search

mozilla / openbadges-backpack

Mozilla Open Badges Backpack
https://backpack.openbadges.org/
Other
862 stars 263 forks source link

Error pushing badge to backpack (Win10 / IE11) #1077

Closed ottonomy closed 7 years ago

ottonomy commented 8 years ago

Hi, @mattdigitalme & team. Got an error report this weekend for the Issuer.js API in IE11, and reproduced it using browserstack (Windows 10 / newest IE11).

https://www.facebook.com/OpenBadges/posts/1158414674181011

Reproduction:

  1. Sign up for user account on Credly.com, obtain the welcome badge
  2. Try to push the badge to a Mozilla Backpack account with the same email address in Chrome / OS X. Success. Delete the badge from within the backpack.
  3. Try to push the badge to a Mozilla Backpack account with the same email address in IE11. Encounter generic error: "An error has occurred..."
AdrianMW commented 8 years ago

Hey Nate,

Thanks for the excellent write-up

We are planning to look into these issues once the core of the backpack is updated.

Cheers Adrian

andrewmorganmtc commented 8 years ago

Hi Adrian

Do you have a rough timescale for the core update? Will this affect existing connection code? I have a client experiencing similar issues.

Thanks Andrew

ahripak commented 8 years ago

Hello there

Not trying to push on this, just sharing my findings:

Spent a little time this afternoon tracing the issue. Indeed I was only able to replicate it under IE 11 in Windows 7 & 10 (using virtual boxes from here).

It seems to be a session cookie issue specifically regarding the CSRF token rendered into the view as a meta tag (and sent in the request as a header x-csrf-token) being different from the one stored in session.

I tried the same process on Chrome, the CSRF token remained consistent between requests, resulting in no errors. Did this by grabbing the value of the <meta http-equiv="X-CSRF-Token" content="{{ csrfToken }}"> in badge-accept.html and comparing with the cookie value sent in the POST /issuer/assertion request.

Not exactly sure how to solve for this, a quick Google search reveals this is a known issue in IE 11 (albeit reported "fixed") in this post. It could very well be solved by updating the core dependencies as I believe this project uses an older version of express, which I think is what Adrian eluded to previously—not the easiest of tasks.

mattdigitalme commented 7 years ago

@ottonomy @ahripak @andrewmorganmtc Hey all, can this be tested again now the BP has been updated (8/12/16)

mattdigitalme commented 7 years ago

@auralon Close - no response and testing we've done included IE11 with no issues