Open Bug 1459620 Opened 6 years ago Updated 2 years ago

First party isolation breaks sign in on airnewzealand.com

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

People

(Reporter: englehardt, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1]) 

The login procedure of airnewzealand.com is broken by FPI. Steps to reproduce:

1. Click "Sign in" on the top navigation bar of the homepage of airnewzealand.com
2. Enter credentials and click "Sign in"
3. The browser is navigates to https://auth.airnewzealand.co.nz/vauth/oauth2/login with the following error message "For your security, your session has timed out due to inactivity. Please sign in to resume your session."
4. Attempting to re-submit credentials on the error page leads to the same error.

I also saw breakage during account registration, where I was similarly navigated to a (different) error page, but my account was successfully created.
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
See Also: → 1616612
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.