P3P headers incorrect on IE? {8,9,10,..}

mozilla / vinz-clortho

INACTIVE - http://mzl.la/ghe-archive - BrowserID Keymaster for LDAP enabled Identity Providers

16 stars 21 forks source link

P3P headers incorrect on IE? {8,9,10,..} #105

Closed karlht closed 7 years ago

karlht commented 10 years ago

IRC log here: http://irclog.gr/#show/irc.mozilla.org/identity/302524

Basically, IE9/IE10 aren't permitting login through MozIdP except if you turn 'Internet Security' settings down to 'low.' As Jared says, if the P3P headers are correct, we should work fine with the default settings.

@6a68, @mostlygeek: If I've gotten some of this wrong, please feel free to comment/edit the bug.

karlht commented 10 years ago

From @hoosteeno via e-mail:

User Agent: IE 9, IE 10 with DEFAULT privacy settings ("Medium")

Steps to reproduce: 1) Visit Mozillians.org and click signin 2) Use an email address at mozilla.com; proceed through Persona authentication

Expected: Identity verified, signed in to site

Actual: Returned to Persona email address input with a message: "Mozillians.org uses Persona instead of usernames to sign you in."

Workaround: Change privacy settings to "Accept All Cookies" (and perhaps other settings more permissive than "Medium" -- this is untested)

mostlygeek commented 10 years ago

BrowserId dealt with this issue as well:

Should port these into Vinz Clortho...

callahad commented 10 years ago

Is this an issue with the identity bridges, or are we safe thanks to *.login.persona.org being a subdomain of login.persona.org?

jrgm commented 10 years ago

This is not an issue with bigtent and sideshow (yahoo and google) on IE{8,9,10}. In fact, the p3p change wasn't necessary for bigtent with those versions of IE.

callahad commented 10 years ago

Great, thanks jrgm!

jrgm commented 10 years ago

So this was an open issue - https://github.com/mozilla/vinz-clortho/issues/88. But really, IE all versions not working should have blocked turning this on.

jrgm commented 10 years ago

I initially typoed the above and have now corrected.

jaredhirsch commented 10 years ago

@mostlygeek rather than just copy-paste code across repos, maybe I can publish that p3p library on npm and you guys can use the code that way

mostlygeek commented 10 years ago

@6a68 sure. when it's ready I'll push out a new deploy version.

mostlygeek commented 10 years ago

Usage of bigint was removed (by me) from the lockdown settings. This needs to be put back in otherwise jwcrypto falls back to using javascript instead of the native C libraries. A massive speed hit.

See: https://github.com/mozilla/vinz-clortho/commit/794c302c828a5760efc0057df1f8bf9dc1901703#L0L34