Closed Bug 1638383 Opened 4 years ago Closed 2 years ago

teams.microsoft.com doesn't load with `network.cookie.cookieBehavior = 5` (dfpi)

Categories

(Core :: Privacy: Anti-Tracking, defect, P2)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox78 --- wontfix
firefox96 --- verified

People

(Reporter: sarah, Assigned: pbz)

References

(Blocks 2 open bugs)

Details

Attachments

(2 files)

Screenshot on 2020-05-15 at 16:14:19.png
185.54 KB, image/png
Details
Bug 1638383 - Add a shim for the dFPI Microsoft login breakage. r=twisniewski!,#anti-tracking!
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

  • Go to teams.microsoft.com
  • You are redirected to login.microsoftonline.com to login
  • Login should succeed, but then teams.microsoft.com gets into a wierd loop and eventually fails with a message to turn on third-party cookies (screenshot attached)
No longer depends on: 1620530

First seen on release on windows on a fresh install with no addons etc. Repeated on nightly on linux (as per screenshot)

The reason that we didn't apply redirect heuristic is because there was no user interaction on microsoft.com.

A simple workaround is to click "signing out" link shown in the attachment, and try to sign-in again.

Depends on: 1642051

Peter, can we bring this up with the Microsoft folks?

Flags: needinfo?(stpeter)

Sure. What's our request of the Teams folks?

Flags: needinfo?(stpeter)

I've followed up with our Teams friends about this...

Lift the priority given that we've enabled State Partitioning (dFPI) in strict mode from 86.

Severity: normal → S2
Priority: P3 → P2

https://hg.mozilla.org/releases/mozilla-release/rev/10a638a8c0d0644fca190c3c54957139ab9e0063 pushed four days ago.

Thanks for the triage of bug 1693768. Whilst I understand the duplicate status, I'm confused by some terminology.

(In reply to Tim Huang[:timhuang] from comment #8)

… State Partitioning (dFPI) in strict mode from 86. …

I see State Partitioning in the title at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning.

https://blog.mozilla.org/security/2021/01/26/supercookie-protections/ for Firefox 85 includes the phrases cache-based supercookies, partition network connections and caches and partitioning network state.

https://arstechnica.com/gadgets/2020/12/firefox-v85-will-improve-its-cache-partitioning-for-stronger-privacy/ also for Firefox 85 uses the phrase cache partitioning and:

… improvements in client-side storage (cache) partitioning. This has been widely and incorrectly reported elsewhere as network partitioning, likely due to confusion around the privacy.partition.network_state flag in Firefox, which allows advanced users to enable or disable cache partitioning as desired. …

At https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning#status_of_partitioning_in_firefox I see Network Partitioning and Dynamic State Partitioning; clicking the latter leads to Dynamic Partitioning.

If I understand correctly from bug 1649876 comment 11 and the related First Party Isolation extension: enabling first party isolation (FPI) disables dynamic first party isolation (dFPI).

Are these three phrases:

  1. dynamic first party isolation
  2. dynamic state partitioning
  3. dynamic partitioning

– perfectly synonymous with each other?

Which phrases might be used in forthcoming https://www.mozilla.org/en-US/firefox/86.0/releasenotes/? I wonder :-)

From Difference between FPI (first-party isolation) and DFPI (dynamic first-party isolation) : firefox (Reddit, 2020-10-19):

… Can someone explain in simple terms how are they different from user's perspective …

I guess that reasonably simple distinctions will be offered in a Mozilla blog post to accompany release notes for Firefox 86, and in follow-ups to articles such as this:

In the meantime:

  • if anyone can point me to a suitably simple distinction between the two, I'll be grateful ☑

(In reply to Graham Perrin from comment #9)

Are these three phrases:

  1. dynamic first party isolation
  2. dynamic state partitioning
  3. dynamic partitioning

– perfectly synonymous with each other?

Sorry for the confusing of terminologies. Yes, there three terms are talking about the same thing.

The dynamic first party isolation(dFPI) is the internal term that we used for the early phase of developing. It inherits from the term First party isolation. We've decided to check it to State Partitioning which is more understandable than dFPI while we started to ship this privacy feature. And the dynamic means the partitioned state could be unpartitioned dynamically, which reflects the character of this feature.

Which phrases might be used in forthcoming https://www.mozilla.org/en-US/firefox/86.0/releasenotes/? I wonder :-)

We would use the State Partitioning for the technical term.

In the meantime:

  • if anyone can point me to a suitably simple distinction between the two, I'll be grateful ☑

The major difference between these two is about the word dynamic. There is no way for FPI to unpartition/un-isolatte the storage, but dFPI can do that to provide a better Web compatibility. And, of course, there are still some differences between thsee two features, but I would rather not to talk about this in details here.

👍 thank you, and apologies for the noise. Hide my previous comment, and this one, if you like.

Ok, so After update to Firefox 86 MS Teams stop working again, even with Privacy tools is disabled on domain. Login and logout do nothing, clear cookies do nothing, disable strict mode do nothing. I think is can be something with new cookie isolation.

A correct comment.

(In reply to pietryszak from comment #12)

Ok, so After update to Firefox 86 MS Teams stop working again, even with Privacy tools is disabled on domain. Login and logout do nothing, clear cookies do nothing. Disable strict mode ony give a result. I remember that in FF ist working, even strict mode is on. It's a good behavior? Mayby give some switch to disable ony new cookie isolation for choosen domain.

Webcompat Priority: --- → ?
Webcompat Priority: ? → ---
Blocks: 1740763

I'm working on a shim for this and Bug 1734621.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Attachment #9251603 - Attachment description: WIP: Bug 1638383 - Add a shim for the dFPI Microsoft login breakage. r=twisniewski!,#anti-tracking! → Bug 1638383 - Add a shim for the dFPI Microsoft login breakage. r=twisniewski!,#anti-tracking!
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/303cf334fa0d
Add a shim for the dFPI Microsoft login breakage. r=anti-tracking-reviewers,twisniewski,webcompat-reviewers,timhuang,denschub,webidl,smaug

https://hg.mozilla.org/mozilla-central/rev/303cf334fa0d

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox96: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch

Verified as fixed on Windows 10 x64, macOS 11.6, Ubuntu 20.04 x64 on Firefox Nightly 96.0a1.

Status: RESOLVED → VERIFIED
status-firefox96: fixedverified
See Also: → 1771258
See Also: → 1775500
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: