Closed Bug 1387430 Opened 8 years ago Closed 8 years ago

auth0 SSO stops working inside containers sometimes

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
57 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox57 --- affected

People

(Reporter: bhearsum, Unassigned)

References

(Blocks 1 open bug)

Details

I've started using container tabs heavily. I've got about 15 containers, and I log into various Mozilla sites in most of them. In some of them, I can no longer get through the Auth0 process. After entering my username and password I get redirected to the Duo prompt, but nothing is shown: https://screenshots.firefox.com/AO9Lwlrrug1e6pmW/mozilla.okta.com Around the same time, I have errors like this in the Browser Console: Attempt to set a forbidden header was denied: Connection 2551543060-bc_manager_core.js:78:107 Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. ExtensionCommon.jsm:304 withLastError resource://gre/modules/ExtensionCommon.jsm:304:9 wrapPromise/< resource://gre/modules/ExtensionCommon.jsm:357:11 Invalid chrome URI: / Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. ExtensionCommon.jsm:304 withLastError resource://gre/modules/ExtensionCommon.jsm:304:9 wrapPromise/< resource://gre/modules/ExtensionCommon.jsm:357:11 Invalid chrome URI: /Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. ExtensionCommon.jsm:304 withLastError resource://gre/modules/ExtensionCommon.jsm:304:9 wrapPromise/< Sometimes I also get: Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. ExtensionCommon.jsm:304 withLastError resource://gre/modules/ExtensionCommon.jsm:304:9 wrapPromise/< resource://gre/modules/ExtensionCommon.jsm:357:11 waitForSyncCallback resource://services-common/async.js:97:5 makeSpinningCallback/callback.wait resource://services-common/async.js:166:27 promiseSpinningly resource://services-common/async.js:232:12 get changedIDs resource://services-sync/engines.js:99:5 _saveChangedID resource://services-sync/engines.js:140:5 addChangedID resource://services-sync/engines.js:161:7 onVisit (I'm guessing that the second one is unrelated and just happens to be a sync error that sometimes happens around the same time - I just want to include it for completeness.)
This needs triage. Jonathan, do you have suggestions? Some generic attempt: Ben, is this with Nightly without the test pilot add-on, or with the add-on, or something else? If not using an add-on, does it work in safe mode?
Component: Tabbed Browser → Untriaged
Flags: needinfo?(jkt)
Flags: needinfo?(bhearsum)
I don't have any immediate suggestions over what was suggested by :gijs. Given this looks like it is triggering in extension code trying it in just Nightly mode in safe mode is worth trying. Are the containers you can get through the original 4, is there some correlation there perhaps? Does this consistently appear in the same containers? If it is consistent maybe try clearing the cookies for a single container: - Go to about:preferences - Search okta - Select cookies for that container (it's pretty manual sorry) I suspect the following error is just from the site itself: > Attempt to set a forbidden header was denied: Connection 2551543060-bc_manager_core.js:78:107
Blocks: ContextualIdentity
Component: Untriaged → Security
Flags: needinfo?(jkt)
(In reply to :Gijs from comment #1) > This needs triage. Jonathan, do you have suggestions? > > Some generic attempt: Ben, is this with Nightly without the test pilot > add-on, or with the add-on, or something else? If not using an add-on, does > it work in safe mode? I do have Test Pilot installed. I removed it, and it made no difference. It looks like it works fine in safe mode. I've also got the following installed: AdBlock 3.4.1 true jid1-NIfFY2CA8fy1tg@jetpack Context Plus 0.3.3 true {bb682c45-3136-4213-bf29-5f5833080bf4} Privacy Badger 2017.7.24 true jid1-MnnxcxisBPnSXQ@jetpack Sea Containers 0.8 true {d975a11d-08cd-4aea-b7c0-989209ad860f} Stylus 1.1.0 true {7a7a4a92-a2a0-41d1-9fd7-1e92480d612d} Tab Groups 2.1.4 true tabgroups@quicksaver I'm trying to remove them one by one to figure out which one is causing the problem, but it's hard to make auth0 require login again! (In reply to Jonathan Kingston [:jkt] from comment #2 > Are the containers you can get through the original 4, is there some > correlation there perhaps? Does this consistently appear in the same > containers? I don't think there's any correlation here - I removed all of the built-in ones and created new ones.
Flags: needinfo?(bhearsum)
Probably not Sea Containers as I have that :D. I reviewed Context Plus too and I can't see it being that either.
Looks like Privacy Badger was causing this. I'm not certain why it only happened in some containers though...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.