Closed Bug 1317231 Opened 7 years ago Closed 7 years ago

[FirstPartyIsolation] Failed to sign in to the 360.com

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: cynthiatang, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor][domsecurity-active]) 

Preference setting:
 1. privacy.firstparty.isolate;true
 2. network.predictor.enable-prefetch;false
 3. network.predictor.enabled;false

Step:
 1. Launch Firefox browser
 2. Go to 360.com
 3. Click on "登录" (Sign in)
 4. Sign in using an existing ID and password

Actual result:
 - User cannot login to 360.com
 - Firefox with firstPartyIsolation: https://youtu.be/PQVX9hJCO2Q
 - Firefox without firstPartyIsolation: https://youtu.be/X3KGbNn0tHw


Firefox version: 52.0a1 (2016-11-11) (64-bit)
The login process of 360.com is based on the third party cookies, which means it will redirect to another first party to get the login session cookie. So the 360.com will not acquire the login session cookie since it belongs to another first party.

Therefore, this behavior is correct under the fact that the first party isolation is turned on. In addition, the tor browser shows the same behavior.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.