Closed
Bug 1322001
Opened 8 years ago
Closed 5 years ago
Viewing a video on Facebook requires login in Firefox for Android, but not in Chrome
Categories
(Web Compatibility :: Site Reports, defect, P1)
Tracking
(platform-rel -)
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
platform-rel | --- | - |
People
(Reporter: valentin, Assigned: karlcow)
References
()
Details
(Keywords: webcompat:site-wait, Whiteboard: [mobile-compat-form][platform-rel-Facebook][sitewait])
Site: https://www.facebook.com/sarielpl/videos/10155531506028696/
Viewing a video on Facebook requires login in Firefox for Android, but not in Chrome
:: Steps To Reproduce
Go to:
https://www.facebook.com/sarielpl/videos/10155531506028696/
Click on the video.
:: Expected Result
Video should Play
:: Actual Result
Page gets redirected to login page.
:: Additional Information
Software Version: 51.0b5/any
Device Information: Sony Xperia Z3 compact
Reporter's User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Reporter | ||
Comment 1•8 years ago
|
||
I seem to have no problem watching the video on Desktop, or on Mobile if I select <Request desktop page>, or on Chrome on Android.
I think we need to reach out to Facebook. This seems like an artificial hop one needs to go through in order to perform a common task - and requiring a login poses a privacy concern to our users.
Updated•8 years ago
|
platform-rel: --- → ?
Whiteboard: [mobile-compat-form] → [mobile-compat-form][platform-rel-Facebook]
Updated•8 years ago
|
platform-rel: ? → +
Updated•8 years ago
|
Whiteboard: [mobile-compat-form][platform-rel-Facebook] → [mobile-compat-form][platform-rel-Facebook][needsdiagnosis]
Comment 2•8 years ago
|
||
Karl, can you investigate the extra login/auth requirement for Fennec?
Flags: needinfo?(kdubost)
Updated•8 years ago
|
Rank: 11
Assignee | ||
Comment 3•8 years ago
|
||
Accessing the page
https://www.facebook.com/sarielpl/videos/10155531506028696/
redirects the user to
https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr
HTTP/2.0 302 Found
Location: https://m.facebook.com/sarielpl/videos/10155531506028696/
Content-Type: text/html
x-fb-debug: zIabdpyRVT0/u+fTQRf2oo7Jeq5gNQbtM7fpcr6Pg8I3KyxAUwL+8mWeR7Qh1qRHW+npn3HIUkkME9COWzYlEQ==
Content-Length: 0
Date: Mon, 19 Dec 2016 23:10:59 GMT
X-Firefox-Spdy: h2
then
HTTP/2.0 302 Found
p3p: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Location: https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr
Content-Security-Policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
x-frame-options: DENY
x-xss-protection: 0
Cache-Control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: https://m.facebook.com
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-method: OPTIONS
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Strict-Transport-Security: max-age=15552000; preload
Set-Cookie: datr=B2lYWCW4w5qAUkcLQbYcfBUn; expires=Wed, 19-Dec-2018 23:11:03 GMT; Max-Age=63072000; path=/; domain=.facebook.com; httponly
reg_fb_ref=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F; path=/; domain=.facebook.com; httponly
reg_fb_gate=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F; path=/; domain=.facebook.com; httponly
fr=0M4r70jXeBUOPJ6yG..BYAHr2.h_.AAA.0.0.BYWGkH.AWXRXQmZ; expires=Sun, 19-Mar-2017 23:11:03 GMT; Max-Age=7776000; path=/; domain=.facebook.com; httponly
x-fb-debug: ia+88o77JzHNYLFcuxtahaxOm1Zu1ZkPYjXjfOooTU6mArc03M8MxErl8rCLY8rXs0gby2t03LNdRtPHwrOeQA==
Content-Length: 0
Date: Mon, 19 Dec 2016 23:11:03 GMT
X-Firefox-Spdy: h2
Once we click, the video a NEW TAB is being opened asking for login.
https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fvideo_redirect%2F%3Fsrc%3Dhttps%253A%252F%252Fvideo-nrt1-1.xx.fbcdn.net%252Fv%252Ft42.1790-2%252F15363958_1030068360452382_965075724027297792_n.mp4%253Fefg%253DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%25253D%2526oh%253Dd45f6b2f33f50dad0ea2b265d97f97d3%2526oe%253D585892C9%26source%3Dmisc%26id%3D10155531506028696%26nowarning%3D0%26refid%3D52%26__tn__%3DF&refsrc=https%3A%2F%2Fm.facebook.com%2Fstory.php&_rdr
HTTP/2.0 200 OK
p3p: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Content-Security-Policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
x-frame-options: DENY
x-xss-protection: 0
access-control-allow-credentials: true
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Access-Control-Allow-Origin: https://m.facebook.com
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-method: OPTIONS
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Strict-Transport-Security: max-age=15552000; preload
Cache-Control: private, no-cache, no-store, must-revalidate
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1482189208; path=/; domain=.facebook.com
fr=0M4r70jXeBUOPJ6yG..BYAHr2.h_.AAA.0.0.BYWGmZ.AWVGFlJJ; expires=Sun, 19-Mar-2017 23:13:29 GMT; Max-Age=7776000; path=/; domain=.facebook.com; httponly
m_ts=1482189209; path=/; domain=.facebook.com
Vary: Origin, Accept-Encoding
Content-Encoding: br
x-fb-debug: D8OCfkxxwxzK4iJv523Pksjq5ufexcVj1SK7GGCH0jZBuHXHv0KpRB56gnw/8HMbhJAzmSRuRaAQpA0ntwVSWA==
Date: Mon, 19 Dec 2016 23:13:29 GMT
X-Firefox-Spdy: h2
Let's fake Chrome UA on Fennec and access
https://www.facebook.com/sarielpl/videos/10155531506028696/
redirected to https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr
with the same sequence.
but indeed tapping the video starts the video ON GECKO with Fake Chrome UA
This is the video markup in Chrome UA/Gecko
<div class="widePic">
<div class="_53mw _4gbu"
data-store="{
"videoID":"10155531506028696",
"playerFormat":"inline",
"playerOrigin":null,
"rootID":"10155531506028696",
"playerSuborigin":"misc",
"canUseOffline":null,
"playOnClick":true,
"playInFullScreen":false,
"type":"video",
"src":"https:\/\/video-nrt1-1.xx.fbcdn.net\/v\/t42.1790-2\/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0\u00253D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9",
"width":401,
"height":225,
"trackingNodes":"F",
"downloadResources":null,
"subtitlesSrc":null,
"spherical":false,
"sphericalParams":null,
"animatedGifVideo":false,
"defaultQuality":null,
"availableQualities":null}"
data-sigil="inlineVideo">
<i class="img _lt3 _4s0y"
style="background: url("https://scontent-nrt1-1.xx.fbcdn.net/v/t15.0-10/cp0/e15/q65/s320x320/15261658_10155531510958696_2118466909077766144_n.jpg?oh=747dd1aa3625d2fa88829946c97a657e&oe=58E67C3F") no-repeat center;
background-size:auto 100%;
-webkit-background-size:auto 100%;
padding-bottom:56.27%;"
data-sigil="playInlineVideo">
</i>
<div class="_1o0y" data-sigil="m-video-play-button playInlineVideo">
<span style="display:block;
height:0;
overflow:hidden;
position:absolute;
width:0;
padding:0">Play Video</span>
<span class="mfsl fcw"></span>
</div>
<div class="_5nbg">
<span class="img _55ym _55yq _55yp"
role="progressbar"
aria-valuetext="Loading..."
aria-valuemin="0"
aria-valuemax="100"
aria-busy="1">
</span>
</div>
</div>
</div>
AND this is the markup received by Firefox Android
<div class="widePic">
<a class="_4gbu"
data-store="{
"videoID":"10155531506028696",
"playerFormat":"inline",
"playerOrigin":null,
"rootID":"10155531506028696",
"playerSuborigin":"misc"}"
href="/video_redirect/?src=https%3A%2F%2Fvideo-nrt1-1.xx.fbcdn.net%2Fv%2Ft42.1790-2%2F15363958_1030068360452382_965075724027297792_n.mp4%3Fefg%3DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%253D%26oh%3Dd45f6b2f33f50dad0ea2b265d97f97d3%26oe%3D585892C9&source=misc&id=10155531506028696&nowarning=0&refid=52&__tn__=F"
aria-label="Watch video"
target="_blank"
data-gt="{"tn":"F"}">
<div class="_53mw">
<i class="img _lt3 _4s0y"
style="background: url("https://scontent-nrt1-1.xx.fbcdn.net/v/t15.0-10/cp0/e15/q65/s320x320/15261658_10155531510958696_2118466909077766144_n.jpg?oh=747dd1aa3625d2fa88829946c97a657e&oe=58E67C3F") no-repeat center;
background-size:auto 100%;
-webkit-background-size:auto 100%;
padding-bottom:56.27%;"></i>
<div class="_1o0y"
data-sigil="m-video-play-button">
<span style="display:block;
height:0;
overflow:hidden;
position:absolute;
width:0;
padding:0">Play Video</span>
<span class="mfsl fcw"></span>
</div>
</div>
</a>
</div>
Slight differences in terms of data for video controls.
Specifically Firefox Android receives an anchor element with this link:
/video_redirect/?src=https%3A%2F%2Fvideo-nrt1-1.xx.fbcdn.net%2Fv%2Ft42.1790-2%2F15363958_1030068360452382_965075724027297792_n.mp4%3Fefg%3DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%253D%26oh%3Dd45f6b2f33f50dad0ea2b265d97f97d3%26oe%3D585892C9&source=misc&id=10155531506028696&nowarning=0&refid=52&__tn__=F
While Chrome UA receives a JSON data structure with
https:\/\/video-nrt1-1.xx.fbcdn.net\/v\/t42.1790-2\/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0\u00253D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9
I wonder if the video_redirect pages requires the login
Yeah that's it. On Firefox if I enter
https://video-nrt1-1.xx.fbcdn.net/v/t42.1790-2/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9&source=misc&id=10155531506028696&nowarning=0&refid=52&__tn__=F
I get the video working directly but if I request
https://m.facebook.com/video_redirect/?src=https://video-nrt1-1.xx.fbcdn.net/v/t42.1790-2/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9&source=misc&id=10155531506028696&nowarning=0&refid=52&__tn__=F
I get the login window.
so server side markup with different user experience.
Switching to contactready.
I will mention it on the facebook partner mailing list.
Assignee: nobody → kdubost
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kdubost)
Whiteboard: [mobile-compat-form][platform-rel-Facebook][needsdiagnosis] → [mobile-compat-form][platform-rel-Facebook][contactready]
Assignee | ||
Comment 4•8 years ago
|
||
contact email |
I contacted Facebook through the partner mailing-list.
Status: NEW → ASSIGNED
Whiteboard: [mobile-compat-form][platform-rel-Facebook][contactready] → [mobile-compat-form][platform-rel-Facebook][sitewait]
Assignee | ||
Comment 6•8 years ago
|
||
login still required as of today on Firefox.
and not required with a chrome Android UA.
Flags: needinfo?(miket)
Comment 7•8 years ago
|
||
Thanks Karl, I just re-pinged the discussion on the mailing list.
Updated•8 years ago
|
platform-rel: + → -
Facebook video embeded on page
https://www.respekt.cz/spolecnost/az-bude-auto-jako-jizda-na-koni-a-pevna-linka
has the same bug even with the *<Request desktop page>* option. So mobile Firefox can not be used at all. It happenes to me quite often on many pages and it is very cumbersome. This is just an example.
Comment 11•6 years ago
|
||
response from thread:
> This is happens because that page renders in Mbasic mode which is basically HTML&CSS without any javascript. I'll create an issue to investigate why that happens because the rest of the m.facebook.com is rendered in Mtouch mode - with JS&bells&whistles.
Still an issue tho.
Comment 12•6 years ago
|
||
Note: this plays on Nightly, because we're spoofing as Chrome there for now. ni? myself to ping the other spoofing thread.
Flags: needinfo?(miket)
Assignee | ||
Updated•6 years ago
|
See Also: → https://webcompat.com/issues/25926
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
Comment 14•6 years ago
|
||
See bug 1547409. Moving webcompat whiteboard tags to keywords.
Keywords: webcompat:site-wait
Assignee | ||
Updated•6 years ago
|
See Also: → https://webcompat.com/issues/29885
Updated•5 years ago
|
Comment 16•5 years ago
|
||
According to our Facebook contacts, this has been fixed on their side. Let's please verify and close this bug if appropriate.
Comment 17•5 years ago
|
||
Fantastic. I just verified on Fenix Preview and Firefox for Android that this is working without being logged in. Thanks for the update, stpeter!
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 18•5 years ago
|
||
(In reply to Peter Saint-Andre [:stpeter] from comment #16)
According to our Facebook contacts, this has been fixed on their side. Let's please verify and close this bug if appropriate.
This is fantastic! Thanks a lot!
Status: RESOLVED → VERIFIED
Updated•7 months ago
|
Component: Mobile → Site Reports
You need to log in
before you can comment on or make changes to this bug.
Description
•