Closed Bug 1490864 Opened 6 years ago Closed 5 years ago

Unable to log into Treeherder when using Privacy Badger

Categories

(Tree Management :: Treeherder: Frontend, enhancement, P3)

Product:
Tree Management
Component:
Treeherder: Frontend
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: botond, Unassigned)

Details

I'm having trouble logging into Treeherder on one of my machines.

Every time I try to log in, I get the following message after entering my credentials:

"Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc."
It works in a different profile. Not sure what the difference is; I'm using containers in both profiles.
Hi! 

What browser and version? If Firefox, does diffing the text export of `about: support` shed any light on preference/addon differences?

Is that message in the console or the page content? Is the page at that point the auth0 domain or Treeherder?

Does clearing localstorage (after making a copy of the profile so we can figure out what caused it) help (for either treeherder.mozilla.org or the auth0 domain)?

It's possible this is a containers bug.
Flags: needinfo?(botond)
(In reply to Ed Morley [:emorley] from comment #2)
> What browser and version?

Firefox 60 ESR. The other profile works in the same browser version.

> If Firefox, does diffing the text export of
> `about: support` shed any light on preference/addon differences?

There are several addon and pref differences, yes. Nothing that jumps out as being a likely culprit, but I suppose I can try to bisect them when I get a chance.

> Is that message in the console or the page content? Is the page at that
> point the auth0 domain or Treeherder?

Page content. It's back to Treeherder by that point, although still the new tab that's opened.

It would be helpful if that message said what the actual cause of the problem was, rather than just listing possible causes.

> Does clearing localstorage (after making a copy of the profile so we can
> figure out what caused it) help (for either treeherder.mozilla.org or the
> auth0 domain)?

I assume you mean about:preferences -> Cookies and Site Data. Unfortunately, deleting either or both of those domains does not make a difference.

> It's possible this is a containers bug.

In the problematic profile, the default container exhibits the same problem.
Flags: needinfo?(botond)
(In reply to Botond Ballo [:botond] from comment #3)
> It would be helpful if that message said what the actual cause of the
> problem was, rather than just listing possible causes.

That error message isn't something Treeherder has generated itself. Sounds like:
https://github.com/auth0/auth0.js/issues/540

It would be really helpful to have more information about the actual requests that are being made (eg by looking in the devtools console looking for errors / non-HTTP 200 responses / ...).

> I assume you mean about:preferences -> Cookies and Site Data. Unfortunately,
> deleting either or both of those domains does not make a difference.

Devtools has a storage tab which lists all types of storage including localstorage.

I'd recommend reading more about the devtools features - it's handy to be familiar with it when reporting issues with sites:
https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector
https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor
Flags: needinfo?(botond)
One interesting development is that the error message has changed. It now reads:

`state` does not match.

(In reply to Ed Morley [:emorley] from comment #4)
> It would be really helpful to have more information about the actual
> requests that are being made (eg by looking in the devtools console looking
> for errors / non-HTTP 200 responses / ...).

I don't see any output in the devtools console during the login process.

Interestingly, I'm not able to see the requests made during the login process in the Network tab, either.

Here is what I'm doing:

  1. Activate the Network tab of the devtools
  2. Reload the Treeherder tab (where I'm not logged in).
     The Network tab shows all the requests associated with
     loading the Treeherder page, and they're all status 200.
  3. Click "Login / Register".
     I do _not_ see any new requests in the Network tab.
     Note that I have "All" request types selected at the top.
  4. As I continue with the login process, I still do not see
     any new requests in the Network tab, even though it must
     be the case that requests are being made.

I wonder if this has to do with the fact that clicking Login / Register opens a new tab, and that messes things up?
(In reply to Botond Ballo [:botond] from comment #5)
> One interesting development is that the error message has changed. It now
> reads:
> 
> `state` does not match.

Sorry, please ignore that. I accidentally loaded treeherder.mozilla.org in the default container, while mozilla.auth0.com was configured to load in the "Work" container. If I load treeherder.mozilla.org in the Work container as well, I get the original error.

(In reply to Ed Morley [:emorley] from comment #4)
> Devtools has a storage tab which lists all types of storage including
> localstorage.

Thanks, I didn't know about that. Clearing localstorage for treeherder.mozilla.org and mozilla.auth0.com did not make any difference either.
Flags: needinfo?(botond)
(In reply to Botond Ballo [:botond] from comment #5)
> Here is what I'm doing:
> 
>   1. Activate the Network tab of the devtools
>   2. Reload the Treeherder tab (where I'm not logged in).
>      The Network tab shows all the requests associated with
>      loading the Treeherder page, and they're all status 200.
>   3. Click "Login / Register".
>      I do _not_ see any new requests in the Network tab.
>      Note that I have "All" request types selected at the top.
>   4. As I continue with the login process, I still do not see
>      any new requests in the Network tab, even though it must
>      be the case that requests are being made.
> 
> I wonder if this has to do with the fact that clicking Login / Register
> opens a new tab, and that messes things up?

I was able to see some requests associated with logging in by only opening the devtools after the new tab appears. I see a 302 in there (which I assume is normal), and everything else is 200.
Out of curiosity, does safe mode make things work for the messed up profile? 
Is tracking protection enabled? Does disabling it make a difference?
(In reply to Wes Kocher (:KWierso) from comment #8)
> Out of curiosity, does safe mode make things work for the messed up profile?

Interestingly, yes! And now that I restarted in regular mode, I am still logged in.

> Is tracking protection enabled?

Nope.

Is this still occurring? If so, any more ideas/information about it?

Flags: needinfo?(botond)
Priority: -- → P3

(In reply to Ed Morley [:emorley] from comment #10)

Is this still occurring? If so, any more ideas/information about it?

It is. I seem to have narrowed down the issue to the Privacy Badger add-on, although it says it isn't blocking anything on Treeherder (but maybe it is on the intermediate sites that the login flow is taking me through... I'm not on them long enough to check).

Anyways, the following seems to be working for me as a workaround:

  • Disable Privacy Badger
  • Login to Treeherder
  • Re-enable Privacy Badger
  • Repeat every 24 hours when Treeherder logs me out...
Flags: needinfo?(botond)

Thank you for the update - glad to hear you tracked the cause down.

Since this is an issue due to the Privacy Badger addon (and something that likely affects at least some other users of Auth0 SSO), this isn't something we will be tracking on Treeherder's side.

However if you happen to find out more details or in the unlikely event there is something non-invasive/hacky we can do to mitigate the issue, then please let us know :-)

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Summary: Unable to log into Treeherder on one of my machines → Unable to log into Treeherder when using Privacy Badger

(In reply to Ed Morley [:emorley] from comment #12)

However if you happen to find out more details or in the unlikely event there is something non-invasive/hacky we can do to mitigate the issue, then please let us know :-)

You could not log users out every 24 hours :)

But that's probably a discussion for another bug.

That's something the SSO team control.

(In reply to Ed Morley [:emorley] from comment #14)

That's something the SSO team control.

See bug 1439858 for context (I'd like it to be higher too, but we lost that one).

You need to log in before you can comment on or make changes to this bug.