Autoconfiguration impossible for ISPs providing OAuth2 when JavaScript is disabled
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(Not tracked)
People
(Reporter: u, Assigned: anonym)
References
Details
(Whiteboard: [patchlove])
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
Steps to reproduce:
- Start the autoconfig wizard for account@gmail.com (must be a valid
one that you have the password for). - Due to its priority, Mozilla's database will win over other
methods, and its first pick is OAuth2 so that's what you get (but
the authentication method is not displayed unless you click the
"Manual config" button). - Just pick any of the results (IMAP or POP).
- A browser window will open, asking you to login to the Google
account, so enter account@gmail.com and its password. - Observe the error message stating that you need to enable JavaScript.
- Closing that browser window brings you back to the result screen
from step 2, but now it says "the username or password is wrong". - No matter what you try autoconfiguration is unable to closer to a
working configuration than step 6. The only solution is for the
user to click "Manual config" and change authentication method for
both server types.
Expected results:
For many providers JavaScript is required for OAuth2 to work. If
JavaScript is disabled the autoconfiguration UX may be
inconsistent/confusing (the error handling is on the provider's side) and difficult to recover from (the user has to manually alter the authentication method).
It should be possible to disable OAuth when using Thunderbird with Javascript disabled.
|
||
Comment 2•6 years ago
|
||
|
|
||
Comment 3•6 years ago
|
||
|
|
||
Updated•6 years ago
|
I'm wondering if we're exaggerating the dangers of enabling JavaScript in Thunderbird (i.e. javascript.enabled = true). What are the consequences, actually?
As far as I understand, JavaScript in email messages was completely removed in Thunderbird 3, but it still is enabled for messages from news feeds. Is there no way to disable the latter except javascript.enabled = false? Or does that even disable it?
The ideal would be if JavaScript was only enabled in the browser component, and nothing else. Is this achievable with current Thunderbird? Otherwise, any idea how hard it would be to implement a pref for disabling JavaScript in news feeds?
|
|
||
Comment 5•5 years ago
|
||
JavaScript is enabled by default yes, but like you wrote, only enabled in certain contexts.
How can I learn more about which contexts have JavaScript support?
|
|
||
Comment 7•5 years ago
|
||
It's basically those that are not mail messages. You can read https://searchfox.org/comm-central/source/mail/test/browser/content-policy/browser_jsContentPolicy.js
Unassigning myself and reassigning to anonym who seems to be working on this.
|
||
Updated•3 years ago
|
|
||
Comment 9•6 months ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #7)
It's basically those that are not mail messages. You can read https://searchfox.org/comm-central/source/mail/test/browser/content-policy/browser_jsContentPolicy.js
anonym, are you still wishing to work on this?
|
|
||
Comment 10•6 months ago
|
||
Note, this correlates to Bug 1174797 - handle OAuth not working with cookies/javascript disabled
|
Assignee | |
Comment 11•6 months ago
|
||
I do not intend to work on this. I'm resolving this bug in favor of 1174797.
Description
•