Closed Bug 1322001 Opened 8 years ago Closed 5 years ago

Viewing a video on Facebook requires login in Firefox for Android, but not in Chrome

Categories

(Web Compatibility :: Site Reports, defect, P1)

Product:
Web Compatibility
Component:
Site Reports
Platform:
Other
Android
Type:
defect

Tracking

(platform-rel -)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
platform-rel --- -

People

(Reporter: valentin, Assigned: karlcow)

References

(
URL
)

Details

(Keywords: webcompat:site-wait, Whiteboard: [mobile-compat-form][platform-rel-Facebook][sitewait])

Site: https://www.facebook.com/sarielpl/videos/10155531506028696/ Viewing a video on Facebook requires login in Firefox for Android, but not in Chrome :: Steps To Reproduce Go to: https://www.facebook.com/sarielpl/videos/10155531506028696/ Click on the video. :: Expected Result Video should Play :: Actual Result Page gets redirected to login page. :: Additional Information Software Version: 51.0b5/any Device Information: Sony Xperia Z3 compact Reporter's User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
I seem to have no problem watching the video on Desktop, or on Mobile if I select <Request desktop page>, or on Chrome on Android. I think we need to reach out to Facebook. This seems like an artificial hop one needs to go through in order to perform a common task - and requiring a login poses a privacy concern to our users.
platform-rel: --- → ?
Whiteboard: [mobile-compat-form] → [mobile-compat-form][platform-rel-Facebook]
platform-rel: ? → +
Whiteboard: [mobile-compat-form][platform-rel-Facebook] → [mobile-compat-form][platform-rel-Facebook][needsdiagnosis]
Karl, can you investigate the extra login/auth requirement for Fennec?
Flags: needinfo?(kdubost)
Rank: 11
Accessing the page https://www.facebook.com/sarielpl/videos/10155531506028696/ redirects the user to https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr HTTP/2.0 302 Found Location: https://m.facebook.com/sarielpl/videos/10155531506028696/ Content-Type: text/html x-fb-debug: zIabdpyRVT0/u+fTQRf2oo7Jeq5gNQbtM7fpcr6Pg8I3KyxAUwL+8mWeR7Qh1qRHW+npn3HIUkkME9COWzYlEQ== Content-Length: 0 Date: Mon, 19 Dec 2016 23:10:59 GMT X-Firefox-Spdy: h2 then HTTP/2.0 302 Found p3p: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Location: https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr Content-Security-Policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com; x-frame-options: DENY x-xss-protection: 0 Cache-Control: private, no-cache, no-store, must-revalidate access-control-allow-credentials: true Content-Type: text/html; charset=utf-8 X-Content-Type-Options: nosniff Pragma: no-cache Vary: Origin Access-Control-Allow-Origin: https://m.facebook.com access-control-expose-headers: X-FB-Debug, X-Loader-Length access-control-allow-method: OPTIONS Expires: Sat, 01 Jan 2000 00:00:00 GMT Strict-Transport-Security: max-age=15552000; preload Set-Cookie: datr=B2lYWCW4w5qAUkcLQbYcfBUn; expires=Wed, 19-Dec-2018 23:11:03 GMT; Max-Age=63072000; path=/; domain=.facebook.com; httponly reg_fb_ref=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F; path=/; domain=.facebook.com; httponly reg_fb_gate=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F; path=/; domain=.facebook.com; httponly fr=0M4r70jXeBUOPJ6yG..BYAHr2.h_.AAA.0.0.BYWGkH.AWXRXQmZ; expires=Sun, 19-Mar-2017 23:11:03 GMT; Max-Age=7776000; path=/; domain=.facebook.com; httponly x-fb-debug: ia+88o77JzHNYLFcuxtahaxOm1Zu1ZkPYjXjfOooTU6mArc03M8MxErl8rCLY8rXs0gby2t03LNdRtPHwrOeQA== Content-Length: 0 Date: Mon, 19 Dec 2016 23:11:03 GMT X-Firefox-Spdy: h2 Once we click, the video a NEW TAB is being opened asking for login. https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fvideo_redirect%2F%3Fsrc%3Dhttps%253A%252F%252Fvideo-nrt1-1.xx.fbcdn.net%252Fv%252Ft42.1790-2%252F15363958_1030068360452382_965075724027297792_n.mp4%253Fefg%253DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%25253D%2526oh%253Dd45f6b2f33f50dad0ea2b265d97f97d3%2526oe%253D585892C9%26source%3Dmisc%26id%3D10155531506028696%26nowarning%3D0%26refid%3D52%26__tn__%3DF&refsrc=https%3A%2F%2Fm.facebook.com%2Fstory.php&_rdr HTTP/2.0 200 OK p3p: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Content-Security-Policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com; x-frame-options: DENY x-xss-protection: 0 access-control-allow-credentials: true X-Content-Type-Options: nosniff Content-Type: text/html; charset=utf-8 Pragma: no-cache Access-Control-Allow-Origin: https://m.facebook.com access-control-expose-headers: X-FB-Debug, X-Loader-Length access-control-allow-method: OPTIONS Expires: Sat, 01 Jan 2000 00:00:00 GMT Strict-Transport-Security: max-age=15552000; preload Cache-Control: private, no-cache, no-store, must-revalidate Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1482189208; path=/; domain=.facebook.com fr=0M4r70jXeBUOPJ6yG..BYAHr2.h_.AAA.0.0.BYWGmZ.AWVGFlJJ; expires=Sun, 19-Mar-2017 23:13:29 GMT; Max-Age=7776000; path=/; domain=.facebook.com; httponly m_ts=1482189209; path=/; domain=.facebook.com Vary: Origin, Accept-Encoding Content-Encoding: br x-fb-debug: D8OCfkxxwxzK4iJv523Pksjq5ufexcVj1SK7GGCH0jZBuHXHv0KpRB56gnw/8HMbhJAzmSRuRaAQpA0ntwVSWA== Date: Mon, 19 Dec 2016 23:13:29 GMT X-Firefox-Spdy: h2 Let's fake Chrome UA on Fennec and access https://www.facebook.com/sarielpl/videos/10155531506028696/ redirected to https://m.facebook.com/story.php?story_fbid=10155531506028696&id=243748243695&refsrc=https%3A%2F%2Fm.facebook.com%2Fsarielpl%2Fvideos%2F10155531506028696%2F&_rdr with the same sequence. but indeed tapping the video starts the video ON GECKO with Fake Chrome UA This is the video markup in Chrome UA/Gecko <div class="widePic"> <div class="_53mw _4gbu" data-store="{ &quot;videoID&quot;:&quot;10155531506028696&quot;, &quot;playerFormat&quot;:&quot;inline&quot;, &quot;playerOrigin&quot;:null, &quot;rootID&quot;:&quot;10155531506028696&quot;, &quot;playerSuborigin&quot;:&quot;misc&quot;, &quot;canUseOffline&quot;:null, &quot;playOnClick&quot;:true, &quot;playInFullScreen&quot;:false, &quot;type&quot;:&quot;video&quot;, &quot;src&quot;:&quot;https:\/\/video-nrt1-1.xx.fbcdn.net\/v\/t42.1790-2\/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0\u00253D&amp;oh=d45f6b2f33f50dad0ea2b265d97f97d3&amp;oe=585892C9&quot;, &quot;width&quot;:401, &quot;height&quot;:225, &quot;trackingNodes&quot;:&quot;F&quot;, &quot;downloadResources&quot;:null, &quot;subtitlesSrc&quot;:null, &quot;spherical&quot;:false, &quot;sphericalParams&quot;:null, &quot;animatedGifVideo&quot;:false, &quot;defaultQuality&quot;:null, &quot;availableQualities&quot;:null}" data-sigil="inlineVideo"> <i class="img _lt3 _4s0y" style="background: url(&quot;https://scontent-nrt1-1.xx.fbcdn.net/v/t15.0-10/cp0/e15/q65/s320x320/15261658_10155531510958696_2118466909077766144_n.jpg?oh=747dd1aa3625d2fa88829946c97a657e&amp;oe=58E67C3F&quot;) no-repeat center; background-size:auto 100%; -webkit-background-size:auto 100%; padding-bottom:56.27%;" data-sigil="playInlineVideo"> </i> <div class="_1o0y" data-sigil="m-video-play-button playInlineVideo"> <span style="display:block; height:0; overflow:hidden; position:absolute; width:0; padding:0">Play Video</span> <span class="mfsl fcw"></span> </div> <div class="_5nbg"> <span class="img _55ym _55yq _55yp" role="progressbar" aria-valuetext="Loading..." aria-valuemin="0" aria-valuemax="100" aria-busy="1"> </span> </div> </div> </div> AND this is the markup received by Firefox Android <div class="widePic"> <a class="_4gbu" data-store="{ &quot;videoID&quot;:&quot;10155531506028696&quot;, &quot;playerFormat&quot;:&quot;inline&quot;, &quot;playerOrigin&quot;:null, &quot;rootID&quot;:&quot;10155531506028696&quot;, &quot;playerSuborigin&quot;:&quot;misc&quot;}" href="/video_redirect/?src=https%3A%2F%2Fvideo-nrt1-1.xx.fbcdn.net%2Fv%2Ft42.1790-2%2F15363958_1030068360452382_965075724027297792_n.mp4%3Fefg%3DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%253D%26oh%3Dd45f6b2f33f50dad0ea2b265d97f97d3%26oe%3D585892C9&amp;source=misc&amp;id=10155531506028696&amp;nowarning=0&amp;refid=52&amp;__tn__=F" aria-label="Watch video" target="_blank" data-gt="{&quot;tn&quot;:&quot;F&quot;}"> <div class="_53mw"> <i class="img _lt3 _4s0y" style="background: url(&quot;https://scontent-nrt1-1.xx.fbcdn.net/v/t15.0-10/cp0/e15/q65/s320x320/15261658_10155531510958696_2118466909077766144_n.jpg?oh=747dd1aa3625d2fa88829946c97a657e&amp;oe=58E67C3F&quot;) no-repeat center; background-size:auto 100%; -webkit-background-size:auto 100%; padding-bottom:56.27%;"></i> <div class="_1o0y" data-sigil="m-video-play-button"> <span style="display:block; height:0; overflow:hidden; position:absolute; width:0; padding:0">Play Video</span> <span class="mfsl fcw"></span> </div> </div> </a> </div> Slight differences in terms of data for video controls. Specifically Firefox Android receives an anchor element with this link: /video_redirect/?src=https%3A%2F%2Fvideo-nrt1-1.xx.fbcdn.net%2Fv%2Ft42.1790-2%2F15363958_1030068360452382_965075724027297792_n.mp4%3Fefg%3DeyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%253D%26oh%3Dd45f6b2f33f50dad0ea2b265d97f97d3%26oe%3D585892C9&amp;source=misc&amp;id=10155531506028696&amp;nowarning=0&amp;refid=52&amp;__tn__=F While Chrome UA receives a JSON data structure with https:\/\/video-nrt1-1.xx.fbcdn.net\/v\/t42.1790-2\/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0\u00253D&amp;oh=d45f6b2f33f50dad0ea2b265d97f97d3&amp;oe=585892C9 I wonder if the video_redirect pages requires the login Yeah that's it. On Firefox if I enter https://video-nrt1-1.xx.fbcdn.net/v/t42.1790-2/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9&amp;source=misc&amp;id=10155531506028696&amp;nowarning=0&amp;refid=52&amp;__tn__=F I get the video working directly but if I request https://m.facebook.com/video_redirect/?src=https://video-nrt1-1.xx.fbcdn.net/v/t42.1790-2/15363958_1030068360452382_965075724027297792_n.mp4?efg=eyJybHIiOjMwMCwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&oh=d45f6b2f33f50dad0ea2b265d97f97d3&oe=585892C9&amp;source=misc&amp;id=10155531506028696&amp;nowarning=0&amp;refid=52&amp;__tn__=F I get the login window. so server side markup with different user experience. Switching to contactready. I will mention it on the facebook partner mailing list.
Assignee: nobody → kdubost
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kdubost)
Whiteboard: [mobile-compat-form][platform-rel-Facebook][needsdiagnosis] → [mobile-compat-form][platform-rel-Facebook][contactready]
I contacted Facebook through the partner mailing-list.
Status: NEW → ASSIGNED
Whiteboard: [mobile-compat-form][platform-rel-Facebook][contactready] → [mobile-compat-form][platform-rel-Facebook][sitewait]
ni? self to test if this still repros.
Flags: needinfo?(miket)
login still required as of today on Firefox. and not required with a chrome Android UA.
Flags: needinfo?(miket)
Thanks Karl, I just re-pinged the discussion on the mailing list.
platform-rel: + → -
Facebook video embeded on page https://www.respekt.cz/spolecnost/az-bude-auto-jako-jizda-na-koni-a-pevna-linka has the same bug even with the *<Request desktop page>* option. So mobile Firefox can not be used at all. It happenes to me quite often on many pages and it is very cumbersome. This is just an example.
Still an issue. I guess we can re-ping the thread...
Priority: -- → P1
response from thread: > This is happens because that page renders in Mbasic mode which is basically HTML&CSS without any javascript. I'll create an issue to investigate why that happens because the rest of the m.facebook.com is rendered in Mtouch mode - with JS&bells&whistles. Still an issue tho.
Note: this plays on Nightly, because we're spoofing as Chrome there for now. ni? myself to ping the other spoofing thread.
Flags: needinfo?(miket)
Done.
Flags: needinfo?(miket)
Product: Tech Evangelism → Web Compatibility

See bug 1547409. Moving webcompat whiteboard tags to keywords.

Keywords: webcompat:site-wait

According to our Facebook contacts, this has been fixed on their side. Let's please verify and close this bug if appropriate.

Fantastic. I just verified on Fenix Preview and Firefox for Android that this is working without being logged in. Thanks for the update, stpeter!

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

(In reply to Peter Saint-Andre [:stpeter] from comment #16)

According to our Facebook contacts, this has been fixed on their side. Let's please verify and close this bug if appropriate.

This is fantastic! Thanks a lot!

Status: RESOLVED → VERIFIED
Component: Mobile → Site Reports
You need to log in before you can comment on or make changes to this bug.