Closed Bug 1449347 Opened 7 years ago Closed 4 years ago

hbr.org login doesn't work with Tracking protection enabled on Nightly

Categories

(Web Compatibility :: Desktop, defect, P3)

defect

Tracking

(firefox87 fixed)

RESOLVED FIXED
Tracking Status
firefox87 --- fixed

People

(Reporter: fox2mike, Unassigned)

References

(Blocks 2 open bugs, )

Details

(Whiteboard: [tp-ads][tp-shim-complex][tp-login])

User Story

richrelevance.com
Hey folks, I'm on 61.0a1 (2018-03-27) (64-bit) and High Sierra 10.13.3 (17D102) hbr.org will refuse to log me in with tracking protection enabled. Figured I'd report it here, just in case there's a possibility this is something on our end or they're doing something incorrectly and we can reach out to them to fix. Thanks!
Blocks: tp-breakage
Priority: -- → P3
Whiteboard: tp-needsrepro
Blocks: tplogin
No longer blocks: tp-breakage
User Story: (updated)
Whiteboard: tp-needsrepro → tp-ads
I was able to reproduce this problem in Private Browsing mode (Fx 60). Looking at the devtools console, here are the blocked resources: The resource at “https://assets.adobedtm.com/9146204dcdccfe9dc3405fbec7e2354ec4405ec3/satelliteLib-71f6756d9ddcfd5530c44d483635a8363cb244a3.js” was blocked because tracking protection is enabled. The resource at “https://media.richrelevance.com/rrserver/js/1.2/p13n.js” was blocked because tracking protection is enabled. The resource at “https://assets.adobedtm.com/9146204dcdccfe9dc3405fbec7e2354ec4405ec3/satelliteLib-71f6756d9ddcfd5530c44d483635a8363cb244a3.js” was blocked because tracking protection is enabled. The resource at “https://media.richrelevance.com/rrserver/js/1.2/p13n.js” was blocked because tracking protection is enabled. The resource at “https://sb.scorecardresearch.com/beacon.js” was blocked because tracking protection is enabled. The resource at “https://connect.facebook.net/en_US/sdk.js” was blocked because tracking protection is enabled. So there are four domains to test: adobedtm.com richrelevance.com scorecardresearch.com facebook.net I opened the URL in a different browser profile (Fx 60, uMatrix installed, normal mode) and loaded the page. The Sign In link in the top-right corner didn't bring up the popup and instead redirected to a login page. I disabled the Spoof Referrer option in uMatrix and then whitelisted richrelevance.com (including frames): richrevelance.com media.richrevelance.com recs.richrevelance.com in order to make the "Sign in" link bring up the popup. The other resources (adobedtm.com, scorecardresearch.com and facebook.net) didn't help. The browser got stuck when I press the Sign In button, but when I reload the page, I'm logged in. I logged out and whitelisted gigya.com: gigya.com because I saw an error about it in the devtools. Then I was able to login successfully. So in conclusion: - gigya.com is in the Content category so we can ignore it - richrelevance.com is the offender and it's in the Advertising category
Component: Tracking Protection → Desktop
Priority: P3 → --
Product: Firefox → Tech Evangelism
Priority: -- → P3
Product: Tech Evangelism → Web Compatibility

Login seems to work for me on their site now except in strict mode (the "sign in" link doesn't even work).

In strict mode, the script https://media.richrelevance.com/rrserver/js/1.2/p13n.js is being blocked, which breaks the experience by causing their code to throw an r3_common not defined error. By spoofing some of the objects that script defines, I can log in just fine. Here is the minimum I needed to avoid JS errors on the HBR during the login process:

  window.rr_flush_onload = function() {};
  window.r3 = function() {};
  window.r3_home = function() {};
  window.RR = function() {};
  window.r3_common = function() {};
  r3_common.prototype = {
    addContext: function() {},
    addPlacementType: function() {},
    setUserId: function() {},
    setSessionId: function() {},
    setClickthruServer: function() {},
    setBaseUrl: function() {},
    setApiKey: function() {},
  };
Whiteboard: tp-ads → [tp-ads][[tp-shim-complex][tp-login]
Whiteboard: [tp-ads][[tp-shim-complex][tp-login] → [tp-ads][tp-shim-complex][tp-login]
No longer blocks: 1516552

I'm no longer able to reproduce the issue. I was able to sign in with ETP - Standard, ETP - Strict and on private window.
https://prnt.sc/w38b51

Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2020-12-14)
Operating System: Windows 10 Pro

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

(In reply to Thomas Wisniewski [:twisniewski] from comment #2)

Login seems to work for me on their site now except in strict mode (the "sign in" link doesn't even work).

In strict mode, the script https://media.richrelevance.com/rrserver/js/1.2/p13n.js is being blocked

A Rich Relevance shim was added in bug 1637329 and enabled in bug 1693386 for Firefox 87.

You need to log in before you can comment on or make changes to this bug.