Open
Bug 1459620
Opened 6 years ago
Updated 2 years ago
First party isolation breaks sign in on airnewzealand.com
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: englehardt, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
The login procedure of airnewzealand.com is broken by FPI. Steps to reproduce: 1. Click "Sign in" on the top navigation bar of the homepage of airnewzealand.com 2. Enter credentials and click "Sign in" 3. The browser is navigates to https://auth.airnewzealand.co.nz/vauth/oauth2/login with the following error message "For your security, your session has timed out due to inactivity. Please sign in to resume your session." 4. Attempting to re-submit credentials on the error page leads to the same error. I also saw breakage during account registration, where I was similarly navigated to a (different) error page, but my account was successfully created.
Reporter | ||
Updated•6 years ago
|
Blocks: FirstPartyIsolationQA
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•