Open Bug 1998019 Opened 3 months ago Updated 11 days ago

www.albertsons.com - search doesn't work on a number of Albertsons Companies grocery sites

Categories

(Web Compatibility :: Site Reports, defect, P2)

Product:
Web Compatibility
Component:
Site Reports
Version:
Firefox 131
Platform:
Desktop
Windows
Type:
defect

Tracking

(Webcompat Priority:P2, Webcompat Score:5)

Project Flags:
Webcompat Priority P2
Webcompat Score 5

People

(Reporter: ksenia, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Keywords: webcompat:needs-contact, webcompat:site-report, Whiteboard: [webcompat-source:product])

User Story

user-impact-score:120
platform:windows,mac,linux
impact:workflow-broken
configuration:general
affects:some
branch:release

Environment:
Operating system: Desktop
Firefox version: Firefox 144.0.2 (release)

Preconditions:

  • Clean profile

Steps to reproduce:

  1. Navigate to: https://www.albertsons.com/ and perform search for "milk"
  2. Observe the page

Expected Behavior:
Products loaded

Actual Behavior:
Endless spinning indicator

Notes:

  • Reproducible on the latest Firefox Release and Nightly (it was initially working in Nightly for me, but then stopped despite clearing cache)
  • Reproducible regardless of the ETP setting
  • Works as expected using Chrome

Created from webcompat-user-report:975cce43-a5e5-418d-af90-9beb663fa33a

There is an extremely aggressive Incapsula/Imperva firewall on the API endpoint https://www.albertsons.com/abs/pub/xapi/pgmsearch/v1/search/products that depends on the value of the reese84 cookie sent with the request.

The resse84 cookie is created by a completely obfuscated script with a dynamic URL, inserted right before the closing HTML tag, that's a part of the incapsula/imperva WAF.

In chrome/edge, the value of this cookie is "good" and the request succeeds.
In firefox, the value of this cookie is "bad" and the request hangs forever.

You can even send a curl request with a firefox user agent with the value of the cookie from chrome and the request will succeed.

Also present on
https://www.vons.com/shop/search-results.html?q=milk&tab=products
https://www.albertsons.com/shop/search-results.html?q=milk&tab=products (same company)

Sorry, meant https://www.safeway.com/shop/search-results.html?q=milk&tab=products as the 2nd example

User Story: (updated)
Webcompat Score: --- → 1
Severity: -- → S4
User Story: (updated)
Webcompat Priority: --- → P2
Webcompat Score: 1 → 5
Keywords: webcompat:needs-contact
Priority: -- → P2

Thank you for the investigation, Liam. albertsons.com search appears to be working today, but safeway.com and vons.com are still broken

See Also: → 2001341
See Also: → 2000009
Depends on: 2011267

I can still reproduce this on https://www.vons.com/shop/search-results.html?q=milk&tab=products

Another affected store:
https://www.shaws.com/shop/search-results.html?q=milk&tab=products

The full list of Albertsons Companies https://www.albertsonscompanies.com/home/default.aspx

Summary: www.albertsons.com - search doesn't work → www.albertsons.com - search doesn't work on
URL: https://www.albertsons.com/https://www.shaws.com/shop/search-res...
Summary: www.albertsons.com - search doesn't work on → www.albertsons.com - search doesn't work on a number of Albertsons Companies grocery sites
You need to log in before you can comment on or make changes to this bug.