Closed Bug 418559 Opened 14 years ago Closed 11 years ago

unsmooth login at shopping.aol.com (NS_ERROR_DOM_PROP_ACCESS_DENIED and page doesn't refresh)

Categories

(Tech Evangelism Graveyard :: English US, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: santhosh.gowda, Unassigned)

References

()

Details

(Keywords: regression)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3

not able to login to shopping.aol.com below are the error in the "error console" window.

Please look into this.

Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "http://sns-static.aolcdn.com/sns/3.6r1/js/window.js Line: 56"]


Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "https://my.screenname.aol.com/_cqr/login/login.psp Line: 29"]


Thanks
Santhosh

Reproducible: Always

Steps to Reproduce:
1.Open shopping.aol.com in ff3beta3
2.Click on the "Sign In" link on the top right corner of the window.(below "Hi Guest!"
3.login page layer is loaded, enter an AIM acct/password and click Sign In.
Actual Results:  
The screen just hangs, not able to login at all below is the error in error console.

Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "http://sns-static.aolcdn.com/sns/3.6r1/js/window.js Line: 56"]


Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "https://my.screenname.aol.com/_cqr/login/login.psp Line: 29"]


Expected Results:  
login should be successful and the same page should be reloaded with your acct.

Nothing
Summary: Not able to login into shopping.aol.com → Not able to login into shopping.aol.com (NS_ERROR_DOM_PROP_ACCESS_DENIED)
Version: unspecified → Trunk
any update on this ? 
this is a firefox issue right ?

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008022103 Minefield/3.0b4pre ID:2008022103

I see the problem with the above build and a new profile. Once I enter my login details and hit Sign In, the login dialog should disappear and the page should change to indicate I've logged in.

What happens is the login dialog mostly disappears (just leaving its outline), the page doesn't update to indicate I've logged in, and the error console gets:

Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "https://my.screenname.aol.com/_cqr/login/login.psp Line: 29"]

However, if I refresh the page, then the page does show I've logged in OK. Also, the password bar appears after I click Sign In, indicating that firefox knows the site has accepted my password properly, even tho Firefox doesn't refresh the page to show that I've logged in successfully.

This all works fine in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13pre) Gecko/2008021403 BonEcho/2.0.0.13pre

Maybe a Tech Evang bug, I'll have to find a range first.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regression
Works: 20080127_0028_firefox-3.0b3pre.en-US.win32
Broken: 20080127_1444_firefox-3.0b3pre.en-US.win32

Checkins to module PhoenixTinderbox between 2008-01-27 00:28 and 2008-01-27 14:44 : 
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-01-27+00%3A28&maxdate=2008-01-27+14%3A44&cvsroot=%2Fcvsroot

Bug 408052 looks relevant. CC'ng some people from that bug.
Flags: blocking-firefox3?
Summary: Not able to login into shopping.aol.com (NS_ERROR_DOM_PROP_ACCESS_DENIED) → unsmooth login at shopping.aol.com (NS_ERROR_DOM_PROP_ACCESS_DENIED and page doesn't refresh)
--> Core::Security
Assignee: nobody → dveditz
Component: General → Security
Flags: blocking-firefox3?
Product: Firefox → Core
QA Contact: general → toolkit
Flags: blocking1.9?
Better range
  Works: 20080127_1106_firefox-3.0b3pre.en-US.win32
  Broken: 20080127_1142_firefox-3.0b3pre.en-US.win32
Checkins to module PhoenixTinderbox between 2008-01-27 11:06 and 2008-01-27 11:42 : 
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-01-27+11%3A06&maxdate=2008-01-27+11%3A42&cvsroot=%2Fcvsroot
--> Bug 408052 for sure
Blocks: 408052
Adam, Collin, can you look into this please?  I assume CheckLoadingPermissions is failing, right?  Should it be, in this case?

Steve, could you possibly attach the source of the file that the JS exception is thrown in?  I get a server error when I try to load it.
This page has very similar behavior in Internet Explorer 7.  In IE7, the failed navigation generates a generates a popup window (which is blocked) and the login process hangs.  In Firefox, the failed navigation generates an exception.  If you allow popups in IE7, the login process still hangs in the same way as in Firefox.  In either browser, reloading the page after the hang completes the login process.

We could match the IE7 behavior exactly if we generated a request for a new window (instead of an exception) when assigning to wnd.location failed.  See this test case:

http://crypto.stanford.edu/~abarth/research/nav-pointer/frame1.html
I think this has to be solved with tech evangelism.

The frame hierarchy that AOL is using is the following:

shopping.aol.com
  -> shopping.aol.com
    -> my.screenname.aol.com (tries to navigate parent)

When you click the login button, the site is doing a browser detect and taking a different action based on the browser being used. The Firefox code path assumes a permissive frame navigation policy, while the Safari code path doesn't bother to navigate parent, it navigates top instead. You can *almost* get it to work by spoofing the Safari user agent, but it breaks later on because there's another browser detect later that tries to use the Safari-specific window.currentDomain feature.
I misspoke... window.currentDomain isn't a Safari feature. The site's simply broken on Safari. 

I tried Safari 3.0.4 (5523.10.6).
Incidentally, the "Standard Sign-In Screen" link below the "sign in" button sends users to a login page that is broken in all browsers (IE6, IE7, Firefox 2, Firefox 3, Safari 2, Safari 3, Opera, etc.) After logging in, you get a blank page.

https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=shopping.aol.com&authLev=1&siteState=OrigUrl%3Dhttp%253A%252F%252Fshopping.aol.com%252Fsns.htm&lang=en&locale=us&seamless=y

If we contact AOL, it might be worth mentioning this issue to them as well.
Over to evangelism.  Adam, Collin, thanks for digging into this!
Assignee: dveditz → english-us
Component: Security → English US
Flags: blocking1.9?
Product: Core → Tech Evangelism
QA Contact: toolkit → english-us
Version: Trunk → unspecified
INCOMPLETE due to lack of activity since the end of 2009.

If someone is willing to investigate the issues raised in this bug to determine whether they still exist, *and* work with the site in question to fix any existing issues, please feel free to re-open and assign to yourself.

Sorry for the bugspam; filter on "NO MORE PRE-2010 TE BUGS" to remove.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.