Concur is not working in Firefox Nightly
Categories
(Web Compatibility :: Desktop, defect, P1)
Tracking
(firefox-esr68 unaffected, firefox73 unaffected, firefox74 unaffected, firefox75 disabled, firefox76 disabled, firefox77 affected)
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox73 | --- | unaffected |
firefox74 | --- | unaffected |
firefox75 | --- | disabled |
firefox76 | --- | disabled |
firefox77 | --- | affected |
People
(Reporter: flod, Unassigned)
References
(Blocks 1 open bug, Regression)
Details
(Whiteboard: [sitewait])
Not exactly sure what would be causing this, but with Nightly 75.0a1 (2020-03-05) (64 bit):
- Visit https://sso.mozilla.com/dashboard and select Concur.
- After the SSO login, a blank page will be displayed for a few seconds. The page title is about Cookies consent.
- After that, I get redirected to https://sitedown.concursolutions.com/ and informed that "Concur is currently unavailable".
It works correctly in 74 RC, so it could be some setting enabled only in Nightly.
Reporter | ||
Comment 1•11 months ago
|
||
It might be relevant to add that several folks are seeing this in the Berlin office, and reproducibility might depend on location (I see country=DE
passed to the trustarc.com request).
Comment 2•11 months ago
•
|
||
FWIW, I get in with 75.0a1 (2020-02-26) (64-bit) and 75.0a1 (2020-03-02) (64-bit). (The second one might have been due to pre-existing cookies.)
Reporter | ||
Comment 3•11 months ago
|
||
A fresh profile seems to work, but I can't figure out what the differences are compared to my existing profile.
Comment 4•11 months ago
|
||
Ah, this is sameSite=lax
's fault.
SAP is calling to TrustArc's cookie consent banner. The banner sets a cookie notice_preferences
indicating what choice the user made. On SAPs side, they try to read the cookie and check if the user has consented to cookies. If that fails because they can't find the cookie, they do a direct to http://sitedown.concursolutions.com
. The site we're on was a POST request, which isn't a safe request. Since TrustArc did not specify sameSite
in the cookie, the new default of sameSite=lax
gets to play, and because of that, SAP never sees the cookie.
The best resolution here is probably an update in TrustArc's library to set sameSite=none
. I'll try to get in touch.
Comment 5•11 months ago
•
|
||
I sent a message to someone I found working at TrustArc. Let's see.
Taking this over to the WebCompat category, as this isn't really a bug we're likely to fix within Firefox, but rather a site issue that can be fixed.
Shouldn't this block meta bug 1618610 ?
Comment 7•11 months ago
|
||
Updated•11 months ago
|
Updated•11 months ago
|
Concur is not working again in Firefox Nightly (Version 77.0a1 (2020-04-19) (64 bit). It does, however, continue to work in FireFox 75.0 (64 bit).
To replicate the error:
- Visit https://sso.mozilla.com/dashboard and select Concur.
- After the SSO login, Concur seems to work, but upon clicking on any module a blank page will be displayed.
- After a resubmit of the web address, get the message: "The page cannot be displayed because an internal server error has occurred."
As mentioned, it does work correctly in 75.0, so maybe it is again some setting enabled only in Nightly.
Comment 9•9 months ago
|
||
(In reply to mbecker from comment #8)
As mentioned, it does work correctly in 75.0, so maybe it is again some setting enabled only in Nightly.
Yes, bug 1604212 is nightly only at the moment.
Updated•9 months ago
|
Comment 10•9 months ago
|
||
I also encounter a problem with SAP Concur on the nightly 77.0a1.
The symptom is slightly different from comment 8.
- Visit https://sso.mozilla.com/dashboard and select Concur.
- It was redirected to the https://sitedown.concursolutions.com/
There's an error message on console: Some cookies are misusing the “sameSite“ attribute, so it won’t work as expected
Comment 11•9 months ago
|
||
To fix this for now toggle network.cookie.sameSite.laxByDefault
to false
or add the domain to network.cookie.sameSite.laxByDefault.disabledHosts
(comma-separated strings)
Comment 12•9 months ago
|
||
I did toggle this to false when the earlier issue arose. This seems to be a new issue (I still have toggled to "false" but also still see the error)
Description
•