search

fission-codes / auth-lobby

The authentication service that Fission services run.
https://auth.fission.codes
GNU Affero General Public License v3.0
12 stars 1 forks source link

Firefox's strict mode for tracking protection causes auth to fail. #88

Closed jeffgca closed 2 years ago

jeffgca commented 3 years ago

If you set Firefox's tracking protection feature to "strict" mode and then try to load an app that uses Fission auth, tha app will fail to load. The workaround is to either use "standard" mode browser-wide or disable tracking protection in Firefox for the app you are trying to use.

You will see exceptions ( or similar ) in the devtools console:

1/ 

Failed to register/update a ServiceWorker for scope “https://auth.fission.codes/”: Storage access is restricted in this context due to user settings or private browsing mode.

2/

Uncaught (in promise) DOMException: The operation is insecure. exchange.html:32
    <anonymous> https://auth.fission.codes/exchange.html:32
    (Async: EventListener.handleEvent)
    <anonymous> https://auth.fission.codes/exchange.html:31

3/

Uncaught (in promise) Error: Can't import UCANs & readKey(s): Missing data
    r https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:99
    t https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:99
    getClassifiedViaPostMessage https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:99
    initialise https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:99
    u https://young-turquoise-metalic-fairy.fission.app/assets/index.7177b8ab.js:1
    u https://young-turquoise-metalic-fairy.fission.app/assets/index.7177b8ab.js:1
    fk https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:27
    unstable_runWithPriority https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:18
    gg https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:27
    Oj https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:27
    ek https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:27
    D https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:18
    onmessage https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:18
    EventHandlerNonNull* https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:18
    <anonymous> https://young-turquoise-metalic-fairy.fission.app/assets/vendor.22849f53.js:18
vendor.22849f53.js:99:139910
jeffgca commented 3 years ago

I'm tempted to put this as a wontfix as ( IIRC ) very few Firefox users ever change default preferences in their browser, let alone change the tracking protection ( TP ) mode. It's unfortunate that Firefox users don't have the option to specify "standard" TP mode instead of "strict" TP mode per-site.

jessmartin commented 2 years ago

Also ran into this in jessmartin/mumblr#9.

Copying the instructions for how to fix this from the resolution:

  1. Open a new tab in Firefox and type about:config.
  2. In the search box, type network.cookie.cookieBehavior.
  3. Edit the value of that setting and set it to 0 (allow all).
  4. Save the setting.
  5. Open a new tab and go to your app (reloading an existing tab will still fail).
jessmartin commented 2 years ago

From @QuinnWilton in Discord:

This might be something we can handle in WebNative with Document.requestStorageAccess(): https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess We might need to add the allow-storage-access-by-user-activation token.

jessmartin commented 2 years ago

I believe this is fixed by https://github.com/fission-codes/webnative/issues/401

Just tested with a vanilla Firefox and appears to be working.