Closed Bug 1634921 Opened 2 months ago Closed 2 days ago

network.cookie.sameSite.laxByDefault true will not redirect to the final url after entering password

Categories

(Core :: Networking: Cookies, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla80
Tracking Status
firefox80 --- fixed

People

(Reporter: kernp25, Assigned: robwu)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file, 5 obsolete files)

Attached file KMAmL73cJk.mp4 (obsolete) (deleted) —

From this Bug 1629436:

Logins seems to work now but there is still a bug.

After entering the password (the last step) it will redirect back to https://login.yahoo.com/ (look at the video).

Closing and opening the popup again, will load https://mail.yahoo.com/ correctly (because the login worked before).

Setting network.cookie.sameSite.laxByDefault to false will make the login work correctly (it will redirect to https://mail.yahoo.com/ after entering the password).

So it must have something to do with network.cookie.sameSite.laxByDefault true.

Flags: needinfo?(rob)

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Password Manager
Product: WebExtensions → Toolkit
Component: Password Manager → Networking: Cookies
Product: Toolkit → Core

Could you try to create and share an isolated, self-contained test case that does not require logging in to Yahoo?

If not, could you at least capture the requests and note the URLs of the request, the request and response headers, and if available the cause?

Flags: needinfo?(rob)
See Also: → 1629436
Blocks: 1617609
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
Flags: needinfo?(rob)

Thanks for the examples, I'm able to reproduce.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(rob)
Assignee: nobody → rob
Status: NEW → ASSIGNED

Unassigning myself; I only provided unit tests to verify the bug.

I've started a discussion with :baku in https://phabricator.services.mozilla.com/D74504#2267394 . This will hopefully lead to a satisfactory solution.

Assignee: rob → nobody
Status: ASSIGNED → NEW
Blocks: sameSiteLax-breakage
No longer blocks: 1617609
Assignee: nobody → rob
Status: NEW → ASSIGNED
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/d7a3a1820600
Tests of same-site cookies after redirects in extensions r=baku
Status: ASSIGNED → RESOLVED
Closed: 2 days ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
You need to log in before you can comment on or make changes to this bug.