Google Login broken on custom rally domain owing to total cookie protection
Categories
(Core :: Privacy: Anti-Tracking, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox105 | --- | fixed |
People
(Reporter: akaila, Assigned: pbz)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
Repro steps:
- In nightly 105 build visit https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com and try to login with Google
- The site redirects to Google login and redirects back trying to set cookies on auth domain: members.rally.allizom.org.
- Console prints the warning: Some cookies are misusing the “SameSite“ attribute, so it won’t work as expected
Proposed fix: Extend shim to custom allizom domain.
Assignee | ||
Comment 1•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ecef8322bf48 Extend Firebase sign-in shim to handle custom domain allizom.org. r=twisniewski,webcompat-reviewers
Comment 3•2 years ago
|
||
bugherder |
Assignee | ||
Comment 4•2 years ago
|
||
Could you test again on an up-to-date Nightly and a fresh profile to see if the issue has been fixed? Thank you!
Tried out with a new profile on 105.0a1 and noticed that https://members.rally.allizom.org worked but https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com did not. Also https://stage.rally-web.nonprod.dataops.mozgcp.net worked for the same web app.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 6•2 years ago
|
||
Looks like we didn't cover the domain members.rally.mozilla.org
which https://moz-fx-data-rally-w-prod-dfa4.firebaseapp.com uses for the redirect sign-in flow. I'm creating a patch.
Assignee | ||
Comment 7•2 years ago
|
||
Comment 8•2 years ago
|
||
Comment on attachment 9290677 [details]
Bug 1785281 - Add members.rally.mozilla.org redirect to Firebase sign-in shim. r=twisniewski!
Revision D155092 was moved to bug 1786305. Setting attachment 9290677 [details] to obsolete.
Assignee | ||
Comment 9•2 years ago
|
||
Landing the patch for the other domain in Bug 1786305 because that's targetting 106 now. We can do an uplift later.
Assignee | ||
Comment 10•2 years ago
|
||
Could you try again with the latest version of Nightly now that Bug 1786305 landed? Thank you! If that fixes it I'll uplift the change to 105.
Reporter | ||
Comment 11•2 years ago
|
||
Tested and all domains work in 106. We can mark this as fixed! Thanks
Description
•