Some Chinese sites are broken in Firefox 96
Categories
(Core :: Networking: Cookies, defect, P2)
Tracking
()
People
(Reporter: yyzh888888, Unassigned)
References
(Regression)
Details
(Keywords: regression, webcompat:needs-diagnosis, Whiteboard: [necko-triaged])
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Steps to reproduce:
用火狐浏览器,淘宝购物后无法收货。这是一个大BUg, 将令火狐失去中国市场。
Actual results:
用火狐浏览器,淘宝购物后无法收货。这是一个大BUg, 将令火狐失去中国市场。
Expected results:
用火狐浏览器,淘宝购物后无法收货。这是一个大BUg, 将令火狐失去中国市场。
我认为您应当提供具体的信息,而不是扔下一句“这是一个大BUg, 将令火狐失去中国市场。”就离开。
|
||
Comment 2•3 years ago
|
||
The Bugbug bot thinks this bug is invalid.
If you think the bot is wrong, please reopen the bug and move it back to its prior component.
Please note that this is a production bug database used by the Mozilla community to develop Firefox, Thunderbird and other products.
Filing test bugs here will waste the time of our contributors, volunteers and employees.
If you continue to abuse bugzilla.mozilla.org, your account will be disabled.
The reporter said he was can't to confirm the shopping order on taobao.com website.
This is a new topic in the Chinese forum. Dupe it if repeated.
Based on a post, worldwide.jd.com, qidian.com, pan.baidu.com, etc. are affected.
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 4•3 years ago
|
||
Set release status flags based on info from the regressing bug 1617609
|
||
Updated•3 years ago
|
|
||
Comment 5•3 years ago
|
||
comment 0 was:
Using the Firefox browser, Taobao could not receive the goods after shopping. This is a big bug that will make Firefox lose the Chinese market.
comment 1 was telling the original reporter that they needed to leave more specific information
I tried a few of them but didn't get very far -- they seemed to want me to sign in with various apps. But as far as I was able to check none of the sites use explicit SameSite cookie attributes so in Firefox 96 they would get "SameSite=lax". But I'm seeing the same thing in Chrome, which has turned unspecified cookies into SameSite=Lax since August 2020.
Does Chrome work on these sites?
(In reply to Daniel Veditz [:dveditz] from comment #5)
comment 0 was:
Using the Firefox browser, Taobao could not receive the goods after shopping. This is a big bug that will make Firefox lose the Chinese market.
comment 1 was telling the original reporter that they needed to leave more specific information
I tried a few of them but didn't get very far -- they seemed to want me to sign in with various apps. But as far as I was able to check none of the sites use explicit SameSite cookie attributes so in Firefox 96 they would get "SameSite=lax". But I'm seeing the same thing in Chrome, which has turned unspecified cookies into SameSite=Lax since August 2020.
Does Chrome work on these sites?
I can see the lax errors in https://www.qidian.com/. Tested version: FIREFOX_96_0_BUILD2.
STR:
- Open the https://www.qidian.com/.
- Click the 登录 (Login) in the upper-right corner.
- Try to log in to a registered account. I used WeChat, but the international mobile phone should be feasible with the "手机验证码登录" (SMS Login).
Console warnings when logon authentication is successful:
Some cookies are misusing the “SameSite“ attribute, so it won’t work as expected
Cookie “newstatisticSID” has “SameSite” policy set to “Lax” because it is missing a “SameSite” attribute, and “SameSite=Lax” is the default value for this attribute. phoneAreaSortNew.js:472:12
Cookie “newstatisticSID” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. phoneAreaSortNew.js:472:12
....
Google Chrome 97.0.4692.99 work fine.
|
||
Comment 7•3 years ago
|
||
If this is samesite lax, let's move to networking to get it out of Fx::General.
|
||
Comment 8•3 years ago
|
||
marking as disabled for fx96 since we set sameSite.laxByDefault and sameSite.noneRequiresSecure to false via a pref flip
|
|
||
Comment 9•3 years ago
|
||
Disabled for 97 also by way of bug 1751435.
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 10•3 years ago
|
||
The bug has a release status flag that shows some version of Firefox is affected, thus it will be considered confirmed.
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 11•3 years ago
|
||
A needinfo is requested from the reporter, however, the reporter is inactive on Bugzilla. Closing the bug as incomplete.
For more information, please visit auto_nag documentation.
|
||
Comment 12•3 years ago
|
||
(In reply to YF (Yang) from comment #6)
STR:
- Open the https://www.qidian.com/.
- Click the 登录 (Login) in the upper-right corner.
- Try to log in to a registered account. I used WeChat, but the international mobile phone should be feasible with the "手机验证码登录" (SMS Login).
I can confirm the site is still broken with sameSiteLax = true with the steps above. If I flip the pref login works.
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
||
Comment 13•1 year ago
|
||
We won't be shipping samesitelax by default, so all of this breakage bug can be closed: Bug 1617609
Description
•