Closed
Bug 87440
Opened 23 years ago
Closed 23 years ago
Cannot log into CIBC PC Banking
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: jim, Assigned: ddrinan0264)
References
()
Details
(Keywords: regression)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.15-4mdk i686; en-US; rv:0.9.1) Gecko/20010607 Netscape6 BuildID: 2001062212 When attempting to log onto CIBC PC Banking, upon clicking "Sign On" (after filling in login info), a page is displayed that says that "page cannot be viewed with the method you've chosen". The same thing happens if you click "Browser Security Info" on the LHS of the page. This has always worked before (including mozilla 0.9.1) Reproducible: Always Steps to Reproduce: 1. goto https://www.pcbanking.cibc.com/english/servlet/SignOn 2. click "Browser Security Info" on the left side of page OR 1. goto https://www.pcbanking.cibc.com/english/servlet/SignOn 2. fill in bogus 13 digit card # and 6 letter password 3. click "Sign On" Actual Results: A page with the below message is displayed: We are sorry... This page cannot be viewed with the method you've chosen. Please use the button below to go to the sign on page (Ref. #R690). Expected Results: If trying to sign on, should be able to sign on. If clicking "Browser Security Info", should get a page talking about secuirty. If signing on with bogus entries should see a page saying this: We are sorry... Your CIBC card number or password is invalid, or you have not yet registered (Ref. #R107). This was tried with and without TLS enabled. This has always worked in the past, including with mozilla 0.9.1 [note user-agent field above contains Netscape6 because I set "general.useragent.vendor" to Netscape6 to keep another site happy. I tried CIBC login page with and without "general.useragent.vendor" set.]
Umm have you tried using other browser's useragent? I'm going to mark this invalid as the site says: For Netscape users: CIBC PC Banking does not currently support Netscape 6.x browsers. Please do not upgrade your browser at this time.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•23 years ago
|
||
I have tried using other browser's useragent. It makes no difference. As for the statement that "CIBC PC Banking does not currently support Netscape 6.x browsers", what they are saying is that if you are having trouble, and call them up, they won't help you. CIBC is *not* saying that their site is known to not work with Netscape6.X (mozilla 5). If this was the case mozilla 0.9.1 would not work; yet it does, as do all previous versions of mozilla. Basically, between 0.9.1 and 20010622 there was a change in mozilla that prevents it from working on the CIBC site. Additionally, both konqueror and opera have no difficulty in working correctly on this site. So, for these reasons I would ask that you reconsider the "invalid" status that this bug now has. Finally, I would point out that CIBC is one of only 6 major banks in Canada. What this means is that a significant percentage of Canadians who do online banking cannot hope to use Netscape6/mozilla as their browser. If it is a goal of the mozilla/netscape6 teams to make mozilla/netscape6 a widely accepted browser, then fixing this problem would help achieve this goal. If this problem is not fixed, I will stick with 0.9.1 for some time and then eventually, and reluctanly, move on to konqueror (or opera). I would like very much to stay with mozilla, but I do expect that the browser I use be able to handle the sites that I depend on in order to perform real tasks. Thank you for your time.
Reporter | ||
Comment 3•23 years ago
|
||
Addendum to above: in order for konqueror and opera to access the CIBC site, they have to use a mozilla user agent string. Ironic, eh?
this is a regression, and i'd like to see if form submission can examine it. otherwise this goes to evangelism, please do not resolve this bug as invalid.
Status: RESOLVED → UNCONFIRMED
Component: Browser-General → Form Submission
Keywords: regression
Resolution: INVALID → ---
.
Assignee: asa → rods
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: doronr → vladimire
Comment 7•23 years ago
|
||
I saved this page on a test server, and submit the values to an echo script... the re seems to be no problem with what is being submited. Method is post like it should be... probably evengelism issue. Here is a link , if you want to see for yourself... https://bubblegum/vladimire/signon.html
Comment 9•23 years ago
|
||
If you back down to a nightly from the 22nd or earlier, the CIBC PCBanking website works, I'd like to point out. That sort of makes it sound like something changed within Mozilla, hmm?
Reporter | ||
Comment 10•23 years ago
|
||
I agree, there is no question that a change in mozilla resulted in the CIBC website not working. I was happily using it with Mozilla 0.9.1 (2001060713). I have also been happily using it for *many* previous versions of mozilla. And the fact that the website works with Netscape 4.77, Netscape 6.01, IE 5.5, Konqueror, and Opera (the latter two requiring mozilla user agent spoofs) really seems to indicate that it is a mozilla issue of some sort.
Comment 11•23 years ago
|
||
Build 2001-06-20-21 works on Linux and 2001-06-21-15 doesnt, so thats when the change occured
Reporter | ||
Comment 12•23 years ago
|
||
FWIW, using mozilla 0.9.2 with debugging turned on (user_pref("browser.dom.window.dump.enabled", true) in prefs.js) I see the below when attempting the evil operations: Document https://www.pcbanking.cibc.com/english/servlet/SignOn loaded successfully Error loading URL javascript:if(validateForm()) document.SignOn.submit(); : 2152398850 Document https://www.pcbanking.cibc.com/english/servlet/Logon loaded successfully Document https://www.pcbanking.cibc.com/english/servlet/SignOn loaded successfully Error loading URL javascript:submitNav('BrowserSecurity'); : 2152398850 Document https://www.pcbanking.cibc.com/english/servlet/BrowserSecurity loaded successfully
Comment 13•23 years ago
|
||
*** Bug 89815 has been marked as a duplicate of this bug. ***
Comment 14•23 years ago
|
||
I have also noticed that I can no longer log into Bank of Montreal - one of the other 6 Canadian Banks - with 0.9.2 but I still can with 0.9.1. Perhaps this is the same bug. This is a little harder for you to verify though because you have to try and sign in and you need a valid bank number and password. Anyway the error that the site reports is: <Error> Your session has expired or you have not properly signed into the system. During your session, pages which you have used, may be stored in memory. To clear this memory, either exit your browser or clear your cache. Please click here to sign in. </Error> This is the sign on page https://www.bmo.com/cgi-bin/netbnx/NBmain The site doesn't mention not supporting Netscape 6.
Comment 15•23 years ago
|
||
OK, I've figured out what's causing this. The fact that this is a secure site means that when the submit() comes through a javascript method the referer is stripped off of the form request which breaks the site for security reasons. I'm pretty sure this is something that mitch changed recently. I'm taking the liberty to reassign this to Mitch since I suspect that it's his bug.
Assignee: pollmann → mstoltz
Comment 16•23 years ago
|
||
Actually it was ddrinan who made that change, and there's a good reason for it. We shouldn't be sending https referrers to non-secure sites, as it could reveal some secure data to the other site. Could we make this an evangelism bug? Why does the behavior of the site in question depend on the referrer? Reassigning to ddrinan. Please reassign if I am mstaken about ownership. Bug 89995 is related, possibly a dup.
Assignee: mstoltz → ddrinan
Comment 17•23 years ago
|
||
Actually the bug doesn't really have anything to do with sending https referrers to non-secure sites. If you go to the Https://www.pcbanking.cibc.com and then you click on the browser security info you will see that clicking there executes a piece of java script which changes the action of a form to be /english/servlet/BrowserSecurity. Now since this document is https it adds that relative path onto https://www.pcbanking.cibc.com for an end link of https://www.pcbanking.cibc.com/english/servlet/BrowserSecurity so I don't think that fits into "going from a secure site to a non-secure site" unless I am missing something.
Comment 18•23 years ago
|
||
Should add keyword "ecommerce" to this bug. I'm not doing it myself not only because I'm not sure how to do it but because the bug owner should do so.
Comment 19•23 years ago
|
||
shaver points out that since this is probably http related that it might be on darin's plate. Darin?
Comment 20•23 years ago
|
||
Can login to CIBC under Win32 using build 20010803 off of the 0.9.2 branch. I suspect this means that this bug was actually a dupe of Bug 89995, the fix for which was checked into the 0.9.2 branch.
Reporter | ||
Comment 21•23 years ago
|
||
The bug existed for Linux 0.9.2 and still exists for Linux 0.9.3.I can't speak for Windows.
Comment 22•23 years ago
|
||
Yeah it is still in 093 but the nightly build for windows works... 20010803!!
Reporter | ||
Comment 23•23 years ago
|
||
Well, hell! Linux 2001080308 works like a charm! Thanks.
Comment 24•23 years ago
|
||
Is there a chance this patch can make it into the 0.9.3 branch?
Comment 25•23 years ago
|
||
colin: not likely, since 0.9.3 is released already...
Comment 26•23 years ago
|
||
marking WFM due the comment of the reporter...
Status: NEW → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → WORKSFORME
Updated•5 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•