Closed Bug 1634921 Opened 5 years ago Closed 5 years ago

network.cookie.sameSite.laxByDefault true will not redirect to the final url after entering password

Categories

(Core :: Networking: Cookies, defect, P2)

Product:
Core
Component:
Networking: Cookies
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla80
Tracking Flags:
Tracking Status
firefox80 --- fixed

People

(Reporter: kernp25, Assigned: robwu)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file, 5 obsolete files)

Bug 1634921 - Tests of same-site cookies after redirects in extensions
47 bytes, text/x-phabricator-request
Details | Review
Attached file KMAmL73cJk.mp4 (obsolete) (deleted) —

From this Bug 1629436:

Logins seems to work now but there is still a bug.

After entering the password (the last step) it will redirect back to https://login.yahoo.com/ (look at the video).

Closing and opening the popup again, will load https://mail.yahoo.com/ correctly (because the login worked before).

Setting network.cookie.sameSite.laxByDefault to false will make the login work correctly (it will redirect to https://mail.yahoo.com/ after entering the password).

So it must have something to do with network.cookie.sameSite.laxByDefault true.

Flags: needinfo?(rob)

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Password Manager
Product: WebExtensions → Toolkit
Component: Password Manager → Networking: Cookies
Product: Toolkit → Core

Could you try to create and share an isolated, self-contained test case that does not require logging in to Yahoo?

If not, could you at least capture the requests and note the URLs of the request, the request and response headers, and if available the cause?

Flags: needinfo?(rob)
See Also: → 1629436
Blocks: samesitelax
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
Flags: needinfo?(rob)

Thanks for the examples, I'm able to reproduce.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(rob)
Assignee: nobody → rob
Status: NEW → ASSIGNED

Unassigning myself; I only provided unit tests to verify the bug.

I've started a discussion with :baku in https://phabricator.services.mozilla.com/D74504#2267394 . This will hopefully lead to a satisfactory solution.

Assignee: rob → nobody
Status: ASSIGNED → NEW
Blocks: sameSiteLax-breakage
No longer blocks: samesitelax
Assignee: nobody → rob
Status: NEW → ASSIGNED
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/d7a3a1820600 Tests of same-site cookies after redirects in extensions r=baku

https://hg.mozilla.org/mozilla-central/rev/d7a3a1820600

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox80: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
QA Whiteboard: [qa-80b-p2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: