Closed Bug 1315907 Opened 8 years ago Closed 8 years ago

[FirstPartyIsolation] Failed to sign in to the hao123.com

Categories

(Core :: DOM: Security, defect, P1)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1313627

People

(Reporter: cynthiatang, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor][domsecurity-active])

Attachments

(4 files)

Preference setting: 1. privacy.firstparty.isolate;true 2. network.predictor.enable-prefetch;false 3. network.predictor.enabled;false Step: 1. Launch Firefox browser 2. Go to hao123.com 3. Click on "登录" (Sign in) 4. Sign in using an existing Baidu ID and password Actual result: - After entering your Baidu ID and password, it will new a tab and go to "https://www.hao123.com/jumpv3.htm?err_no=100023&callback=parent.bd__pcbs__bnr3k0&codeString=&userName=&phoneNumber=&mail=&hao123Param=&u=&tpl=&secstate=&gotourl=&authtoken=&loginproxy=&resetpwd=&vcodetype=&lstr=&ltoken=&bckv=&bcsync=&bcchecksum=&code=&bdToken=&realnameswitch=&setpwdswitch=&bctime=&bdstoken=&authsid=&jumpset=&appealurl=&accounts=" - After a few seconds, user got an error in the original tab. The error is "登录超时,请稍后再试" (Sign in timeout, please try again later). Please see attachments "hao123_Firefox_FPI_1" and "hao123_Firefox_FPI_2" Reproduction Rate: 10/10 Other test results: - Firefox without FPI: User can sign in to hao123.com. Please see the attachment "hao123_Firefox_Default" - Tor browser: User cannot sign in to hao123.com. The error is "开启Cookie之后才能登录" (You'll need to turn cookie on ). But it does not new a tab. Please see the attachment "hao123_Tor" Firefox version: 52.0a1 (2016-11-07) (64-bit)
Attached image hao123_Tor.jpg
I have tested this with the patch in the bug 1313627. After applying the patch, the browser can login hao123.com successfully.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: