Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

signup/signin/forgot pages from main site should check for cookies #1418

Closed
shane-tomlinson opened this issue Apr 11, 2012 · 14 comments
Closed

signup/signin/forgot pages from main site should check for cookies #1418

shane-tomlinson opened this issue Apr 11, 2012 · 14 comments
Assignees
@shane-tomlinson
Labels
qa:needs testcase qa:verified ★★★

Comments

@shane-tomlinson
Copy link

The signup/signin pages do not check for whether the user has their cookies enabled before allowing the user to sign in.
@ghost ghost assigned shane-tomlinson Apr 11, 2012
@jrgm jrgm mentioned this issue Apr 23, 2012
Closed
@jrgm
Copy link
Contributor

jrgm commented Apr 23, 2012

This should also include the /forgot page, of course.

This was referenced Apr 23, 2012
Closed
Closed
@shane-tomlinson shane-tomlinson mentioned this issue Apr 24, 2012
Merged
shane-tomlinson pushed a commit that referenced this issue Apr 24, 2012
Add a cookie check to most main site pages.
7645bf8 
* signin, signup, forgot, add_email_address, verify_email_address.
* to user.js->checkAuthentication, call the callback if cookies are disabled.

issue #1418
issue #1484
@shane-tomlinson
Copy link
Author

@jbonacci - is the above related to #1499? If so, are they separate bugs?

Using a new profile with cookies disabled in Chrome for OSX on diresworb.org/signin, I receive the following error message:

BrowserID requires cookies
Please close this window, enable cookies and try again
Action: Authenticating User
Network Info: POST: /wsapi/authenticate_user
Response Code - 403
Response Text: Forbidden: no cookie
Error Type: Forbidden: no cookie

Which is the same as I see on browserid.org:

BrowserID requires cookies
Please close this window, enable cookies and try again
Action: Authenticating User
Network Info: POST: /wsapi/authenticate_user
Response Code - 403
Response Text: Forbidden: no cookie
Error Type: Forbidden

@shane-tomlinson
Copy link
Author

@jbonacci - can you look at #1489 - this makes it so the signup, signin, forgot, verify_email_address, and add_email_address pages all have a cookie check as soon as the user lands. If the user's cookies are disabled, a message will be displayed as soon as they land on the page. That means the user won't even have the opportunity to enter their email address in. This fix should also fix #1484 - Chrome excepting when cookies are disabled. @ozten merged PR-1489 into dev today (2012.04.25)

@jrgm
Copy link
Contributor

jrgm commented Apr 25, 2012

404? Not found? For which URL. Or did you mean 403?

@jrgm
Copy link
Contributor

jrgm commented May 4, 2012

So, I've used Win7/WinXP (IE9/IE8,Chrome,FF,Opera,Safari), OSX (Chrome,Safari,Opera,FF), Ubuntu Chrome,FF,Opera), Android4.0 (Stock,FF,Aurora), Android2.2 (Stock,FF), IOS5 (Safari) with cookies disabled and visiting /signin /signup etc. and popping the /sign_in dialog from an RP.

They all do immediately show the 'requires cookies' screen immediately on load, except GH-1542 where it doesn' t show for stock browser on Android 4.0 (but does show for stock/Android2.2).

I'll note in passing the that on mobile with Gecko browsers (either XUL or native) with the 'requires cookies' screen showing, touching links in the background show some visual and haptic response to the touch but don't actually have any effect.

@jbonacci - how do your issues with IOS/4.0+Safari+Never look on stage?

@jrgm
Copy link
Contributor

jrgm commented May 4, 2012

Okay @jbonacci so verified.

@jrgm
Copy link
Contributor

jrgm commented May 27, 2012

So #1418 (comment) and #1418 (comment) confirm this was done, but this issue wasn't closed. Closing now.

@jrgm jrgm closed this as completed May 27, 2012
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@shane-tomlinson shane-tomlinson

Labels
qa:needs testcase qa:verified ★★★
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jrgm @shane-tomlinson and others