as invalid.
Status: RESOLVED → UNCONFIRMED
Component: Browser-General → Form Submission
Keywords: regression
Resolution: INVALID → ---
.
Assignee: asa → rods
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: doronr → vladimire
*** Bug 87681 has been marked as a duplicate of this bug. ***
I saved this page on a test server, and submit the values to an echo script...
the re seems to be no problem with what is being submited. Method is post like
it should be... probably evengelism issue.

Here is a link , if you want to see for yourself...
https://bubblegum/vladimire/signon.html
Reassigning to Eric
Assignee: rods → pollmann
If you back down to a nightly from the 22nd or earlier, the CIBC PCBanking
website works, I'd like to point out.

That sort of makes it sound like something changed within Mozilla, hmm?
I agree, there is no question that a change in mozilla resulted
in the CIBC website not working. I was happily using it with 
Mozilla 0.9.1 (2001060713). I have also been happily using it
for *many* previous versions of mozilla.

And the fact that the website works with Netscape 4.77, Netscape 6.01,
IE 5.5, Konqueror, and Opera (the latter two requiring mozilla user agent
spoofs) really seems to indicate that it is a mozilla issue of some sort.
Build 2001-06-20-21 works on Linux
and 2001-06-21-15 doesnt, so thats when the change occured
FWIW, using mozilla 0.9.2 with debugging turned on
(user_pref("browser.dom.window.dump.enabled", true) in prefs.js)
I see the below when attempting the evil operations:


Document https://www.pcbanking.cibc.com/english/servlet/SignOn loaded successfully
Error loading URL javascript:if(validateForm()) document.SignOn.submit(); :
2152398850
Document https://www.pcbanking.cibc.com/english/servlet/Logon loaded successfully
Document https://www.pcbanking.cibc.com/english/servlet/SignOn loaded successfully
Error loading URL javascript:submitNav('BrowserSecurity'); : 2152398850
Document https://www.pcbanking.cibc.com/english/servlet/BrowserSecurity loaded
successfully
*** Bug 89815 has been marked as a duplicate of this bug. ***
I have also noticed that I can no longer log into Bank of Montreal - one of the
other 6 Canadian Banks - with 0.9.2 but I still can with 0.9.1.  Perhaps this is
the same bug.  This is a little harder for you to verify though because you have
to try and sign in and you need a valid bank number and password.  

Anyway the error that the site reports is:
<Error>
Your session has expired or you have not properly signed into the system.

During your session, pages which you have used, may be stored in memory.
To clear this memory, either exit your browser or clear your cache.

Please click here to sign in.
</Error>

This is the sign on page

https://www.bmo.com/cgi-bin/netbnx/NBmain

The site doesn't mention not supporting Netscape 6.  
Keywords: oeone
OK, I've figured out what's causing this.  The fact that this is a secure site
means that when the submit() comes through a javascript method the referer is
stripped off of the form request which breaks the site for security reasons. 
I'm pretty sure this is something that mitch changed recently.

I'm taking the liberty to reassign this to Mitch since I suspect that it's his bug.
Assignee: pollmann → mstoltz
Actually it was ddrinan who made that change, and there's a good reason for it.
We shouldn't be sending https referrers to non-secure sites, as it could reveal
some secure data to the other site. Could we make this an evangelism bug? Why
does the behavior of the site in question depend on the referrer?

Reassigning to ddrinan. Please reassign if I am mstaken about ownership. Bug
89995 is related, possibly a dup.
Assignee: mstoltz → ddrinan
Actually the bug doesn't really have anything to do with sending https
referrers to non-secure sites.  If you go to the
Https://www.pcbanking.cibc.com and then you click on the browser security
info you will see that clicking there executes a piece of java script
which changes the action of a form to be /english/servlet/BrowserSecurity.
Now since this document is https it adds that relative path onto
https://www.pcbanking.cibc.com for an end link of
https://www.pcbanking.cibc.com/english/servlet/BrowserSecurity so I don't
think that fits into "going from a secure site to a non-secure site"
unless I am missing something.
Should add keyword "ecommerce" to this bug.  I'm not doing it myself not only
because I'm not sure how to do it but because the bug owner should do so.
shaver points out that since this is probably http related that it might be on
darin's plate.  Darin?
Can login to CIBC under Win32 using build 20010803 off of the 0.9.2 branch.  I
suspect this means that this bug was actually a dupe of Bug 89995, the fix for
which was checked into the 0.9.2 branch.
The bug existed for Linux 0.9.2 and still exists for Linux 0.9.3.I can't speak for Windows.
Yeah it is still in 093 but the nightly build for windows works...  20010803!!
Well, hell! Linux 2001080308 works like a charm!
Thanks.
Is there a chance this patch can make it into the 0.9.3 branch?
colin: not likely, since 0.9.3 is released already...
marking WFM due the comment of the reporter...
Status: NEW → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → WORKSFORME
Verifying
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.