Closed Bug 1126516 Opened 9 years ago Closed 9 years ago

Setting accessibility.blockautorefresh to true blocks login to impots.gouv.fr

Categories

(Firefox :: Disability Access, defect)

Product:
Firefox
Component:
Disability Access
Version:
35 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1070713

People

(Reporter: vincent-moz, Unassigned)

Details

When accessibility.blockautorefresh is set to true, I can't login to impots.gouv.fr.

For those who have an access:
1. Go to http://www.impots.gouv.fr/portal/static/
2. Click on "Particulier" (top/right).
3. Enter number and password.
4. Click on "Valider".

If accessibility.blockautorefresh is set to true, a blank page appears with an URL of the form https://cfspart.impots.gouv.fr/LoginMDP?op=c&url=... and the page source is empty. This is no notification. Reloading has no effect.

If accessibility.blockautorefresh is set to false, the right page appears (with a different URL).
Gijs, who can investigte this best?
Flags: needinfo?(gijskruitbosch+bugs)
Does this reproduce with invalid credentials? Because I can't reproduce with them, and because I don't have valid credentials, I can't really investigate what's going on. :-\
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(vincent-moz)
No, this is not reproducible with invalid credentials as in this case, one gets an error immediately.

FYI, here are the HTTP headers captured with the "Live HTTP headers" extension when I clicked on "Valider". I've replaced sensitive information by xxxx, yyyy, zzzz, and 9999 respectively.

https://cfspart.impots.gouv.fr/LoginMDP?op=c&url=xxxx=

POST /LoginMDP?op=c&url=xxxx= HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: application/xhtml+xml;q=0.95,text/html;q=0.9,text/xml;q=0.85,application/xml;q=0.85,text/plain;q=0.8,image/png,application/pdf;q=0.9,application/postscript;q=0.8,*/*;q=0.5
Accept-Language: fr-fr,fr;q=0.8,en-us;q=0.6,en-gb;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://cfspart.impots.gouv.fr/LoginMDP?op=c&url=xxxx=
Cookie: lemondgi=_test_client
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 212
url=xxxx%3D&LMDP_Spi=9999&LMDP_Password=yyyy&LMDP_Spi_tmp=9999&LMDP_Password_tmp=yyyy
HTTP/1.1 200 OK
Date: Wed, 28 Jan 2015 10:46:26 GMT
Server: Apache
refresh: 0; URL=https://cfspart.impots.gouv.fr/portal/dgi/public/prefsna2/gestionprefs?urlDest=xxxx%3D
Set-Cookie: lemondgi=zzzz; domain=.impots.gouv.fr; path=/
Via: anppusx008
Content-Length: 0
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Flags: needinfo?(vincent-moz)
Great, thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.