Closed
Bug 1315907
Opened 8 years ago
Closed 8 years ago
[FirstPartyIsolation] Failed to sign in to the hao123.com
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1313627
People
(Reporter: cynthiatang, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor][domsecurity-active])
Attachments
(4 files)
Preference setting:
1. privacy.firstparty.isolate;true
2. network.predictor.enable-prefetch;false
3. network.predictor.enabled;false
Step:
1. Launch Firefox browser
2. Go to hao123.com
3. Click on "登录" (Sign in)
4. Sign in using an existing Baidu ID and password
Actual result:
- After entering your Baidu ID and password, it will new a tab and go to "https://www.hao123.com/jumpv3.htm?err_no=100023&callback=parent.bd__pcbs__bnr3k0&codeString=&userName=&phoneNumber=&mail=&hao123Param=&u=&tpl=&secstate=&gotourl=&authtoken=&loginproxy=&resetpwd=&vcodetype=&lstr=<oken=&bckv=&bcsync=&bcchecksum=&code=&bdToken=&realnameswitch=&setpwdswitch=&bctime=&bdstoken=&authsid=&jumpset=&appealurl=&accounts="
- After a few seconds, user got an error in the original tab. The error is "登录超时,请稍后再试" (Sign in timeout, please try again later). Please see attachments "hao123_Firefox_FPI_1" and "hao123_Firefox_FPI_2"
Reproduction Rate: 10/10
Other test results:
- Firefox without FPI: User can sign in to hao123.com. Please see the attachment "hao123_Firefox_Default"
- Tor browser: User cannot sign in to hao123.com. The error is "开启Cookie之后才能登录" (You'll need to turn cookie on ). But it does not new a tab. Please see the attachment "hao123_Tor"
Firefox version: 52.0a1 (2016-11-07) (64-bit)
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Comment 2•8 years ago
|
||
Reporter | ||
Comment 3•8 years ago
|
||
Comment 4•8 years ago
|
||
I have tested this with the patch in the bug 1313627. After applying the patch, the browser can login hao123.com successfully.
Reporter | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•