Concur is not working in Firefox Nightly
Categories
(Web Compatibility :: Site Reports, defect, P1)
Tracking
(firefox-esr68 unaffected, firefox73 unaffected, firefox74 unaffected, firefox75 disabled, firefox76 disabled, firefox77 affected, firefox88 affected)
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox73 | --- | unaffected |
firefox74 | --- | unaffected |
firefox75 | --- | disabled |
firefox76 | --- | disabled |
firefox77 | --- | affected |
firefox88 | --- | affected |
People
(Reporter: flod, Unassigned)
References
(Regression, )
Details
(Whiteboard: [sitewait])
Not exactly sure what would be causing this, but with Nightly 75.0a1 (2020-03-05) (64 bit):
- Visit https://sso.mozilla.com/dashboard and select Concur.
- After the SSO login, a blank page will be displayed for a few seconds. The page title is about Cookies consent.
- After that, I get redirected to https://sitedown.concursolutions.com/ and informed that "Concur is currently unavailable".
It works correctly in 74 RC, so it could be some setting enabled only in Nightly.
Reporter | ||
Comment 1•5 years ago
|
||
It might be relevant to add that several folks are seeing this in the Berlin office, and reproducibility might depend on location (I see country=DE
passed to the trustarc.com request).
Comment 2•5 years ago
•
|
||
FWIW, I get in with 75.0a1 (2020-02-26) (64-bit) and 75.0a1 (2020-03-02) (64-bit). (The second one might have been due to pre-existing cookies.)
Reporter | ||
Comment 3•5 years ago
|
||
A fresh profile seems to work, but I can't figure out what the differences are compared to my existing profile.
Comment 4•5 years ago
|
||
Ah, this is sameSite=lax
's fault.
SAP is calling to TrustArc's cookie consent banner. The banner sets a cookie notice_preferences
indicating what choice the user made. On SAPs side, they try to read the cookie and check if the user has consented to cookies. If that fails because they can't find the cookie, they do a direct to http://sitedown.concursolutions.com
. The site we're on was a POST request, which isn't a safe request. Since TrustArc did not specify sameSite
in the cookie, the new default of sameSite=lax
gets to play, and because of that, SAP never sees the cookie.
The best resolution here is probably an update in TrustArc's library to set sameSite=none
. I'll try to get in touch.
Comment 5•5 years ago
•
|
||
I sent a message to someone I found working at TrustArc. Let's see.
Taking this over to the WebCompat category, as this isn't really a bug we're likely to fix within Firefox, but rather a site issue that can be fixed.
Shouldn't this block meta bug 1618610 ?
Comment 7•5 years ago
|
||
Updated•5 years ago
|
Updated•5 years ago
|
Concur is not working again in Firefox Nightly (Version 77.0a1 (2020-04-19) (64 bit). It does, however, continue to work in FireFox 75.0 (64 bit).
To replicate the error:
- Visit https://sso.mozilla.com/dashboard and select Concur.
- After the SSO login, Concur seems to work, but upon clicking on any module a blank page will be displayed.
- After a resubmit of the web address, get the message: "The page cannot be displayed because an internal server error has occurred."
As mentioned, it does work correctly in 75.0, so maybe it is again some setting enabled only in Nightly.
Comment 9•5 years ago
|
||
(In reply to mbecker from comment #8)
As mentioned, it does work correctly in 75.0, so maybe it is again some setting enabled only in Nightly.
Yes, bug 1604212 is nightly only at the moment.
Updated•5 years ago
|
Comment 10•5 years ago
|
||
I also encounter a problem with SAP Concur on the nightly 77.0a1.
The symptom is slightly different from comment 8.
- Visit https://sso.mozilla.com/dashboard and select Concur.
- It was redirected to the https://sitedown.concursolutions.com/
There's an error message on console: Some cookies are misusing the “sameSite“ attribute, so it won’t work as expected
Comment 11•5 years ago
|
||
To fix this for now toggle network.cookie.sameSite.laxByDefault
to false
or add the domain to network.cookie.sameSite.laxByDefault.disabledHosts
(comma-separated strings)
Comment 12•5 years ago
|
||
I did toggle this to false when the earlier issue arose. This seems to be a new issue (I still have toggled to "false" but also still see the error)
Comment 13•4 years ago
|
||
For me the page loads correctly now, after login I'm redirect to https://www.concursolutions.com/home.asp, without any internal error or that "Concur" is not available.
https://prnt.sc/10bgekt
https://prnt.sc/10bgf19
In regards to console error, it still occurs:
https://prnt.sc/10bghp9
Setting network.cookie.sameSite.laxByDefault
to false still shows some errors:
https://prnt.sc/10bgh92
Tested with:
Browser / Version: Firefox Nightly 88.0a1 (2021-03-01)
Operating System: Windows 10 Pro
Francesco Lodolo can you still reproduce the issue?
Description
•