Open
Bug 1340895
Opened 8 years ago
Updated 3 years ago
"SecurityError: The operation is unsecure" when loading fido.ca login page
Categories
(Core :: Layout: Form Controls, defect)
Tracking
()
UNCONFIRMED
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | affected |
People
(Reporter: mcote, Unassigned)
References
()
Details
Attachments
(2 files, 1 obsolete file)
Broken login page
When trying to log into fido.ca (a popular Canadian cell-phone service provider), the main page content fails to load. The web console shows the following:
SecurityError: The operation is insecure. server.html:13
keys https://rogers-fido.janrainsso.com/static/server.html:13:515
G https://rogers-fido.janrainsso.com/static/server.html:10:121
v https://rogers-fido.janrainsso.com/static/server.html:9:215
I see a number of other bugs filed about SecurityErrors, but this page loads fine in the current Firefox release so it seems like a regression.
These are the other messages in the console, aside from Tracking Protection blocks:
SSO (Sun, 19 Feb 2017 17:04:21 GMT): checking for session sso.js:5:451
Setting up event listener 1 remote server.html:10:467
<SecurityError above>
check login not successful capture:login:324:333
Navigated to https://www.fido.ca/pages/#/login?m=login
I disabled Tracking Protection in case it was interfering, but the result is the same.
|
Reporter | |
Comment 1•8 years ago
|
||
Hm, actually on this machine I'm also getting the error in version 51.0.1. It did load fine on that version on another machine, though. The only add-ons I have are the follows:
Min Vid
Page Shot
Tab Center
Test Pilot
Activity Stream (disabled)
WFM in 54.0a1 (2017-02-20) (32-bit), and with these add-ons.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Does it work in safe mode?
https://support.mozilla.org/t5/Procedures-to-diagnose-and-fix/Troubleshoot-Firefox-issues-using-Safe-Mode/ta-p/1687
With a fresh profile?
https://support.mozilla.org/t5/Install-and-Update/Use-the-Profile-Manager-to-create-and-remove-Firefox-profiles/ta-p/2914
Flags: needinfo?(mcote)
|
|
Reporter | |
Comment 4•8 years ago
|
||
Does not work in safe mode.
Does work with a fresh profile.
Flags: needinfo?(mcote)
|
||
Comment 5•8 years ago
|
||
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0
I have tested your issue on latest Firefox release v51.0.1 and latest Nightly (Build ID: 20170221030205) and could not reproduce it. I have installed all add-ons from comment 1 and tried to login into fido.ca account. The logins was successfully made. I've tried on Chrome and also there were the Security errors but login was successfully made.
capture:login:324:333 - was displayed in the browser console when the username or password were wrong.
Can you please clear Cookies and Cache and retry? Also, please add a screenshot/video of how the website looks when it is not working compared to when all works ok.
Flags: needinfo?(mcote)
|
|
Reporter | |
Comment 6•8 years ago
|
||
Cleared cookies and cache, issue persists. I'll upload screenshots now.
Flags: needinfo?(mcote)
|
|
Reporter | |
Comment 7•8 years ago
|
||
|
|
Reporter | |
Comment 8•8 years ago
|
||
|
||
Comment 10•8 years ago
|
||
(with the broken profile ofc)
|
|
||
Comment 11•8 years ago
|
||
@Mark, thank you for the screenshots. It would be best to see also the URL in the screenshot because from what I can see fido.co has 2 URLs that point to login.
1. From Homepage http://www.fido.ca/ -> click on "Login/Register" button -> the user is redirected to https://www.fido.ca/pages/#/login?m=login and there is displayed the Login/Register form. For me all elements are loaded and there are no issues. (Screenshot from comment 8)
2. After the user has made a successful login -> click on "Logout" button. After this action, the user is redirected to https://www.fido.ca/pages/#/login and the login form is still displayed. If the URL is copied and pasted into a new tab, there will be no login form as in the picture from comment 7 .
Tried with Firefox latest release, latest Nightly, latest Beta and latest Dev edition with the add-ons from comment 1 and the only way to reach the state from comment 7 is the second scenario described in this comment. www.fido.ca loads without issues for me.
What OS are you using? Are there any other custom settings made to fido.ca profile, like language or region? Changes made to the browser prefs? Are you using other add-ons than the ones mentioned in comment 1 ?
Flags: needinfo?(mcote)
|
|
Reporter | |
Comment 12•8 years ago
|
||
(In reply to Loic from comment #9)
> Mark, could you type about:support and copy all the add-ons table.
Extensions
Name Version Enabled ID
Application Update Service Helper 2.0 true aushelper@mozilla.org
FlyWeb 1.0.0 true flyweb@mozilla.org
Form Autofill 1.0 true formautofill@mozilla.org
Min Vid 0.3.4 true @min-vid
Multi-process staged rollout 1.9 true e10srollout@mozilla.org
Page Shot 5.2.201701261751 true jid1-NeEaf3sAHdKHPA@jetpack
Pocket 1.0.5 true firefox@getpocket.com
Presentation 1.0.0 true presentation@mozilla.org
Shield Recipe Client 1.0.0 true shield-recipe-client@mozilla.org
Tab Center 1.29.0 true tabcentertest1@mozilla.com
Test Pilot 1.1.1-dev-8b67799 true @testpilot-addon
Web Compat 1.1 true webcompat@mozilla.org
WebCompat Reporter 1.0.0 true webcompat-reporter@mozilla.org
Activity Stream 1.4.1 false @activity-streams
|
|
Reporter | |
Comment 13•8 years ago
|
||
Here's the broken login page, with URL bar. The URL is the same as in your point #1.
> What OS are you using? Are there any other custom settings made to fido.ca
> profile, like language or region? Changes made to the browser prefs? Are you
> using other add-ons than the ones mentioned in comment 1 ?
macOS 10.12.3. No custom settings for fido.ca. This is an older profile so I've made some changes to preferences (including some directly at about:config), but I wouldn't be able to tell you which might be interfering. No other add-ons installed.
Attachment #8840560 -
Attachment is obsolete: true
Flags: needinfo?(mcote)
|
|
||
Comment 14•8 years ago
|
||
I suspect it's an issue with HSTS priming. With the issue on FF51, what's the value of security.mixed_content.send_hsts_priming in about:config?
If it's true, can you set to false and restart Firefox to test again.
|
|
Reporter | |
Comment 15•8 years ago
|
||
It was set to true, but setting it to false had no effect after restarting (issue persists).
|
|
||
Comment 16•8 years ago
|
||
In comment 13 I can see Tracking Protection icon in the URL bar but in comment 12
Component: Untriaged → Layout: Form Controls
Product: Firefox → Core
|
|
||
Comment 17•8 years ago
|
||
Tracking Protection is not listed. In Nightly I've enabled Tracking Protection from about:preferences#privacy, flash player was set to ask to activate but I couldn't repro the issue. I think that this issue is related to some custom changes from about:config. When running the profile in safe mode the add-ons are disabled but custom changes are kept. With the new profile all setting are set to default.
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•