Closed Bug 1315907 Opened 6 years ago Closed 6 years ago

[FirstPartyIsolation] Failed to sign in to the hao123.com

Categories

(Core :: DOM: Security, defect, P1)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1313627

People

(Reporter: cynthiatang, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor][domsecurity-active])

Attachments

(4 files)

Preference setting:
 1. privacy.firstparty.isolate;true
 2. network.predictor.enable-prefetch;false
 3. network.predictor.enabled;false

Step:
 1. Launch Firefox browser
 2. Go to hao123.com
 3. Click on "登录" (Sign in)
 4. Sign in using an existing Baidu ID and password

Actual result:
 - After entering your Baidu ID and password, it will new a tab and go to "https://www.hao123.com/jumpv3.htm?err_no=100023&callback=parent.bd__pcbs__bnr3k0&codeString=&userName=&phoneNumber=&mail=&hao123Param=&u=&tpl=&secstate=&gotourl=&authtoken=&loginproxy=&resetpwd=&vcodetype=&lstr=&ltoken=&bckv=&bcsync=&bcchecksum=&code=&bdToken=&realnameswitch=&setpwdswitch=&bctime=&bdstoken=&authsid=&jumpset=&appealurl=&accounts="
 - After a few seconds, user got an error in the original tab. The error is "登录超时,请稍后再试" (Sign in timeout, please try again later). Please see attachments "hao123_Firefox_FPI_1" and "hao123_Firefox_FPI_2" 

Reproduction Rate: 10/10

Other test results:
 - Firefox without FPI: User can sign in to hao123.com. Please see the attachment "hao123_Firefox_Default"
 - Tor browser: User cannot sign in to hao123.com. The error is "开启Cookie之后才能登录" (You'll need to turn cookie on ). But it does not new a tab. Please see the attachment "hao123_Tor"

Firefox version: 52.0a1 (2016-11-07) (64-bit)
Attached image hao123_Tor.jpg
I have tested this with the patch in the bug 1313627. After applying the patch, the browser can login hao123.com successfully.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1313627
You need to log in before you can comment on or make changes to this bug.