1583211 - Clicking on button navigates incorrectly

Status: RESOLVED FIXED

(Core :: Networking: Cookies, defect, P1)

Description

[Andrew Overholt [:overholt]]

Clicking on "SPONSOR US!" on https://secure.terryfox.ca/registrant/TeamFundraisingPage.aspx?TeamID=856840#&panel1-1 takes me to a server error page after bug 1579552 landed but before that it works fine (I used mozregression).

Comment 1

[(no longer active)]

[Tracking Requested - why for this release]: web-visible regression

When visiting the URL in comment 0, a session cookie like below is set:

{"CSRF-Token":{"domain":"secure.terryfox.ca","httpOnly":true,"path":"/registrant/TeamFundraisingPage.aspx","value":"2CDEC11ED8B90312596ECCB2738D6FAC36DCC92BCDC51362D18E6D82A008D884"}}

When clicking the Sponsor Us link, we issue an HTTP Get request to https://secure.terryfox.ca/registrant/TeamFundraisingPage.aspx?TeamID=856840. Note that the path here matches the path of that cookie, but there is a ? character right after it.

Because of that character, we end up not picking the CSRF-Token cookie, which causes the site to redirect us to the error page. If we send the CSRF-Token cookie as well, then the site will work correctly. Chrome seems to match based on ? after the path in addition to /.

Comment 2

[(no longer active)]

Attachment: Bug 1583211 - Use the URL file path when performing cookie path matching instead of the url path query ref;

Comment 4

[Pulsebot]

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/da544455b20c
Use the URL file path when performing cookie path matching instead of the url path query ref; r=baku

Comment 5

[Raul Gurzau (:RaulG)]

https://hg.mozilla.org/mozilla-central/rev/da544455b20c