Closed Bug 1449347 Opened 7 years ago Closed 4 years ago

hbr.org login doesn't work with Tracking protection enabled on Nightly

Categories

(Web Compatibility :: Desktop, defect, P3)

Product:
Web Compatibility
Component:
Desktop
Type:
defect

Tracking

(firefox87 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox87 --- fixed

People

(Reporter: fox2mike, Unassigned)

References

(Blocks 2 open bugs,
URL
)

Details

(Whiteboard: [tp-ads][tp-shim-complex][tp-login])

User Story

richrelevance.com
Hey folks, I'm on 61.0a1 (2018-03-27) (64-bit) and High Sierra 10.13.3 (17D102) hbr.org will refuse to log me in with tracking protection enabled. Figured I'd report it here, just in case there's a possibility this is something on our end or they're doing something incorrectly and we can reach out to them to fix. Thanks!
Blocks: tp-breakage
Priority: -- → P3
Whiteboard: tp-needsrepro
Blocks: tplogin
No longer blocks: tp-breakage
URL: https://hbr.org/
User Story: (updated)
Whiteboard: tp-needsrepro → tp-ads
I was able to reproduce this problem in Private Browsing mode (Fx 60). Looking at the devtools console, here are the blocked resources: The resource at “https://assets.adobedtm.com/9146204dcdccfe9dc3405fbec7e2354ec4405ec3/satelliteLib-71f6756d9ddcfd5530c44d483635a8363cb244a3.js” was blocked because tracking protection is enabled. The resource at “https://media.richrelevance.com/rrserver/js/1.2/p13n.js” was blocked because tracking protection is enabled. The resource at “https://assets.adobedtm.com/9146204dcdccfe9dc3405fbec7e2354ec4405ec3/satelliteLib-71f6756d9ddcfd5530c44d483635a8363cb244a3.js” was blocked because tracking protection is enabled. The resource at “https://media.richrelevance.com/rrserver/js/1.2/p13n.js” was blocked because tracking protection is enabled. The resource at “https://sb.scorecardresearch.com/beacon.js” was blocked because tracking protection is enabled. The resource at “https://connect.facebook.net/en_US/sdk.js” was blocked because tracking protection is enabled. So there are four domains to test: adobedtm.com richrelevance.com scorecardresearch.com facebook.net I opened the URL in a different browser profile (Fx 60, uMatrix installed, normal mode) and loaded the page. The Sign In link in the top-right corner didn't bring up the popup and instead redirected to a login page. I disabled the Spoof Referrer option in uMatrix and then whitelisted richrelevance.com (including frames): richrevelance.com media.richrevelance.com recs.richrevelance.com in order to make the "Sign in" link bring up the popup. The other resources (adobedtm.com, scorecardresearch.com and facebook.net) didn't help. The browser got stuck when I press the Sign In button, but when I reload the page, I'm logged in. I logged out and whitelisted gigya.com: gigya.com because I saw an error about it in the devtools. Then I was able to login successfully. So in conclusion: - gigya.com is in the Content category so we can ignore it - richrelevance.com is the offender and it's in the Advertising category
Component: Tracking Protection → Desktop
Priority: P3 → --
Product: Firefox → Tech Evangelism
Priority: -- → P3
Product: Tech Evangelism → Web Compatibility

Login seems to work for me on their site now except in strict mode (the "sign in" link doesn't even work).

In strict mode, the script https://media.richrelevance.com/rrserver/js/1.2/p13n.js is being blocked, which breaks the experience by causing their code to throw an r3_common not defined error. By spoofing some of the objects that script defines, I can log in just fine. Here is the minimum I needed to avoid JS errors on the HBR during the login process:

  window.rr_flush_onload = function() {};
  window.r3 = function() {};
  window.r3_home = function() {};
  window.RR = function() {};
  window.r3_common = function() {};
  r3_common.prototype = {
    addContext: function() {},
    addPlacementType: function() {},
    setUserId: function() {},
    setSessionId: function() {},
    setClickthruServer: function() {},
    setBaseUrl: function() {},
    setApiKey: function() {},
  };
Whiteboard: tp-ads → [tp-ads][[tp-shim-complex][tp-login]
Whiteboard: [tp-ads][[tp-shim-complex][tp-login] → [tp-ads][tp-shim-complex][tp-login]
No longer blocks: 1516552

I'm no longer able to reproduce the issue. I was able to sign in with ETP - Standard, ETP - Strict and on private window.
https://prnt.sc/w38b51

Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2020-12-14)
Operating System: Windows 10 Pro

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

(In reply to Thomas Wisniewski [:twisniewski] from comment #2)

Login seems to work for me on their site now except in strict mode (the "sign in" link doesn't even work).

In strict mode, the script https://media.richrelevance.com/rrserver/js/1.2/p13n.js is being blocked

A Rich Relevance shim was added in bug 1637329 and enabled in bug 1693386 for Firefox 87.

status-firefox87: --- → fixed
You need to log in before you can comment on or make changes to this bug.