Closed Bug 1732444 Opened 4 years ago Closed 3 years ago

Unable to login with Google/Facebook to Tripadvisor.com

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 94
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 --- unaffected
firefox92 --- unaffected
firefox93 --- unaffected
firefox94 --- unaffected
firefox95 --- affected

People

(Reporter: sbadau, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: regression)

[Environment:]

macOS Big Sur 11.5
Ubuntu 20.04

Nightly 94.0a1

[Steps:]
  1. Open Firefox with a new profile
  2. Log into your Google account.
  3. Navigate to https://www.tripadvisor.com/
  4. Click on the "Sign in" button and choose "Continue with Google".
[Expected Result:]

The login to Tripadvisor is made.

[Actual Result:]

The login is not done, the following error is displayed: "Something went wrong. Please try logging in again".

[Notes:]

Reproducible also if trying to login with Facebook.
I could not reproduce this issue on Firefox 93 beta 9 nor on Firefox 92.0.1.
On Nightly 94.0a1 - the behavior is encountered also when the preference 'network.cookie.cookieBehavior' is set to 4.
Tried to look for a regression range, but all my attempts failed so far as I could also reproduce it on Nightly 93.0a1. When time permits I will look again into it.

Huh, yeah, this is an interesting breakage case that is related to blocking cross-site cookies. The main thing here is that the site seems to expect Google OneTap to work like it usually would (which it doesn't because they don't support "one tap" without cross-site cookies). Without that, it seems to error out in some way. However, upon reloading I could would suddenly get logged in with OneTap. Probably because Google has now access through the popup heuristic.

The reason why this doesn't affect release is because google.com is on the Level 2 list of ETP.

This may need a shim for both ETP/dFPI. The easiest thing to do here would be to reload the page after sign-in completes, alternatively we could call the SAA for accounts.google.com when the user interacts with the Google Sign-In button.

I'll add it to triage for our Thursday meeting.

Assignee: nobody → pbz
Status: NEW → ASSIGNED

Is this affecting Beta too or is it Nightly-only for now?

Flags: needinfo?(pbz)

I've tested the Google login via the popup (see STR), not the one tap login functionality.
The behavior seems inconsistent here. Every other login attempt will fail. I can even reproduce the login issue on Nightly if I disable ETP (including dFPI).
I cannot reproduce the issue on 93 beta or 94 release in both standard and strict ETP mode.

status-firefox94: affectedunaffected
status-firefox95: --- → affected
Flags: needinfo?(pbz)

The issue seems to come from defaulting same-site to lax. Setting network.cookie.sameSite.laxByDefault to false fixes the issue in Nightly and setting it to true in release breaks the site.

Blocks: sameSiteLax-breakage
No longer blocks: dfpi-breakage
Assignee: pbz → nobody
Status: ASSIGNED → NEW

I was just able to complete a login on Nightly with network.cookie.sameSite.laxByDefault set to true in both of the login flows (OneTap and the Sign In button that launches the popup).

I can no longer reproduce this issue, tried on macOS Big Sur 11.6 using the latest Nightly 95.0a1 and Firefox 94 beta 9.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.