Closed Bug 1787206 Opened 2 years ago Closed 2 months ago

Specific test from TestRail cannot be interacted with from Firefox when samesite lax by default is enabled (breaks SSO login state in some way)

Categories

(Core :: Networking: Cookies, defect, P2)

Product:
Core
Component:
Networking: Cookies
Version:
Firefox 105
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- disabled
firefox104 --- disabled
firefox105 --- disabled
firefox106 --- disabled
firefox107 --- disabled
firefox108 --- disabled

People

(Reporter: vsangerean, Unassigned)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(1 file)

TestRail.gif
5.21 MB, image/gif
Details
Attached image TestRail.gif

Found in
105.0b2

Affected versions
105.0b1
105.0b2
106.0a1
Not reproducible in 104.0

Tested platforms
Affects all Desktop versions of FF

Steps to reproduce

  1. Go to https://testrail.stage.mozaws.net/index.php?/tests/view/4457269&group_by=cases:section_id&group_id=191843&group_order=asc
  2. Click on "+ Add Result"

Expected result
The "Add result" window should be open, and test result can be properly set.

Actual result
You are not logged in prompt is displayed.
Errors are present in the browser console :
"Cookie “tr_rememberme” has been rejected because it is already expired. index.php
Cookie “notificationbar” has been rejected because it is already expired."

Regression range

Has STR: --- → yes

:vsangerean, if you think that's a regression, could you try to find a regression range using for example mozregression?

Keywords: regressionwindow-wanted

This regression window doesn't make sense - bug 1744945 got fixed in Firefox 97 but comment 0 says release (Fx104) is fine.

Does testrail actually use samesite cookies? Can you re-check the regression range and/or whether this repros on 104?

Component: General → Networking: Cookies
Flags: needinfo?(vsangerean)
Product: Firefox → Core

(In reply to Virgil Sangerean from comment #0)

Steps to reproduce

  1. Go to https://testrail.stage.mozaws.net/index.php?/tests/view/4457269&group_by=cases:section_id&group_id=191843&group_order=asc
  2. Click on "+ Add Result"

I just tried to reproduce but I do not see this item. Where is it and is it visible to all users?

Severity: S2 → --

I still can't see the "Add result" button but I also get prompted to log in if I click "history & context" and "defects" tabs, near the top.

If I turn off network.cookie.sameSite.laxByDefault then the site works correctly. This explains the regression window and why it's working on release - we haven't enabled that pref on release (or on late beta, so later betas shouldn't have this problem either)

Blocks: sameSiteLax-breakage
status-firefox104: unaffecteddisabled
status-firefox105: affecteddisabled
Regressed by: 1744945
Summary: Specific test from TestRail cannot be interacted with from Firefox → Specific test from TestRail cannot be interacted with from Firefox when samesite lax by default is enabled (breaks SSO login state in some way)
Flags: needinfo?(vsangerean)

Set release status flags based on info from the regressing bug 1744945

status-firefox-esr102: --- → affected
status-firefox-esr91: --- → unaffected
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]

Set release status flags based on info from the regressing bug 1744945

status-firefox107: --- → affected

We won't be shipping samesitelax by default, so all of this breakage bug can be closed: Bug 1617609

Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: