Closed
Bug 680365
Opened 13 years ago
Closed 7 years ago
Content of m.youtube.com, mobile.twitter.com is not displayed if "Allow Cookies" is set to "No" - window.sessionStorage can be read but not used
Categories
(Firefox :: Settings UI, defect, P2)
Tracking
()
People
(Reporter: csuciu, Unassigned)
References
Details
(Whiteboard: [platform-rel-Youtube][platform-rel-Twitter])
Attachments
(1 file)
1.10 KB,
text/html
|
Details |
Build id : Mozilla/5.0 (Android;Linux armv7l;rv:9.0a1)Gecko/20110818 Firefox/9.0a1 Fennec/9.0a1 Device: HTC Desire OS: Android 2.2 Steps to reproduce: 1. Open Fennec App 2. Go to Preferences > Feedback Tools tab and enable the Error Console 3. Go to Preferences and set "Allow Cookies" to No 4. Exit Preferences and try to open "www.m.youtube.com" 5. Go to Preferences > Feedback Tools tab and enable the Error Console 6. Browse to www.google.com 7. Close the tab opened at step 6. Expected result: The content of "m.youtube" should be properly loaded and no error should be present in the Error Console Actual result: The content of "m.youtube" is not loaded. A blank white page is displayed without any content in it. Also the following error is generated continuously while the page is open: Error: uncaught exception:[Exception..."Security error" code:"1000" nsresult:"0x805303e8(NS_ERROR_DOM_SECURITY_ERR)" location:"http://m.youtube.com/index?desktop_uri=%2F&gl=US Line:612"]
Reporter | ||
Comment 1•13 years ago
|
||
Please ignore steps 5, 6 and 7. These steps were added by mistake.
desktop shows the youtube, and plays youtube videos.
Priority: -- → P3
Updated•13 years ago
|
Priority: P3 → --
Summary: Content of m.youtube.com is not displayed if "Allow Cokies" is set to "No" → Content of m.youtube.com is not displayed if "Allow Cookies" is set to "No"
Updated•13 years ago
|
Blocks: google-evangelism
Comment 3•13 years ago
|
||
Confirmed that I see this as well on Firefox mobile. Need to determine if this is a Firefox or website issue.
It seems like a user agent specific issue. iPhone 3 user agent also makes the screen go blank. Switched user agent to fennec on the desktop Firefox and set the privacy controls in the about:config : network.cookie.cookieBehavior;2 privacy.item.cookies;true I got the same result as fennec; the web page was blank. With the privacy setting still the same and the user agent switched to Firefox, I do see the videos.
Assignee: nobody → english-us
Component: General → English US
Product: Fennec → Tech Evangelism
QA Contact: general → english-us
Version: Trunk → unspecified
Updated•12 years ago
|
Assignee: english-us → nobody
Component: English US → Evangelism
Product: Tech Evangelism → Fennec Native
QA Contact: english-us → evangelism
Comment 5•12 years ago
|
||
Just tried this on the 4/5/2012 Nightly build. Confirmed this is still happening.
Updated•12 years ago
|
blocking-kilimanjaro: --- → ?
Comment 6•12 years ago
|
||
Youtube is a top site/app. Not showing content at all in a case where cookies are disabled could be troublesome, although I could see the argument that use case could happen less often, but I don't know. Might want to review this for kilimanjaro, as this relates to kilimanjaro.
Updated•12 years ago
|
blocking-kilimanjaro: ? → +
Updated•12 years ago
|
No longer blocks: google-evangelism
Updated•12 years ago
|
Blocks: google-evangelism
Updated•12 years ago
|
Blocks: youtube.com
Comment 7•12 years ago
|
||
Jason, have you looked into the cause of this bug? Comment 0 about the error makes it sounds like there is a chance this is an issue in our code base. Of course comment 4 makes it sounds like the issue is with YouTube - and I can confirm that the site functions (although it is not the same mobile site) using the desktop UA on mobile with cookies disabled. If we do need to pass this issue on to YouTube do we have any more information to provide to them?
Updated•12 years ago
|
Priority: -- → P2
Comment 8•12 years ago
|
||
(In reply to Lawrence Mandel [:lmandel] from comment #7) > Jason, have you looked into the cause of this bug? Comment 0 about the error > makes it sounds like there is a chance this is an issue in our code base. Of > course comment 4 makes it sounds like the issue is with YouTube - and I can > confirm that the site functions (although it is not the same mobile site) > using the desktop UA on mobile with cookies disabled. If we do need to pass > this issue on to YouTube do we have any more information to provide to them? Comparing stock vs. fennec native, stock does not reproduce this behavior when cookies are disabled, fennec native does. Are we sure this isn't a problem on our end? Exceptions thrown (the NS_ERROR things) are more likely to imply that it's a problem on our end (usually we catch them and report "useful" error messages). Moving to Core --> Security to check if this is a problem on our end.
Component: Evangelism → Security
Product: Fennec Native → Core
QA Contact: evangelism → toolkit
Updated•12 years ago
|
Priority: P2 → --
Comment 9•12 years ago
|
||
Unnoming nomination - I don't think minor issues with top sites should be blockers for k9o.
blocking-kilimanjaro: + → ?
Comment 10•12 years ago
|
||
I set P2 to indicate that this is a minor issue. Having P2 set causes the issue to show as minor on the compatibility dashboard. We can reset the priority based on any security feedback.
Priority: -- → P2
Comment 11•12 years ago
|
||
Leaving as k9o? until we can investigate the issue to identify whether this is a problem in our platform and whether there is any security concern.
Reporter | ||
Comment 12•12 years ago
|
||
Same issue on mobile.twitter.com. Page content is not displayed if cookies are disabled
Comment 13•12 years ago
|
||
Mark, Brad - Any idea what's going on in the YouTube and Twitter cases when cookies are disabled?
blocking-kilimanjaro: ? → ---
Comment 14•12 years ago
|
||
If I search for something with Twitter Search Engine and Cookies are disabled, a grey screen is displayed. -- Firefox 19.0a1 (2012-10-10) Device: Galaxy Note OS: Android 4.0.4
Comment 15•12 years ago
|
||
Cristian - Are you saying that this issue is reproducible on Twitter as well as YouTube? Can you reproduce the issue on any other sites?
Comment 16•12 years ago
|
||
(In reply to Lawrence Mandel [:lmandel] from comment #15) > Cristian - Are you saying that this issue is reproducible on Twitter as well > as YouTube? Can you reproduce the issue on any other sites? Yes, there is the same behavior for both. I didn't see the same issue for a different website so far, but I will post a comment if I will find another page.
Updated•12 years ago
|
Blocks: twitter.com
Summary: Content of m.youtube.com is not displayed if "Allow Cookies" is set to "No" → Content of m.youtube.com, mobile.twitter.com is not displayed if "Allow Cookies" is set to "No"
Comment 17•11 years ago
|
||
Hi, is there an update to this? Thanks
Reporter | ||
Comment 18•10 years ago
|
||
This is still an issue on the latest builds
Comment 19•10 years ago
|
||
In the Web console I get: # YOUTUBE - Cookies blocked GET http://m.youtube.com/ [HTTP/1.1 200 OK 131ms] GET https://accounts.google.com/ServiceLogin [HTTP/1.1 200 OK 81ms] SecurityError: The operation is insecure. m.youtube.com:175 TypeError: Fv is undefined m.youtube.com:557 GET http://m.youtube.com/gen_204 [HTTP/1.1 200 OK 57ms] Load denied by X-Frame-Options: https://accounts.google.com/ServiceLogin?hl=en&passive=true&uilel=3<mpl=mobile&service=youtube&continue=http%3A%2F%2Fm.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Dm%26feature%3Dmobile_passive%26hl%3Den%26next%3Dhttp%253A%252F%252Fm.youtube.com%252Fsignin_passive%253Foriginal_url%253Dhttp%25253A%25252F%25252Fm.youtube.com%25252F does not permit framing. # TWITTER - Cookies Blocked GET https://mobile.twitter.com/ [HTTP/1.1 200 OK 922ms] "Revision: babe59e70c003facec64103e9ea4124f2523fa4a" mobile.twitter.com:51 SecurityError: The operation is insecure. mobile.twitter.com:41 SecurityError: The operation is insecure. mobile.twitter.com:142 fwiw by putting Chrome UA, iphone UA, Opera UA in Firefox Desktop (instead of Firefox Android UA), we get the same behavior. So I don't think there is an evangelization issue here. I tried other Web sites. Facebook is working well, Mixi is working well. I tried Le Monde. BostonGlobe, they all displayed fine. I wonder if it's a blocking script which absolutely needs a cookie before processing further.
Comment 20•10 years ago
|
||
Is reading window.localStorage supposed to throw security errors when cookies are disabled? Not sure if that is the main issue but it seems likely (I know Twitter also uses localStorage)
Comment 21•10 years ago
|
||
(It also sure looks strange that they add a 0px times 0px IFRAME referencing an accounts.google.com URL that comes with X-Frame-Options header preventing it from actually loading into the IFRAME..) First security exception is thrown here: function Be(){var a=null;try{a=window.localStorage||null}catch(b){}this.B=a} This code obviously expects that localStorage can throw, and handles it by assigning null instead. However, it also tries to see if window.sessionStorage is available - and here Firefox is inconsistent, we allow reading sessionStorage but throw exceptions if you try to *use* it. Bad..
Comment 22•10 years ago
|
||
Updated•10 years ago
|
Summary: Content of m.youtube.com, mobile.twitter.com is not displayed if "Allow Cookies" is set to "No" → Content of m.youtube.com, mobile.twitter.com is not displayed if "Allow Cookies" is set to "No" - window.sessionStorage can be read but not used
Updated•8 years ago
|
platform-rel: --- → ?
Updated•8 years ago
|
Whiteboard: [platform-rel-Youtube]
Updated•8 years ago
|
Whiteboard: [platform-rel-Youtube] → [platform-rel-Youtube][platform-rel-Twitter]
Comment 23•8 years ago
|
||
I'm not sure who would own this and/or decide if we're ever going to work on it... ? (Note: I can't check STR)
Flags: needinfo?(sworkman)
Flags: needinfo?(sarentz)
Comment 24•8 years ago
|
||
Clearing the needinfo for Stefan. Chris, I know Cookies has overlap with Networking, but this is a privacy-related issue. Which component backlog do you think we should put this in?
Flags: needinfo?(sworkman)
Flags: needinfo?(sarentz)
Flags: needinfo?(ckerschb)
Comment 25•8 years ago
|
||
(In reply to Steve Workman [:sworkman] (please use needinfo) from comment #24) > Chris, I know Cookies has overlap with Networking, but this is a > privacy-related issue. Which component backlog do you think we should put > this in? Well, I agree it's tricky, but it sounds to me the problem is related to Preferences, hence I would categories this bug as: Product:Firefox Component: Preferences
Flags: needinfo?(ckerschb)
Comment 26•7 years ago
|
||
Is this bug still valid? I am unable to reproduce this issue by disabling cookies on Fennec. It's important to the Platform Reltations team that we understand if there's a problem here as it has impact on external partners (Twitter, YouTube, and possibly others)
Flags: needinfo?(sdeckelmann)
Flags: needinfo?(dbolter)
Comment 27•7 years ago
|
||
Let's try moving this to preferences per comment 25.
Component: Security → Preferences
Flags: needinfo?(dbolter)
Product: Core → Firefox
Comment 28•7 years ago
|
||
This issue was retested and it WFM on 54.0a1 (31.01.2017) and 52.0b2 by using the following devices: Prestigio Multi phone duo (Android 4.4.2), Nexus 4 (Android 5.1.1), Samsung Galaxy S6 EDGE (Android 6.0) and Nexus 6P(Android 7.0)
Comment 29•7 years ago
|
||
This also works for me with the STR. Let's go ahead and close.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(sdeckelmann)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•