Closed Bug 1778325 Opened 3 months ago Closed 2 months ago

Allow Windows SSO in iframes

Categories

(Core :: Networking, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
105 Branch
Tracking Status
firefox-esr102 --- fixed
firefox104 --- fixed
firefox105 --- fixed

People

(Reporter: mkaply, Assigned: mkaply)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Right now we only attach Microsoft cookie headers to top level documents.

Microsoft has usecases that use iframes that require auth as well.

I can't find any specific reason we did top level documents (that was my patch).

To recreate,

Go to

https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe

and use https://login.microsoftonline.com

Please let me know if this should have a higher priority?

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [necko-triaged]

Sorry, I should have said something.

This does need a higher priority, it's a reported problem on the Microsoft side from their customers.

I was planning to fix.

I think it's just a matter of adding SUBDOCUMENT to that if check.

Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/b238bd6a073b
Allow WindowsSSO in iframes. r=dragana,necko-reviewers
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch

Comment on attachment 9284715 [details]
Bug 1778325 - Allow WindowsSSO in iframes. r?dragana

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Mainly enterprise features around Windows SSO
  • User impact if declined: Some Microsoft apps can't authenticate
  • Fix Landed on Version: 105
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Impacts preffed off feature, just adds new entry to if statement.

Beta/Release Uplift Approval Request

  • User impact if declined: Mainly enterprise features around Windows SSO
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce: Tested by Microsoft
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Impacts preffed off feature, just adds new entry to if statement.
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9284715 - Flags: approval-mozilla-esr91?
Attachment #9284715 - Flags: approval-mozilla-esr102?
Attachment #9284715 - Flags: approval-mozilla-beta?
Attachment #9284715 - Flags: approval-mozilla-esr91?

Comment on attachment 9284715 [details]
Bug 1778325 - Allow WindowsSSO in iframes. r?dragana

Approved for 104.0b8

Attachment #9284715 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment on attachment 9284715 [details]
Bug 1778325 - Allow WindowsSSO in iframes. r?dragana

Approved for 102.2esr.

Attachment #9284715 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

removing the qe-verify+ flag, as we cannot verify this. Microsoft already tested this.

QA Whiteboard: [qa-triaged]
Flags: qe-verify+

Just to close the loop, I had sent Microsoft a link to a try build with the fix and they emailed that it was definitely fixed.

You need to log in before you can comment on or make changes to this bug.