"Sign in" is not recognized after enabling "Data Visualizer" add-in on office.com with ETP - Standard
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox97 | --- | affected |
People
(Reporter: oanaarbuzov, Assigned: timhuang)
References
(Blocks 3 open bugs, )
Details
Attachments
(3 files)
Environment:
Browser / Version: Firefox Nightly 97.0a1 (2021-12-29)
Operating System: Windows 10 Pro
Prerequisites:
ETP - Standard enabled.
Signed into Enterprise Microsoft account.
Steps to Reproduce:
- Navigate to
- Open a new blank workbook.
- Click "Insert" button from "Options" menu and choose "Office Add-ins" option.
- After "Office Add-ins" popup is displayed, click the "STORE" button.
- Select "Microsoft Visio Data Visualizer" add-in and add it to the workbook.
- Observe the "Data Visualizer" popup.
Expected Behavior:
"Sign in" is recognized and available "Flowcharts" are displayed.
Actual Behavior:
"Sign in" is not recognized, even if already sign into Microsoft account.
Notes:
- Screenshot attached.
- The issue is not reproducible with ETP disabled.
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
I can reproduce the issue. The root cause is that https://login.microsoftonline.com/
doesn't have storage access under https://outlookwebtest-my.sharepoint.com/
. So, it cannot access its login credential. This means that the Storage Access API should be called in https://login.microsoftonline.com/
when it's embedded in https://outlookwebtest-my.sharepoint.com/
so that this can work. And a shim is possible to fix this issue.
Assignee | ||
Updated•3 years ago
|
Updated•3 years ago
|
Comment 2•2 years ago
|
||
We have an intervention in place, see Bug 1740763. Lowering severity.
Comment 3•2 years ago
|
||
Tim, could you confirm this intervention is still working? Testing on Firefox stable on PROD RemoteSettings the Data Visualizer still does not seem to recognize the login.
The *,https://login.microsoftonline.com
entry is still in place.
Assignee | ||
Comment 4•2 years ago
|
||
Yes, this is also broken to me. I think they change their auth process because I need to allow the domain https://visio.officeapps.live.com
to make it work. Maybe we need to add it to our list.
Comment 5•2 years ago
|
||
Thanks! Tim, since you're assigned, could you please update the skiplist entries and the respective bugs? Perhaps we can (after testing) just drop the generic entries for the the microsoftonline and live endpoints now?
Assignee | ||
Comment 7•2 years ago
|
||
I am not entirely sure if we can drop those two entries. But I can check if it's possible.
Assignee | ||
Comment 8•2 years ago
|
||
Per my testing, we still need the live.com
endpoint to display the avatar icon. So, we couldn't drop it.
Assignee | ||
Comment 9•2 years ago
|
||
Oh, weird. The Data Visualizer addon works again even without allowing https://visio.officeapps.live.com
. Maybe Microsoft change something that doesn't require this allowlist entry anymore.
Comment 10•2 years ago
|
||
Could you please check again if we still need the allowlist entries for MS login? afaic this is the last remaining bug before we can remove the entries.
Assignee | ||
Comment 11•2 years ago
|
||
I can no longer access the Microsoft Enterprise test account.
Raul, Calin,
Could you help with testing this? To test if we still need the allowlist entry, you can disable the allowlist by flipping the pref privacy.antitracking.enableWebcompat
. And see if the problem still exists after disabling WebCompat interventions.
Comment 12•2 years ago
•
|
||
Hi Tim. I can still reproduce the issue with the pref set to FALSE in a clean profile. Setting the pref to TRUE (by default) in a clean profile does not present the reported issue, as with ETP set to STRICT, the account sign-in is recognized.
Tested with:
Browser / Version: Firefox Release 113.0.2 (64-bit)/ Firefox Nightly 115.0a1 (2023-05-23) (64-bit)
Operating System: Windows 10 PRO x64
Notes:
- Reproducible on the latest build of Firefox Nightly and Release.
- Accessing in a clean profile for the first time with the pref set to TRUE does not present the issue when accessing again with the pref set to FALSE.
Comment 13•2 years ago
|
||
Comment 14•2 years ago
•
|
||
Comment 15•2 years ago
|
||
The issue is reproducible for me as well with the pref set to false
and Strict ETP.
Tested on:
• Browser / Version: Firefox Nightly 115.0a1 (2023-05-23)
• Operating System: Windows 10
Description
•