Build 2.0.0.12 "unsupported" in "google apps for your domain" Gmail logon (HTTP redirect cookie reject)

RESOLVED WORKSFORME

Status

()

--
major
RESOLVED WORKSFORME
11 years ago
4 years ago

People

(Reporter: albo, Unassigned)

Tracking

({regression})

1.8 Branch
x86
Windows XP
regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

Upon attempted logon to GAfYD email, after validating userid/password, Google presents "unsupported browser/HTTP redirect cookie rejected" error.

See attached screen. 

This problem has been reported by other users on Google Groups. 

The problem began with download of 2.0.0.12. It did (does) not occur with 2.0.0.11 or prior releases. 

It does not occur with other browsers (IE, Safari, Opera, Avant). 

Attempt was made to re-install Firefox, clear history/cookies/cache.)

Happens with any of several GAfYD accounts, all MX-redirected. Does NOT occur with non-MX-redirected Gmail logons.

Firefox has performed this task properly for the past year or more!



Reproducible: Always

Steps to Reproduce:
1. Logon mail.google.com/a/mydomain.com or CNAME==> mail.mydomain.com (either of which has MX records set up as directed by GAfYD instructions)  
2. Enter userid and password
3. Receive described error
Actual Results:  
 As described

Expected Results:  
 Arrival at Gmail "Inbox" for the specified userid

 Security risk: logon already authenticated! User must acquire session on another browser in order to logoff.
(Reporter)

Comment 1

11 years ago
Created attachment 302312 [details]
Screen shot of Gmail logon message

Updated

11 years ago
Summary: Build 2.0.0.12 "unsupported" in MX-redirected Gmail logon (HTTP redirect cookie reject) → Build 2.0.0.12 "unsupported" in "google apps for your domain" Gmail logon (HTTP redirect cookie reject)
Version: unspecified → 2.0 Branch
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Version: 2.0 Branch → 1.8 Branch

Comment 2

11 years ago
dveditz, ss: per comment 0, this could be a regression from 2.0.0.11. are there any changes that leap to mind that could cause this?
Keywords: regression
Albo, are you seeing this with a new profile as well? This could be a bad extension. Nothing comes to mind off the top of my head, but I'll go through checkins and look.

http://kb.mozillazine.org/Profile_Manager

Comment 4

11 years ago
Albo, in case you haven't already, can you also verify this is a regression by re-installing .11 and making sure things work? (you can download old releases at ftp://ftp.mozilla.org/pub/firefox/releases/).
(Reporter)

Comment 5

11 years ago
The error began "spontaneously" upon application of 2.0.0.12! As stated, I tried to "remedy" the problem through various courses:
(1) purge cookies, history, cache; retry: no avail.
(2) uninstall, re-install Firefox, with NO add-ons; purge cookies, history, cache; no avail.

Additional hint, discovered later (perhaps this will help?) Attempted logon of a MX-redirected GAfYD email userid still fails. However, when one "truncates" the generated URL, one may continue with logon. For example:
===>http://mail.google.com/a/userid.com
[enter userid and password, either press enter or click "signon"]
[receive error shown in screen shot, note that generated URL includes
 search string ?auth=... where "..." is authorization code]
[truncate URL from question mark onward]
[logon successful]
(Reporter)

Comment 6

11 years ago
I will now re-install 2.0.0.11 as instructed!
(Reporter)

Comment 7

11 years ago
505 Permission denied upon trying to access 2.0.0.11 setup...I tried a simple click to download it! Please educate me on download procedure!

Comment 8

11 years ago
(In reply to comment #7)
> 505 Permission denied upon trying to access 2.0.0.11 setup...I tried a simple
> click to download it! Please educate me on download procedure!

odd... looks like this one works:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.11/win32/en-US/

also, if you start firefox using "firefox -P" (via Start->Run, or somesuch) you'll get the profile manager, which allows you to create and delete profiles. you'll want to create a new profile to test this stuff (and each time you install a new build).
(Reporter)

Comment 9

11 years ago
Having just installed 2.0.0.11 and attempting the target logon, I see that the logon proceeded correctly and as expected and as it should have and as it has in the past, thus proving (I think) something is amiss with 2.0.0.12
(Reporter)

Comment 10

11 years ago
***Just in case, and ever hopeful that it might aid in communication between Google and Firefox*** the problem report at Google is case number 240482389
I had Jay try logging into his "Google Apps for your Domain" email account and he had no trouble using Firefox 2.0.0.12.

Albo, is there any way you could provide an account for one of us temporarily to look at this?

Are you able to test on another platform? If so, does this only happen on Windows or are Linux and Mac affected as well.

And I didn't see a clear statement of it, so just to confirm, did you try with a new profile as recommended in comments 3 and 8? It'd help a lot to know if you experience the same error using Firefox 2.0.0.12 with a new profile. 
Keywords: qawanted
(Reporter)

Comment 12

11 years ago
FWIW, to enable logging on to my own four accounts, I've swapped them to go automatically to IETab...

(I'm not a wealthy man so...) I have only one platform: 2 laptops with XP/SP2. 

As per 3 and 8: I re-installed 2.0.0.11 and, indeed, the logons succeeded, WITH OR WITHOUT all add-ons/extensions! Unfortunately for me, I stoopidly left auto-update on, and, yesterday, Firefox updated itself back up to 2.0.0.12, and logons IMMEDIATELY began failing again!

As for providing you an account to logon, no problem. I'll give you access to one that isn't yet "actively" in use...that is, the CNAME hasn't been set to direct website traffic to the hosted files, but the MX records are in place.

You may try logging on to mail.google.com/a/paradisedreamhouse.com

Your userid is forwhom  and your password is thebelltolls
Thanks Albo. I'll do some testing tonight to try and reproduce what you're seeing.
(Reporter)

Comment 15

11 years ago
In my readings I see that one of the security problems fixed by 2.0.0.12 was "URL token stealing via stylesheet redirect"... It lead me to wonder if security-handling might be involved in the parsing of my "generated" logon URI ...as might be suspected from the behavior described in Comment 5 above.
Hey Albo,

Sorry for the delay. I went in and tested using the details you gave me in comment 12 (I made that comment private to view so that the login wasn't abused since this is a public bugzilla; when we're done testing everything and you remove it, let me know).

For each login I make, I have no problem at all logging in. 

I did note that the threads you linked to say this is reproducible on other platforms as well, but I tested using Windows XP.

The second thread you linked to says that the Better Gmail extension could cause this. I installed that extension and tested with it but also didn't seen an issue.

Are you still seeing it or did it go away? Better Gmail hasn't updated their extension to my knowledge [1] so if it's no longer reproducible, it's likely something Gmail did to fix this issue.

Let me know if this still happens and I'll try a few other things, but I kind of think Gmail fixed itself. I'd still like to see what caused it, especially since it happened with the switch to 2.0.0.12.

Thanks again, and sorry for the delay.

[1] https://addons.mozilla.org/en-US/firefox/addons/versions/4866
(Reporter)

Comment 17

11 years ago
OOops, you are obviously right. Gmail must have done something to fix the problem, and not had the courtesy to inform me.

I had been bypassing the problem by, targeting "http://mail.google.com/a/" for instancing in IETab, and so I hadn't noticed the problem had been resolved.

I must offer you my most humble redfaced apologies for not having noticed sooner and saved you some grief!

Thank you very much for your patient and generous attention.

Before I close it, though, how may I (if at all) help determine what happened between 2.0.0.11 and 2.0.0.12? (The test account is still there, if it would be useful, and I'd be glad to help, if I may.)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Thanks for confirming Albo. And no worries about not noticing. I should've tested sooner. :)

There's no good way to know what caused this without help from the Gmail team. There may likely be a real bug. We'll have to wait and see if another similar bug gets filed for a site that's less likely to change and work on that one.

You can close your test account (and let me know when you do).

Thanks for the help and thanks for reporting!
Resolution: FIXED → WORKSFORME
(Reporter)

Comment 19

11 years ago
Okay, I will close the account within 5 minutes of placing this comment. I will "Change resolution to FIXED" assuming you have the authority and will override it if I shouldn't have...
Resolution: WORKSFORME → FIXED
Yeah, we use the resolution "FIXED" to mean "we made a code change that fixed this issue" and "WORKSFORME" when we did nothing but it "magically" became fixed.

I just verified that the username and password no longer work and am un-privatizing that comment.

Thanks again!
Resolution: FIXED → WORKSFORME
Issue is Resolved - removing QA-Wanted Keywords - QA-Wanted query clean-up task
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.