Closed Bug 1785281 Opened 2 years ago Closed 2 years ago

Google Login broken on custom rally domain owing to total cookie protection

Categories

(Core :: Privacy: Anti-Tracking, defect, P1)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
105 Branch
Tracking Flags:
Tracking Status
firefox105 --- fixed

People

(Reporter: akaila, Assigned: pbz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1785281 - Extend Firebase sign-in shim to handle custom domain allizom.org. r=twisniewski!
48 bytes, text/x-phabricator-request
Details | Review

Repro steps:

  • In nightly 105 build visit https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com and try to login with Google
  • The site redirects to Google login and redirects back trying to set cookies on auth domain: members.rally.allizom.org.
  • Console prints the warning: Some cookies are misusing the “SameSite“ attribute, so it won’t work as expected

Proposed fix: Extend shim to custom allizom domain.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Severity: -- → S3
Priority: -- → P1
Blocks: dfpi-breakage
Depends on: 1782772
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ecef8322bf48
Extend Firebase sign-in shim to handle custom domain allizom.org. r=twisniewski,webcompat-reviewers

https://hg.mozilla.org/mozilla-central/rev/ecef8322bf48

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox105: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch

Could you test again on an up-to-date Nightly and a fresh profile to see if the issue has been fixed? Thank you!

Flags: needinfo?(akaila)

Tried out with a new profile on 105.0a1 and noticed that https://members.rally.allizom.org worked but https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com did not. Also https://stage.rally-web.nonprod.dataops.mozgcp.net worked for the same web app.

Flags: needinfo?(akaila)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Looks like we didn't cover the domain members.rally.mozilla.org which https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com uses for the redirect sign-in flow. I'm creating a patch.

Blocks: 1786305

Comment on attachment 9290677 [details]
Bug 1785281 - Add members.rally.mozilla.org redirect to Firebase sign-in shim. r=twisniewski!

Revision D155092 was moved to bug 1786305. Setting attachment 9290677 [details] to obsolete.

Attachment #9290677 - Attachment is obsolete: true

Landing the patch for the other domain in Bug 1786305 because that's targetting 106 now. We can do an uplift later.

Could you try again with the latest version of Nightly now that Bug 1786305 landed? Thank you! If that fixes it I'll uplift the change to 105.

Flags: needinfo?(akaila)

Tested and all domains work in 106. We can mark this as fixed! Thanks

Flags: needinfo?(akaila)
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: