"Chat" does not work on dell.com while ETP STRICT is enabled
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
People
(Reporter: oanaarbuzov, Assigned: twisniewski)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
(Keywords: webcompat:site-wait)
Attachments
(1 file)
590.76 KB,
image/png
|
Details |
Environment:
Browser / Version: Firefox Nightly 73.0a1 (2019-12-22)
Operating System: Windows 10 Pro
Steps to reproduce:
- Navigate to https://www.dell.com/support/incidents-online/us/en/04/contactus/servicetag/eEQrL0N5NkZxMUowTGVzUytIbFBMdz090?lwp=rt
- Select an option from the "Tell us the nature of the request" drop-down menu (e.g "Video Display Issues").
- Scroll down the page and click "Start Chat" button.
- Observe behavior.
Expected result:
Chat starts.
Actual result:
Chat does not start.
Note:
- Not reproducible on Chrome 79.0.3945.88
- Screenshot attached.
Comment 1•4 years ago
•
|
||
This is caused by cookie blocking salesforce.com
, which is on the ads-track-digest256
list (i.e., Level 1 list).
When ETP is enabled, we see two SecurityError
messages in the console. These seem to be coming from https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/broadcast.esw.min.js and https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/session.esw.min.js.
broadcast.esw.min.js
defines the following functions:
window.esw.defineFeature("Broadcast", function(t) {
function e() {
this.esw = t, this.callbacks = {}, this.storage = window.localStorage, this.prefix = "__broadcastAPI:", this.queue = {}, this.on(), this.off(), this.send(), window.addEventListener("storage", function(t) {
var e, i = t.newValue,
s = "";
0 === t.key.indexOf(this.prefix) && null === t.oldValue && (e = t.key.replace(this.prefix, ""), "undefined" !== i && (s = JSON.parse(i)), this.broadcast(e, s))
}.bind(this)), window.addEventListener("storage", function(t) {
var e;
0 === t.key.indexOf(this.prefix) && null === t.newValue && (e = t.key.replace(this.prefix, "")) in this.queue && (this.send(e, this.queue[e].shift()), 0 === this.queue[e].length && delete this.queue[e])
}.bind(this))
}
e.prototype.on = function(t, e) {
t in this.callbacks || (this.callbacks[t] = []), this.callbacks[t].push(e)
}, e.prototype.off = function(t, e) {
var i;
t in this.callbacks && ("function" == typeof e && (i = this.callbacks[t].indexOf(e), this.callbacks[t].splice(i, 1)), "function" == typeof e && 0 !== this.callbacks[t].length || delete this.callbacks[t])
}, e.prototype.send = function(t, e) {
var i = this.prefix + t;
null === this.storage.getItem(i) ? (this.storage.setItem(i, JSON.stringify(e, function(t, e) {
return void 0 === e ? null : e
})), this.storage.removeItem(i)) : (i in this.queue || (this.queue[i] = []), this.queue[i].push(e))
}, e.prototype.broadcast = function(t, e) {
t in this.callbacks && this.callbacks[t].forEach(function(t) {
t(e)
})
}, t.broadcastAPI = new e
});
session.esw.min.js
defines several functions in the following way:
}, e.prototype.getSessionData = function(t, e, s) {
var n, a = {};
if (n = s ? localStorage : sessionStorage, !t || !e) throw new Error("getSessionData requires two non-null arguments (domain, keys).");
return e.forEach(function(e) {
a[e] = n.getItem(this.getKeyName(t, e))
}.bind(this)), a
the choice to use session or local storage here is chosen by the calling code. E.g., https://dellservices.my.salesforce.com/embeddedservice/5.0/eswFrame.min.js calls this as follows:
n = JSON.parse(esw.sessionAPI.getSessionData(t, [
'ACTIVE_CHAT_SESSIONS'
], !0)
Accessing window.localStorage
will throw a SecurityError
. We could see if Salesforce could migrate this over to session storage, since it appears to be a supported codepath.
Comment 2•4 years ago
|
||
I don't think there's anything ETP-related we need to change here.
Mike: do we have contacts at Salesforce we can flag on this issue?
Comment 3•4 years ago
|
||
Thanks Steven. Just to recap, salesforce.com is classified as a cross-site tracker and the following constraints apply:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy
I've sent an email to one of our salesforce contacts.
Comment 4•4 years ago
|
||
I'm having the same issue, and I just checked the dell website and this is solved.... can any of you guys tell me how did you solve this?
Comment 5•4 years ago
|
||
(In reply to Manuel Vasquez Pimentel from comment #4)
I'm having the same issue, and I just checked the dell website and this is solved.... can any of you guys tell me how did you solve this?
I've just verified that the chat is still broken.
Comment 6•2 years ago
|
||
The issue is still reproducible with ETP set to STRICT. With ETP set to STANDARD, the chat is available.
Tested with:
Browser / Version: Firefox Release 102.0 (64-bit)/ Firefox Nightly 104.0a1 (2022-06-28) (64-bit) /
Operating System: Windows 10 PRO x64
Updated•2 years ago
|
Comment 7•2 years ago
|
||
Since nightly and release are affected, beta will likely be affected too.
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 8•1 year ago
|
||
Since this is an ETP issue, I will be moving this to the relevant Product and Component
Description
•