Closed Bug 1818497 Opened 2 years ago Closed 2 years ago

Unable to login on instagram.com

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 112
Platform:
All
Android
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox110 --- unaffected
firefox111 --- unaffected
firefox112 --- verified

People

(Reporter: ctanase, Unassigned)

References

(
URL
)

Details

Attachments

(2 files)

instagram FF focus.png
78.86 KB, image/png
Details
instagram issue.png
1.30 MB, image/png
Details
Attached image instagram FF focus.png

Environment:
Operating system: OnePlus 6 A6000 (Android 11) / Google Pixel 5 (Android 13)
Firefox version: Firefox Focus 110.0-20230213213738 / Firefox Focus Nightly 112.0a1-20230222214030

Steps to reproduce:

  1. Go to https://www.instagram.com
  2. Log into your account.
  3. Observe the behaviour.

Expected Behaviour:
The account login is possible.

Actual Behaviour:
The login is not possible, error displayed "CSRF token missing or incorrect".

Notes:

  1. Screenshot provided
  2. Reproducible on both Firefox Focus and Firefox Focus Nightly
  3. Not reproducible on Firefox Release and Firefox Nightly in private (regardless of the ETP status)
Attached image instagram issue.png

I was able to reproduce this issue on the latest Focus Nightly build 112.0a1 from 2/23 with Oppo Reno 6 (Android 12).

I had a hunch it is somewhat related to some Cookie banner preference from about:config (because of this issue: https://github.com/mozilla/cookie-banner-rules-list/issues/173).
So, when setting in Focus, in about:config, the 'cookiebanners.service.detectOnly' pref from false to true, I was able to log in to instagram without issues. When I set it back to false, I wasn't able to log in anymore.

I'm not 100% sure that this is the main cause, but maybe it helps.
Thank you!

Flags: needinfo?(pbz)

This is https://github.com/mozilla/cookie-banner-rules-list/issues/173
I've just merged a change into RemoteSettings that should disable the offending rule on mobile. Could you please help verifying that this fixes the issue? It may take a while for the RemoteSettings changes to be distributed via the CDN.
On a fresh profile after the change you should see the cookie banner again and interacting with it and logging into your account after that should work.

Flags: needinfo?(pbz) → needinfo?(mlobontiuroman)

The issue is still reproducible on the latest Focus Nightly 112.0a1 from 2/24 on the same Oppo Reno 6 (Android 12) device.
I'll test again in the following days.

Flags: needinfo?(mlobontiuroman)

I don't have a test account at hand (my test accounts keep getting blocked), but I was able to verify that my Google Pixel 5 on Fenix does no longer get served the rule for instagram.com and thus should not apply it. It may take a while for the change to appear on your phone. Thanks for testing!

I was able to log in to instagram.com on the latest Focus Nightly 112.0a1 from 2/27 with the following devices:

  • Google Pixel 6 (Android 13),
  • Oppo Reno 6 (Android 12), and
  • Lenovo tablet M10 (Android 10).

I'll close this bug as verified, fixed.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
status-firefox112: --- → verified

Moving to Privacy: Anti-tracking in case that's helpful for future validations.

Component: General → Privacy: Anti-Tracking
Product: Focus → Core

I verified that I can successfully log into Instagram using Focus 110 and Focus Beta 111.

status-firefox110: --- → unaffected
status-firefox111: --- → unaffected
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: