"Chat" does not work on dell.com while ETP STRICT is enabled
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
People
(Reporter: oanaarbuzov, Assigned: twisniewski)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
(Keywords: webcompat:site-wait)
Attachments
(1 file)
|
590.76 KB,
image/png
|
Details |
ChatNotWorking.png
Environment:
Browser / Version: Firefox Nightly 73.0a1 (2019-12-22)
Operating System: Windows 10 Pro
Steps to reproduce:
- Navigate to https://www.dell.com/support/incidents-online/us/en/04/contactus/servicetag/eEQrL0N5NkZxMUowTGVzUytIbFBMdz090?lwp=rt
- Select an option from the "Tell us the nature of the request" drop-down menu (e.g "Video Display Issues").
- Scroll down the page and click "Start Chat" button.
- Observe behavior.
Expected result:
Chat starts.
Actual result:
Chat does not start.
Note:
- Not reproducible on Chrome 79.0.3945.88
- Screenshot attached.
|
||
Comment 1•4 years ago
•
|
||
This is caused by cookie blocking salesforce.com, which is on the ads-track-digest256 list (i.e., Level 1 list).
When ETP is enabled, we see two SecurityError messages in the console. These seem to be coming from https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/broadcast.esw.min.js and https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/session.esw.min.js.
broadcast.esw.min.js defines the following functions:
window.esw.defineFeature("Broadcast", function(t) {
function e() {
this.esw = t, this.callbacks = {}, this.storage = window.localStorage, this.prefix = "__broadcastAPI:", this.queue = {}, this.on(), this.off(), this.send(), window.addEventListener("storage", function(t) {
var e, i = t.newValue,
s = "";
0 === t.key.indexOf(this.prefix) && null === t.oldValue && (e = t.key.replace(this.prefix, ""), "undefined" !== i && (s = JSON.parse(i)), this.broadcast(e, s))
}.bind(this)), window.addEventListener("storage", function(t) {
var e;
0 === t.key.indexOf(this.prefix) && null === t.newValue && (e = t.key.replace(this.prefix, "")) in this.queue && (this.send(e, this.queue[e].shift()), 0 === this.queue[e].length && delete this.queue[e])
}.bind(this))
}
e.prototype.on = function(t, e) {
t in this.callbacks || (this.callbacks[t] = []), this.callbacks[t].push(e)
}, e.prototype.off = function(t, e) {
var i;
t in this.callbacks && ("function" == typeof e && (i = this.callbacks[t].indexOf(e), this.callbacks[t].splice(i, 1)), "function" == typeof e && 0 !== this.callbacks[t].length || delete this.callbacks[t])
}, e.prototype.send = function(t, e) {
var i = this.prefix + t;
null === this.storage.getItem(i) ? (this.storage.setItem(i, JSON.stringify(e, function(t, e) {
return void 0 === e ? null : e
})), this.storage.removeItem(i)) : (i in this.queue || (this.queue[i] = []), this.queue[i].push(e))
}, e.prototype.broadcast = function(t, e) {
t in this.callbacks && this.callbacks[t].forEach(function(t) {
t(e)
})
}, t.broadcastAPI = new e
});
session.esw.min.js defines several functions in the following way:
}, e.prototype.getSessionData = function(t, e, s) {
var n, a = {};
if (n = s ? localStorage : sessionStorage, !t || !e) throw new Error("getSessionData requires two non-null arguments (domain, keys).");
return e.forEach(function(e) {
a[e] = n.getItem(this.getKeyName(t, e))
}.bind(this)), a
the choice to use session or local storage here is chosen by the calling code. E.g., https://dellservices.my.salesforce.com/embeddedservice/5.0/eswFrame.min.js calls this as follows:
n = JSON.parse(esw.sessionAPI.getSessionData(t, [
'ACTIVE_CHAT_SESSIONS'
], !0)
Accessing window.localStorage will throw a SecurityError. We could see if Salesforce could migrate this over to session storage, since it appears to be a supported codepath.
|
|
||
Comment 2•4 years ago
|
||
I don't think there's anything ETP-related we need to change here.
Mike: do we have contacts at Salesforce we can flag on this issue?
|
||
Comment 3•4 years ago
|
||
Thanks Steven. Just to recap, salesforce.com is classified as a cross-site tracker and the following constraints apply:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy
I've sent an email to one of our salesforce contacts.
|
||
Comment 4•4 years ago
|
||
I'm having the same issue, and I just checked the dell website and this is solved.... can any of you guys tell me how did you solve this?
|
|
||
Comment 5•4 years ago
|
||
(In reply to Manuel Vasquez Pimentel from comment #4)
I'm having the same issue, and I just checked the dell website and this is solved.... can any of you guys tell me how did you solve this?
I've just verified that the chat is still broken.
|
||
Comment 6•2 years ago
|
||
The issue is still reproducible with ETP set to STRICT. With ETP set to STANDARD, the chat is available.
Tested with:
Browser / Version: Firefox Release 102.0 (64-bit)/ Firefox Nightly 104.0a1 (2022-06-28) (64-bit) /
Operating System: Windows 10 PRO x64
|
|
||
Updated•2 years ago
|
|
||
Comment 7•2 years ago
|
||
Since nightly and release are affected, beta will likely be affected too.
For more information, please visit auto_nag documentation.
|
||
Updated•2 years ago
|
|
|
||
Comment 8•1 year ago
|
||
Since this is an ETP issue, I will be moving this to the relevant Product and Component
Description
•