jenkins website uses non-trusted submit event on Firefox
Categories
(Web Compatibility :: Site Reports, defect, P3)
Tracking
(Not tracked)
People
(Reporter: stone, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: webcompat:contact-ready, Whiteboard: [contactready])
The jenkins website [1] uses non-trusted submit event on Firefox. It's found when trying to fix bug 1370630, which disable browser form element default actions for non-trusted events. Landing the patch will break jenkins website. Changing UA of Firefox to be the same as Chrome then it works (verified on an internal jenkins server because I don't have access to the public server) Need some helps to contact the website author to fix it. [1] https://jenkins.qa.ubuntu.com/login?from=%2F [2] http://jenkins2.legacyserver.in/
Comment 1•7 years ago
|
||
Adam, can you help get in touch please?
Adam: reaching out to the Jenkins project itself likely won't help as much as finding the owner of the Ubuntu QA Jenkins instance, and reaching out to them, directly. Ming: what's the [2] footnote for? It's not referenced in comment 0.
Reporter | ||
Comment 3•7 years ago
|
||
(In reply to Stephen Donner [:stephend] from comment #2) > Adam: reaching out to the Jenkins project itself likely won't help as much > as finding the owner of the Ubuntu QA Jenkins instance, and reaching out to > them, directly. > > Ming: what's the [2] footnote for? It's not referenced in comment 0. Oops. That's the internal jenkins server which I verified the problem.
Comment 4•7 years ago
|
||
(In reply to Stephen Donner [:stephend] from comment #2) > Adam: reaching out to the Jenkins project itself likely won't help as much > as finding the owner of the Ubuntu QA Jenkins instance, and reaching out to > them, directly. Is that because the Ubuntu QA instance is doing something custom? If vanilla Jenkins ships with the behavior we want to be in touch with both.
Updated•7 years ago
|
(In reply to Mike Taylor [:miketaylr] from comment #4) > (In reply to Stephen Donner [:stephend] from comment #2) > > Adam: reaching out to the Jenkins project itself likely won't help as much > > as finding the owner of the Ubuntu QA Jenkins instance, and reaching out to > > them, directly. > > Is that because the Ubuntu QA instance is doing something custom? If vanilla > Jenkins ships with the behavior we want to be in touch with both. Jenkins is a web application, not a website (just for clarity). Your best bet is to search for and file a JIRA issue here, if you can reproduce in a vanilla install of either/both LTS and Weekly releases: https://issues.jenkins-ci.org
And, sorry, I should've offered: after filing a JIRA issue, please mention it here, and I'll do my best to help shepherd it into the right hands/raise the right visibility (no promised on results, but I know some keys folks, there).
Reporter | ||
Comment 7•6 years ago
|
||
Created https://issues.jenkins-ci.org/browse/WEBSITE-454
Updated•6 years ago
|
Comment 8•6 years ago
|
||
(In reply to Ming-Chou Shih [:stone] from comment #7) > Created https://issues.jenkins-ci.org/browse/WEBSITE-454 That bug was closed as WONTFIX, which doesn't seem very useful. Stone, would you be able to ping that issue and ask where it should be opened instead?
Updated•6 years ago
|
Comment 9•6 years ago
|
||
(In reply to Mike Taylor [:miketaylr] (62 Regression Engineering Owner) from comment #8) > > Created https://issues.jenkins-ci.org/browse/WEBSITE-454 > would you be able to ping that issue and ask where it should be opened instead? I could not reproduce this issue in Weekly releases, but I still could reproduce it in LTS release. I have ping that issue and ask whether we should repoen it.
Updated•6 years ago
|
Comment 11•6 years ago
|
||
(In reply to Edgar Chen [:edgar] from comment #9) > (In reply to Mike Taylor [:miketaylr] (62 Regression Engineering Owner) from > comment #8) > > > Created https://issues.jenkins-ci.org/browse/WEBSITE-454 > > would you be able to ping that issue and ask where it should be opened instead? > > I could not reproduce this issue in Weekly releases, but I still could > reproduce it in LTS release. I have ping that issue and ask whether we > should repoen it. Is it possible to ping the Jenkins again for this? Thank you.
Comment 12•6 years ago
|
||
At least I asked on the JIRA issue again. If we cannot expect a backport of the fix to the current LTS, it would be nice to know when the next major LTS is about to get released.
Comment 13•6 years ago
|
||
Adam, can you help us find a good contact for Jenkins?
Comment 14•6 years ago
|
||
(In reply to Mike Taylor [:miketaylr] (62 Regression Engineering Owner) from comment #13) > Adam, can you help us find a good contact for Jenkins? Please always check the JIRA issue first. We had some further conversation by last week, and as it looks like some more submit forms are affected beside the login page. I have just updated the page after the discussion was stalled in the last 6 days.
Comment 15•6 years ago
|
||
OK, it's not clear to me what the ask is then. Sounds like y'all have this under control?
Comment 16•6 years ago
|
||
A contact who could drive this would still be great.
Comment 17•6 years ago
|
||
Ah, understood. I think I mis-parsed your earlier comment. Adam, can you help us dig up someone from Jenkins?
Comment 18•6 years ago
|
||
Reaching out to Jenkins to hopefully get a contact to help. Apologies for the delay.
Comment 19•6 years ago
|
||
They created a pull request for this: https://github.com/jenkinsci/jenkins/pull/3689 They mention in the PR: "Once the build passes, we should have a .war we can ask our friends at Mozilla to take a crack at testing with us. There is now a built artifact which can be used for testing here: https://ci.jenkins.io/job/Core/job/jenkins/job/PR-3689/2/artifact/org/jenkins-ci/main/jenkins-war/2.147-rc27437.1590be3ff083/jenkins-war-2.147-rc27437.1590be3ff083.war" Henrik, is this something you can help with?
Comment 20•6 years ago
|
||
Sorry, but I don't know what to test. My aim is only to get our patch landed. As such I asked on the Jenkins issue if they could test, and also provided a link to the nightly builds of Firefox which include the patch so that they don't have to build. Adam, it would be good if you could still follow-up on other upcoming questions. Thanks.
Comment 21•6 years ago
|
||
No follow-up from Adam so far, so I will just do it now. Please note that the underlying behavior in Jenkins has been changed and the fix for us is in the 2.148 release of Jenkins from October 21st. Is there anyone who would have a chance to test this Jenkins release with Firefox and the patch on bug 1370630 applied? https://hg.mozilla.org/mozilla-central/rev/367b6f947f87 has the link to the builds of Firefox which have the changes included. Dave, or Stephen, maybe you are still running latest (no LTS) releases of Jenkins for some of our CI systems?
Comment 22•6 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #21) > Dave, or Stephen, maybe you are still running latest (no LTS) releases of > Jenkins for some of our CI systems? I should also needinfo both of them...
Comment 23•6 years ago
|
||
I'm not running latest anywhere, but I can spin up a docker image and test this. Leaving the needinfo, will report back shortly.
Comment 24•6 years ago
|
||
I'm unable to reproduce the issue using latest Jenkins LTS (2.138.2) and the macOS build from https://archive.mozilla.org/pub/firefox/nightly/2017/07/2017-07-07-10-01-52-mozilla-central/. I understand that due to the login page refactoring that is no longer a suitable reproduction case, however I also tried navigating to the main Jenkins configuration and clicking the Save button. It seems to work every time for me.
Comment 25•6 years ago
|
||
That is great to hear, Dave! Yes, so far that should be everything which needs to be checked. If saving the settings works, then it should be fine. Thanks a lot for testing it. Now we have to wait for the next LTS release of Jenkins. I will ask again on the github issue for nomination so that it won't be forgotten.
Comment 26•6 years ago
|
||
Sorry for not being more clear. I cannot replicate this on a version that I believe should demonstrate the issue, and therefore I'm unable to confirm if the fix is working.
Comment 27•6 years ago
|
||
I see. Meanwhile they had to even backout the fix because it caused a regression in Jenkins. Another fix is proposed for the yui library in use. Details see https://issues.jenkins-ci.org/browse/JENKINS-53462?focusedCommentId=353794&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-353794 Adam, can you or someone else who knows the details for this bug please follow-up and help with testing?
Comment 28•6 years ago
|
||
Henrik, yes we will follow up. Thanks for all your help. :) Leaving my NI for now.
Comment 29•6 years ago
|
||
Jenkins folks are really awaiting the feedback. So can you please follow-up on it? Also see https://github.com/jenkinsci/jenkins/pull/3761#issuecomment-440828721
Comment 30•5 years ago
|
||
I think the biggest hurdle here is we don't have any experience standing up jenkins servers to test here. I asked if there's any publicly available staging environment where we can test. https://github.com/jenkinsci/jenkins/pull/3761#issuecomment-448735692
Assignee | ||
Updated•5 years ago
|
Comment 31•5 years ago
|
||
I have seem to have replicated the Jenkins v2.60.3 issue on the latest version of Nightly, 68.0a1 (2019-03-21) (Windows 10)
This (as far as I could tell) was always working up until the v68 bump of nightly.
This also seems to only effect the installation of older versions of jenkins, as when using a docker image of the latest LTS I was able to login with Nightly.
Tested/Replicated the bug with the following:
- My main profile with a few plugins (Cannot Login)
- A completely blank profile (Cannot Login)
Tested / cannot replicate bug:
- Firefox Mainline v66.0 (Windows 10)
- Chrome v73.0.3683.86
Jenkins Versions Tested:
- 2.60.3 (Docker "Latest")
Steps for replication on older jenkins versions:
- Install Docker
- Follow: https://wiki.jenkins.io/display/JENKINS/Installing+Jenkins+with+Docker its basically:
2.1 To get jenkins v2.60.3 run: (This is the effected version)
2.1.1mkdir $PWD/jenkins && docker run -d -p 49001:8080 -v $PWD/jenkins:/var/jenkins_home:z -t jenkins
2.2 to get jenkins v2.164.1 run: (This version is not effected)
2.2.1mkdir $PWD/jenkins && docker run -d -p 49001:8080 -v $PWD/jenkins:/var/jenkins_home:z -t jenkins/jenkins:lts
2.3 Warning: If running above command it listens on all open interfaces, if not behind a firewall be careful with step 7. - Load up Nightly with http://localhost:49001 (assuming local docker)
- On your host
cat secrets/initialAdminPassword
for the "default jenkins password" and enter it in jenkins - Select "Install default plugins"
- Wait until jenkins is done installing the plugins,
5.1 If it does not install certain plugins or fails don't worry, as its a jenkins problem not a plugin problem (as far as I can tell) - Type in a Username and password and email, (dont worry can be "admin","admin","admin@example.com")
- You will now be automatically logged in as the admin user. (And now have a "fully setup jenkins instance"
- Logout
- Try to log back in with your "admin:admin"
- You are now Not logged in
Notes:
When clicking the login button it seems like the DOM is changing but there is no network activity when looking at the developer console
Comment 32•5 years ago
|
||
As noted in https://issues.jenkins-ci.org/browse/JENKINS-53462 Jenkins will ship a fix with the upcoming 2.173 release. If it is stable (and won't be backed out again), and land for LTS we can try to fix bug 1370630 again.
Comment 33•5 years ago
|
||
See bug 1547409. Moving webcompat whiteboard tags to keywords.
Comment 34•5 years ago
|
||
So the shipped fix by Jenkins didn't affect any user so far. And it got actually already fixed in the v2.164.3 LTS, which means no more waiting.
Beside that we also already got bug 1370630 landed, which is a great milestone.
Description
•