Closed Bug 901697 Opened 8 years ago Closed 3 years ago

Packaged app can't set session cookie after logging in with Persona

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ggp, Unassigned)

Details

I have a packaged app that needs Persona login. I used the workaround described in https://github.com/mozilla/browserid/issues/3205#issuecomment-16193067 to get Persona to verify on my server; however, when the server attempts to set a session cookie in the app in response to the Persona login, that cookie is not sent in subsequent requests. 

In order to do an XHR request to my server from the packaged app, I had to request the systemXHR permission and use the mozSystem option on XmlHttpRequest. It seems systemXHR doesn't allow cookies to be set; if that's the case, what is the alternative?

Finally, the following shows up in the JS console (I'm doing all of this in the simulator) and could be related:

ThirdPartyCookieProbe: Uncaught error [Exception... "Component returned failure code: 0x804b0051 (NS_ERROR_HOST_IS_IP_ADDRESS) [nsIEffectiveTLDService.getBaseDomainFromHost]"  nsresult: "0x804b0051 (NS_ERROR_HOST_IS_IP_ADDRESS)" location: "JS frame :: resource://gre/modules/ThirdPartyCookieProbe.jsm :: normalizeHost :: line 181"  data: no]
Also, using a host name instead of an IP, we still get an exception:

ThirdPartyCookieProbe: Uncaught error [Exception... "Component returned failure code: 0x804b0050 (NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) [nsIEffectiveTLDService.getBaseDomainFromHost]"  nsresult: "0x804b0050 (NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS)"  location: "JS frame :: resource://gre/modules/ThirdPartyCookieProbe.jsm :: normalizeHost :: line 181"  data: no]

https://mxr.mozilla.org/mozilla-central/source/toolkit/components/telemetry/ThirdPartyCookieProbe.jsm#181 just calls https://mxr.mozilla.org/mozilla-central/source/netwerk/dns/nsEffectiveTLDService.cpp#196
> what is the alternative?

A short-term workaround would be to use getResponseHeader on the XHR to get the cookie value and then store that in localStorage. You'd obviously need to then pass the value to each subsequent XHR to the server.
(In reply to Matt Basta [:basta] from comment #2)
> A short-term workaround would be to use getResponseHeader on the XHR to get
> the cookie value and then store that in localStorage.

This works, thanks!

As a side note, I'm not entirely sure _why_ this works though: as far as I can see in the spec [1], you're not supposed to be able to retrieve the cookie from an XHR using getResponseHeader...

1- https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-getresponseheader%28%29-method
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.