Closed Bug 1618336 Opened 1 year ago Closed 1 year ago

ISP verification fails on History.com & HBOgo.com.

Categories

(Core :: Networking: Cookies, defect, P2)

75 Branch
x86_64
Windows 10
defect

Tracking

()

RESOLVED DUPLICATE of bug 1620179
Tracking Status
firefox-esr68 --- unaffected
firefox73 --- unaffected
firefox74 --- unaffected
firefox75 --- disabled
firefox76 --- fixed

People

(Reporter: streetwolf52, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(6 files)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

  1. Went to history.com.
  2. I selected a TV show to stream. The Curse of Oak Island in this case.
  3. Eventually I'm shown a screen where I choose my ISP. Mine is Verizon (FIOS).
  4. I click on Verizon and I see my FIOS account being verified.
  5. After a couple of seconds I am thrown back to the ISP screen.

Actual results:

I keep going back to the choose your ISP screen.

Expected results:

TV show chosen should play.

A couple of things

  1. I have the same issue with a new profile as well as with the portable version of Fx73.
  2. MS Edge works fine.

I see a few error messages in my Browser Console:

ssoauth.verizon.com : server does not support RFC 5746, see CVE-2009-3555

[Exception... "Favicon at "https://ssoauth.verizon.com/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22

Forgot to add that I can manually log into my FIOS account with no problems.

Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64

As a test I tried clicking on the other ISP's presented. Each one brought me to a login screen. FIOS is displaying a message that it is verifying my account and then goes back to the ISP selection screen in history.com. There is no login screen presented like the other ISPs.

Forget what I mentioned in my Comment 3. MS Edge also doesn't present a login screen but it does the verification successfully.

This same sort of problem happens when I try to watch a video on HBOgo.com. In this case I am taken to a Verizon login screen. After entering my credentials I get an unhandled exception. My browser console log shows the same type of errors.

Here's my Browser Console right after I get the unhandled exception message on HBOgo.

Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:1446
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:1446
ssoauth.verizon.com : server does not support RFC 5746, see CVE-2009-3555
[Exception... "Favicon at "https://ssoauth.verizon.com/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22
[Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 761" data: no] L10nRegistry.jsm:761:19
ssoauth.verizon.com : server does not support RFC 5746, see CVE-2009-3555
[Exception... "Favicon at "https://ssoauth.verizon.com/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22
[Exception... "Favicon at "https://auth.hbogo.com/favicon.ico" failed to load: Forbidden." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:1446
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:1446
[Exception... "Favicon at "https://ssoauth.verizon.com/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22
[Exception... "Favicon at "https://ssoauth.verizon.com/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22
[Exception... "Favicon at "https://auth.hbogo.com/favicon.ico" failed to load: Forbidden." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 227" data: no] FaviconLoader.jsm:227:22

Further testing on my issue results..

Installed portable Firefox. Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0

Fx73 portable results:

  1. Streaming videos at HBOgo.com works fine.
  2. Streaming videos at History.com resulted in looping back to the Provider selection screen.

To rule out anything in my Profile I copied the entire contents of my Nightly Fx75 folder to the corresponding Fx73 portable folder.

  1. Streaming videos at HBOgo.com still works fine.
  2. Streaming videos at History.com still resulted in looping back to the Provider selection screen.

So it appears it's nothing in my Profile that is causing my problems. It appears to be a code change between Fx73 and Fx75 causing the problems.

Since History.com doesn't verify my ISP on both Fx73 and Fx75 it must be a different animal then what is happening on HBOgo.com.

Status please?

Hi Gary

I was going to ask you to try the latest Firefox Nightly 75.0a1 version but looking at your last comment , you already did that.

I tried to reproduce the issue, but i don´t have access to any of those providers, therefore i get stuck at the login screen and im unable to replicate the bug.

i will set the component as Core:Security PSM, and perhaps one of our devs has access to any of those ISP to take a look.

Thanks
Pablo

Component: Untriaged → Security: PSM
Product: Firefox → Core

Thanks Pablo.

If you open the network devtools (ctrl + shift + E) and try to load the page, do you see any entries with an exclamation mark in a red circle?

Flags: needinfo?(garyshap)
Attached image network devtools output

No ! in a red circle. I attached what I see in the network devtools console. I also get a page with the notation unhandled exception.

As I mentioned before a clean new Nightly profile gives me the same issues at both sites. It is possible that it only affects FIOS users.

Flags: needinfo?(garyshap)
Attached image Browser Console output

Here's what appears in my Browser Console for HBOgo.com. Plenty of exclamations in red circles.

(In reply to Gary [:streetwolf] from comment #13)

Created attachment 9130547 [details]
network devtools output

No ! in a red circle. I attached what I see in the network devtools console. I also get a page with the notation unhandled exception.

As I mentioned before a clean new Nightly profile gives me the same issues at both sites. It is possible that it only affects FIOS users.

Is that the only resource in that panel? Try shift-refresh.

Flags: needinfo?(garyshap)

What panel are you talking about? The network devtools output or the browser console output?

Flags: needinfo?(garyshap)
Attached file bugzilla.txt

These are all the errors I received from the time I opened up HBOgo.com through the ISP verification process where I received the unhandled exception message.

I saw some errors in the network devtools panel but I must have done something because they disappeared and I can't get them back. In fact I can't even get the messages I originally posted a few comments above.

Before the errors did a disappearing act on me I noticed a bunch of errors just getting into HBOgo.com. Are these useful to you or just the errors after I select my provider and go through the verification process? I did notice a couple of errors at this time that were in a different panel at the bottom of my screen. I had to resize it to see them but that's when I lost everything. Is there a way to reset the developer tools to their defaults?

I would be willing to let you log into me remotely if that is something that is allowed. Personally I use Teamviewer but you might have some other method.

I figured how to get the errors back. The errors in the screenshot are from the time I selected my ISP until the exception.

I installed Fx74 beta portable built from https://hg.mozilla.org/releases/mozilla-release/rev/e98fd13a1a1acf6f7df56c1917a1e392c624f5c7 as a test. Both HBOgo.com and History.com work perfectly. FWIW.

Summary: Streaming on history.com. ISP verification problem. → ISP verification fails on History.com & HBOgo.com.

I installed the latest portable version of Nightly and have the same exact problems. Keep in mind that this version is 100% vanilla.

Using HBOgo.com. When I select my ISP (FIOS) I go to my FIOS login screen and log in. I immediately get an unhandled exception error on an otherwise blank page (https://auth.hbogo.com/saml/module.php/saml/sp/saml2-acs.php/hbogo_sp). Below is what shows up in the network panel. Don't know if it sheds any light on my problem.

XML Parsing Error: not well-formed
Location: https://ssoauth.verizon.com/sso/TVPHandlerServlet?loginType=…m%2Fsaml%2Fmodule.php%2Fsaml%2Fsp%2Fsaml2-acs.php%2Fhbogo_sp
Line Number 1, Column 1:

I don't think this is a PSM bug - there don't seem to be any TLS-related errors.

Component: Security: PSM → Untriaged
Product: Core → Firefox

I'm thinking my problem might be an SAML issue. Here's the output from the add-on SAML-tracer when logging into my FIOS account via HBOgo.com.

Component: Untriaged → Security: CAPS
Product: Firefox → Core

I changed the component to Security: CAPS thinking it might be an SAML problem. Please correct if I am wrong.

ISP verification works fine over at amc.com. SAML-tracer did not show any errors.

My suspicion is that amc.com does not use SAML for their verification process hence the absence of any log messages related to SAML.

I tested again with amc.com. I does appear SAML is being used. However, I do get logged in and no error messages are produced by SAML-tracker like the ones on the other sites that do not work. All this was tested on a new profile.

Priority: -- → P2

I would like to get someone assigned to this issue. I'll help as much as possible.

Gary, please let the triage process happen.

Component: Security: CAPS → Untriaged
Priority: P2 → --
Product: Core → Firefox

Sorry, just anxious to get this resolved.

As a further test I installed the latest Nightly Fx75 on a VM under VMWare Workstation. I received the same errors at both web sites mentioned.

In case this proves to be due to my provider being FIOS I am willing to give my userid/password to whomever is officially assigned to this problem. I will eventually change my login info with the understanding that while my credentials are being used for testing no unauthorized activity is permitted. There should be no need to do anything but login to FIOS at the proper time and see if hbogo and history.com show me as being a Verizon or FIOS user.

I installed some old Fx75 Nightly's on a VM to determine a regression range for HBOgo.com. Here is what I found.

GOOD - https://hg.mozilla.org/mozilla-central/rev/862da1751d9fb10d1daa20940ffa722c888078b1 27-Feb-2020 00:16
BAD - https://hg.mozilla.org/mozilla-central/rev/9e8d5431c4121a4bd70d440c98b50444aee60dd9 27-Feb-2020 12:38

It appears the regression range for History.com is not the same one for HBOgo.com. It goes farther back than the HBOgo problem. I'll try to get a regression range for History.com.

While it's an obvious regression it might be limited to FIOS.

Installed Nightly Fx72 from 12/01/2019 and had the same verification problem on History.com, ie., I keep being sent back to the ISP list after I enter my FIOS userid and password. Seems it might be very tedious to find a regression range if there even is one. The problem might lie with History.com. However, during all my testing I was able to login at history.com with I believe a production version of Fx74. So perhaps it was fixed after Fx72 and then broke again at least in Fx74 or Fx75.

I know I am throwing you a lot of stuff I am finding testing these two sites. Regarding History.com. On the portable version of Fx73 I discovered while I can login to my ISP I can't play any videos. This I determined was due to using a VPN. When I disabled the VPN and returned to my FIOS IP address the video played fine.

However on FX75 Nightly things don't work the same. I can log in to my ISP although somewhat circuitous as mentioned. But when I try to stream a video it asks me to sign into my provider again but clicking on the sign in button just refreshes the page and I'm in the same situation again. On Fx73 the video plays right off the bat, no additional sign in needed.

I suppose Verizon might not like a non FIOS IP address which perhaps is why disabling my VPN works on Fx73. Why the same doesn't happen on Fx75 is a mystery to me.

I believe the HBOgo issue is not the same as the History.com issue but might be closely related.

I really don't want to wait years for this issue to be at least triaged. I've already had one assignee who unassigned themselves from the bug report. It appears the HBOGo problem is a definite Firefox issue whereas the history.com might not be, at least completely, because depending on the browser different weird things happen.

As I said, I am willing to do anything to help you guys debug the problem. For now I can use another browser or the Fx74 release version. It will be interesting when Fx74 gets updated to Fx75 soon to see what happens.

History.com appears to work fine on the new Fx74 release. I still have a problem verifying my ISP when trying to stream a video in Fx75. So there still might be a firefox related issue in Fx75. Once again I will do my best to help you solve my problem and others I am sure.

Unsurprisingly Fx76 has the same issues.

Perhaps this is a networking issue . Setting component to Core-Networking.

Component: Untriaged → Networking
Product: Firefox → Core

An interesting development in my investigation of the problem with HBOGo. I had the thought that if I could find files that make HBOGo work under Fx75b3 then if I copied them over to Nightly Fx76 I can be logged in FIOS and stream videos. I wound up copying these two folders to Fx76.

C:\Users\Gary Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\qykhbjgs.default-nightly\storage\default\https+++play.hbogo.com
C:\Users\Gary Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\qykhbjgs.default-nightly\storage\default\https+++ssoauth.verizon.com

After doing so I fired up Nightly Fx76 and went to HBOGo.com. Immediately I saw that I was logged into FIOS. The word FIOS appears at the upper right of the page. I then started streaming videos with no problem. I'm not sure if I needed both files or just one or the other. I suspect if I ever sign out and need to sign in to my ISP again I would get the exception error.

Just some food for thought that might lead to a solution.

(In reply to Gary [:streetwolf] from comment #35)

GOOD - https://hg.mozilla.org/mozilla-central/rev/862da1751d9fb10d1daa20940ffa722c888078b1 27-Feb-2020 00:16
BAD - https://hg.mozilla.org/mozilla-central/rev/9e8d5431c4121a4bd70d440c98b50444aee60dd9 27-Feb-2020 12:38

Regression range changelog:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=862da1751d9fb10d1daa20940ffa722c888078b1&tochange=9e8d5431c4121a4bd70d440c98b50444aee60dd9

Bug #1604212 looks most suspicious, based on Comment #42.

@ Gary [:streetwolf] - Do changing "network.cookie.sameSite.laxByDefault" and "network.cookie.sameSite.noneRequiresSecure" preferences to "false" value in Advenced Preferences/about:config help?

Has Regression Range: --- → no
Has STR: --- → yes
Flags: needinfo?(garyshap)

I got things working by only setting 'network.cookie.sameSite.laxByDefault' to false as you suggested. Setting the other pref to false while leaving the aforementioned pref to true still caused the exception. So only the first pref is needed in my case.

What does this tell you? I assume it is set to true for a good reason and setting it to false might cause another problem down the road? Is it an issue that needs to be fixed other then by flipping the pref?

Flags: needinfo?(garyshap)

My issue with history.com seems to be a little different than the one with HBOGo. First of all I am on occasion able to log into FIOS in order to stream. It doesn't stay around very long and I get to the point I have to login to my provider again but I am always returned to the provider screen to log in again. I tried setting the two prefs to different values but was not able to verify my FIOS account. As mentioned before it might be a problem with history.com.

As with HBOGo I copied over, from Fx75b3, the following files from the storage\default folder:

https+++play.history.com
https+++www.history.com

After doing this I am logged into Verizon but when I try to stream it just seems to go back to the page I am on based on the slight flicker. If I wasn't logged into Verizon it would have shown the provider list and go into a loop when I selected Verizon. I guess it's the same loop without seeing the provider screen. But as I said it does work every once in a blue moon. The two sites must have some similar underlying cause.

Should the component be changed back to Networking: Cookies?

Has Regression Range: no → ---
Component: Networking → Networking: Cookies

So it appears the problem can be tracked down to Bug 1604212. Now what is the next step?

(In reply to Gary [:streetwolf] from comment #48)

So it appears the problem can be tracked down to Bug 1604212. Now what is the next step?

Hi Gary,

Thanks for your effort for this bug.
This bug is already tracked as a part of bug 1618610. I think someone will take a look soon.
Also, it'd be very helpful if you can help to capture the http log with the pref network.cookie.sameSite.laxByDefault being true. The log can help us identify where the problem is.

Thanks.

Flags: needinfo?(garyshap)
Priority: -- → P2
Whiteboard: [necko-triaged]

HTTP logging for www.HBOGo.com. I started the logging right before I signed in to my ISP. This action resulted in an unhandled exception. network.cookie.sameSite.laxByDefault was set to true for this test.

Flags: needinfo?(garyshap)

My problem on History.com while similar I believe it might be a different issue. Setting the pref in question to false does not fix the problem as it does on HBOGo.com. However it stills seems to involve ISP verification. I'll get you the HTTP logs anyway just in case they provide some help.

https://1drv.ms/u/s!AtusZi2hwX-rg4NFAuFO18IeVgTrQQ?e=VAiS8r

The log above is for History.com. When I select a show to stream the video has a sign in button on it. When I click on it it should send me to a provider list. All it does is send me back to the same screen with the sign in button. Clicking on sign in gets me back to the video with the sign in button ad infinitum.

I recall that on some occasions I was able to verify my provider and could stream the video. I haven't had this happen to me in quite awhile. Also IIRC other browsers acted similarly. One browser gave me the provider list but selecting it jut returned me back to the provider list. Net result is no streaming of video on both browsers. MS Edge was the other browser. As I said while the results are the same it might be a slightly different problem.

What does disabled mean? The recent Fx75 beta doesn't have the problem presumably because Bug 1604212 hasn't ridden the Fx75 beta train yet, but it will eventually.

disabled because samesite=lax is only enabled by default in nightly builds, so beta isn't affected.

Bug 1620179 seems to have fixed my issue with HBOGo.com. I can log into my ISP (FIOS) and stream videos when I set the pref to it's default value of true. However, History.com still throws me back to the video requesting that I sign into my ISP ad infinitum. As mentioned the results are similar to how HBOgo.com was acting until the fix mentioned. While similar it is different. Might be a problem at history.com which I reported to them.

(In reply to Gary [:streetwolf] from comment #55)

Bug 1620179 seems to have fixed my issue with HBOGo.com. I can log into my ISP (FIOS) and stream videos when I set the pref to it's default value of true. However, History.com still throws me back to the video requesting that I sign into my ISP ad infinitum. As mentioned the results are similar to how HBOgo.com was acting until the fix mentioned. While similar it is different. Might be a problem at history.com which I reported to them.

Duplicate this to bug 1620179 , since you opened bug 1624853 for History.com.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1620179

I just wanna confirm I've been getting this bug for like a year in nightly, but never bothered testing it in edge so I just assumed it was my ISP's fault. I just saw this and decided to test disabling the bool prefs mentioned above (lax by default, none requires secure) and that fixed my problem. As of 83.0a1.
Idk if this is useful to anyone but these are the cookies that throw the SameSite warning when authenticating on HBO with Cox: bm_sv, RT, HBOMAX_LOGIN_REDIRECT

You need to log in before you can comment on or make changes to this bug.