www.psegliny.com - see bug description

[webcompat-bot]

URL: https://www.psegliny.com/

Browser / Version: Firefox 64.0
Operating System: Mac OS X 10.13
Tested Another Browser: Unknown

Problem type: Something else
Description: I cannot login to the website
Steps to Reproduce:
Visit website, try to login.

Browser Configuration

• mixed active content blocked: false
• buildID: 20180927100044
• tracking content blocked: false
• hasTouchScreen: false
• gfx.webrender.blob-images: true
• gfx.webrender.all: false
• mixed passive content blocked: false
• gfx.webrender.enabled: false
• image.mem.shared: true
• channel: nightly

From webcompat.com with ❤️

[jasonthomas]

Please reach out to me if you need more details.

[jasonthomas]

Tested Another Browser: Yes, works on other browsers

[adamopenweb]

HI @jasonthomas thanks for the report. Since I can't log into the website, can you provide more details about what happens when you try to login? Are you using add-ons or tracking protection?

It helps to eliminate your Firefox profile as being part of the issue. You may want to try running Firefox in Safe Mode.

If that doesn't work, you can also try to refresh Firefox, but you will lose your current add-ons doing this.

[jasonthomas]

I've created a new profile and disabled tracking protection on this website:

In debug console when I try to login:

TypeError: n.terminate is not a function[Learn More] raptor.min.js:1:1102
FetchModule/</<
https://www.psegliny.com/scripts/GlobalScripts/vendor/raptor.min.js:1:1102
dispatch
https://www.psegliny.com/scripts/GlobalScripts/vendor/jquery-3.2.1.min.js:14:50993
add/a.handle
https://www.psegliny.com/scripts/GlobalScripts/vendor/jquery-3.2.1.min.js:14:49047
Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://idcs-9b3bc95c7c274882bcf64ca723f0acbb.identity.oraclecloud.com/sso/v1/sdk/authenticate?appName=MyAccDashboard. (Reason: CORS request did not succeed).[Learn More]
SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data[Learn More] module-LI-login.js:79:50
startAuthn/<
https://www.psegliny.com/scripts/GlobalScripts/component/module-LI-login.js:79:50

On further investigation it looks like https://idcs-9b3bc95c7c274882bcf64ca723f0acbb.identity.oraclecloud.com requests are not succeeding due to certificate blocking - Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

After 'Accepting & continuing risk' it works now.

[adamopenweb]

This is really helpful @jasonthomas, thanks!

Navigating to https://idcs-9b3bc95c7c274882bcf64ca723f0acbb.identity.oraclecloud.com/ we see:

...
Websites prove their identity via certificates, which are issued by certificate authorities. Most 
browsers will no longer trust Symantec, the certificate authority for
 idcs-9b3bc95c7c274882bcf64ca723f0acbb.identity.oraclecloud.com.
...

So yeah this is the Symantec distrust issue.

If you navigate to about:config security.pki.distrust_ca_policy is set to 2, changing this to 1 no longer displays this error. But you will no longer be warned about sites that are using Symantec certificates and are distrusted by Mozilla and Google.

Since we will not be reversing this policy I'm going to close this report as duplicate. The site will need to update their certificates.

Referencing this issue in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006