User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.109

Steps to reproduce:

Go to PPOCU.ORG
Click the first Home banking button

Actual results:

The Application has encountered an unexpected error.

If this error persists please contact Customer Support.
Error Information:
ErrorCode: 404
URI: /Centryx/servlet/com.sos.webteller.WebTellLogin
Cause: null

Tue Jun 04 14:39:45 EDT 2019

Expected results:

A login page should have shown up

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Hi,

I have managed to reproduce this issue on latest FF release (67.0.2) and latest Nightly build 69.0a1 (2019-06-11) using Windows 10, Ubuntu 18 and Mac OS 10.12
I will move this over to a component so developers can take a look over it. If is not the correct component please feel free to change it to an appropriate one.

Note that if the user opens "Home banking login" in a new tab (right click on "Home banking login" hyperlink, copy link location and paste it in a new tab) the user is redirected to the Login page as expected. With "Open link in new tab" by right click on Home banking login also does not work, just with copy-paste link it works.

Thank you for the report.

This is not a support.mozilla.org bug. It appears to be a Product: Web Compatibility bug since it involves an issue with a specific site or sites. The bug summary indicates "websites" but you only mentioned the PPOCU.ORG website.

For the record, I do see the issue in Firefox 67.0.2 (Windows 7 64-bit) when I visit http://ppocu.org/ and click on the Home Banking login link, which is https://www.secure-ppocu.org/ ; however, the problem does not occur in Firefox 66.0.5 or in Firefox 60.7.0esr (32-bit versions on 64-bit Windows 7). The site also works correctly in the current versions of Google Chrome and SeaMonkey. In those cases, https://www.secure-ppocu.org/ redirects to the login page, https://www.secure-ppocu.org/Centryx/servlet/com.sos.webteller.accountaccess.LoginFrame?SOSSessionID= <snip>

(In reply to cclouse from comment #3)

The fact that you are saying that this is basically not your problem is unacceptable.

No one said that this was not a Firefox problem. This bug as been confirmed in Firefox 67 and above. I'm not involved in Web Compatibility issues so I'll stop following this bug but it remains open.

I apologize. That is the way it seemed when you said, "This is not a support.mozilla.org bug." Please direct me to the appropriate person if you could.

Thank you.

Hi cclouse. Did this issue appear in a specific version of Firefox (67?), or is the timing unrelated? Thanks.

I'm not sure if you're able to see any of the previous comments, but Alyce Wyman said the following:

"For the record, I do see the issue in Firefox 67.0.2 (Windows 7 64-bit) when I visit http://ppocu.org/ and click on the Home Banking login link, which is https://www.secure-ppocu.org/ ; however, the problem does not occur in Firefox 66.0.5 or in Firefox 60.7.0esr (32-bit versions on 64-bit Windows 7). The site also works correctly in the current versions of Google Chrome and SeaMonkey. In those cases, https://www.secure-ppocu.org/ redirects to the login page, https://www.secure-ppocu.org/Centryx/servlet/com.sos.webteller.accountaccess.LoginFrame?SOSSessionID= <snip>"

This is the first time my members have made a complaint about this issue so I am assuming it is just with the newest version, but I can't be 100% sure without testing out other versions.

Thanks, I had missed that comment.

STR:

1. visit http://ppocu.org
2. click on Home Banking Login (top left)

Expected: it works
Actual: unexpected error page.

Note: the button links to https://www.secure-ppocu.org/, and if you visit that directly it works as expected.

Thomas, it looks like 1517703 broke being able to follow the link to log in. Can you take a look?

17:22.81 INFO: Last good revision: 2d0505c5268166d02124627e1d60b06fd9877965
17:22.81 INFO: First bad revision: 64c8b805491a53f1f5e59f600a423492e1a14fbb
17:22.81 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2d0505c5268166d02124627e1d60b06fd9877965&tochange=64c8b805491a53f1f5e59f600a423492e1a14fbb

Time is pretty tight to get a fix into 68, but we could still take a patch for 69.

NI for a ph comment.

Thanks smaug for looking at this bug. I updated a ph request.

https://hg.mozilla.org/mozilla-central/rev/ca50879f67b3

Seems a bit much to take in a 68 dot release, but is this something we should consider fixing in ESR68 before we start seeing a lot of migration over to it from ESR60?

Wrong file

ESR Uplift Approval Request

• If this is not a sec:{high,crit} bug, please state case for ESR consideration: The patch changes the behavior of sending referrer in meta refresh case
• User impact if declined: Some picky servers will reject http request that includes the wrong referrer in meta refresh (for example ppocu.org)
• Fix Landed on Version: 69
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): This is the regression of commit https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2d0505c5268166d02124627e1d60b06fd9877965&tochange=64c8b805491a53f1f5e59f600a423492e1a14fbb
  Our old behavior is not sending referrer in meta refresh. The patch reverts to old behavior
• String or UUID changes made by this patch: No

We should probably try to get some verification of this fix also.

The STR from Comment #9 no longer reproduce in Nightly, i.e., this patch fixed the bug as reported.

Verified - fixed on latest Beta 69.0b5, tested on Windows 10, Mac OS 10.13 and Ubuntu 18.04.

https://hg.mozilla.org/releases/mozilla-esr68/rev/962a469c7f36

Verified - fixed on latest 68.1.0esr, tested on Windows 10, Mac OS 10.13 and Ubuntu 18.04.