Open
Bug 1336458
Opened 8 years ago
Updated 2 years ago
[FirstPartyIsolation] Unable to login using Facebook on As.com
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox51 | --- | unaffected |
firefox52 | --- | unaffected |
firefox53 | --- | unaffected |
firefox54 | --- | affected |
People
(Reporter: bmaris, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor][domsecurity-backlog2][dfpi-ok])
Comment hidden (obsolete) |
Reporter | ||
Comment 1•8 years ago
|
||
[Affected versions]:
- Firefox 52 beta 2
- latest Dev Edition 53.0a2
- latest Nightly 54.0a1
[Affected platforms]:
- macOS 10.12.2
- Ubuntu 16.04 32-bit
- Windows 10 64-bit
[Steps to reproduce]:
1. Visit As.com and login using Facebook
[Expected result]:
- Login is successful.
[Actual result]:
- User was not successfully logged in with Facebook account.
[Regression range]:
- This is not a regression.
Blocks: FirstPartyIsolationQA
status-firefox51:
--- → unaffected
status-firefox52:
--- → affected
status-firefox53:
--- → affected
Depends on: 1319773
Whiteboard: [tor]
Updated•8 years ago
|
Priority: -- → P2
Whiteboard: [tor] → [tor][domsecurity-backlog2]
Updated•8 years ago
|
Priority: P2 → P3
Reporter | ||
Comment 2•8 years ago
|
||
With pref 'privacy.firstparty.isolate.restrict_opener_access' set to 'false' this is still reproducible. After entering facebook credentials and hitting login, as.com login webpage refreshes and does not login. Using Tor browser, the user is successfully logged in to As.com after entering Facebook credentials.
Removing tracking status for 52 and 53 since this does not affect normal users.
Comment 3•8 years ago
|
||
This website can log in successfully when I disabled third party cookies. So, I believe that the login mechanism of 'as.com' is depending on third party cookies. And when we disable third party cookies, it will detect it and use a different way other than third party cookies to log in.
Updated•5 years ago
|
Whiteboard: [tor][domsecurity-backlog2] → [tor][domsecurity-backlog2][dfpi-ok]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.