Closed Bug 1583211 Opened 1 year ago Closed 1 year ago

Clicking on button navigates incorrectly

Categories

(Core :: Networking: Cookies, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox70 --- unaffected
firefox71 + fixed

People

(Reporter: overholt, Assigned: ehsan)

References

(Regression, )

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(1 file)

Clicking on "SPONSOR US!" on https://secure.terryfox.ca/registrant/TeamFundraisingPage.aspx?TeamID=856840#&panel1-1 takes me to a server error page after bug 1579552 landed but before that it works fine (I used mozregression).

[Tracking Requested - why for this release]: web-visible regression

When visiting the URL in comment 0, a session cookie like below is set:

{"CSRF-Token":{"domain":"secure.terryfox.ca","httpOnly":true,"path":"/registrant/TeamFundraisingPage.aspx","value":"2CDEC11ED8B90312596ECCB2738D6FAC36DCC92BCDC51362D18E6D82A008D884"}}

When clicking the Sponsor Us link, we issue an HTTP Get request to https://secure.terryfox.ca/registrant/TeamFundraisingPage.aspx?TeamID=856840. Note that the path here matches the path of that cookie, but there is a ? character right after it.

Because of that character, we end up not picking the CSRF-Token cookie, which causes the site to redirect us to the error page. If we send the CSRF-Token cookie as well, then the site will work correctly. Chrome seems to match based on ? after the path in addition to /.

Assignee: nobody → ehsan
Duplicate of this bug: 1583273
Priority: -- → P1
Whiteboard: [necko-triaged]
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/da544455b20c
Use the URL file path when performing cookie path matching instead of the url path query ref; r=baku
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.