portal.xero.com - site is not usable

[jyavenard]

URL: https://portal.xero.com/Agreement/Sign/febb6fe2-46b9-4e0d-93b4-b2f6270734dd

Browser / Version: Firefox 84.0 Operating System: Windows 10 Tested Another Browser: Yes Chrome

Problem type: Site is not usable Description: Page not loading correctly Steps to Reproduce: When attempting to go to sign a particular document, I get the page :

---

The cookie functionality is disabled on your browser

Adobe Sign has detected that the cookie functionality is disabled on your browser. To use Adobe Sign, please enable cookies on your browser.

When cookies are enabled, click the "Continue" button below to proceed to Adobe Sign. Instructions for enabling cookies Safari for iOS Safari for Mac Chrome for phone or tablet Chrome for desktop OS Firefox

Click on the Firefox menu.
Select Preferences.
Select the Privacy & Security panel.
Select Standard to enable cookies.
Set Accept third-party cookies to Always to enable third-party cookies.

Edge for Windows Internet Explorer

When cookies are enabled, click the "Continue" button below to refresh page.

Tried with a new profile same thing. Cookies are enabled and tracking protection is set to standard.

View the screenshot

Browser Configuration

• None

From webcompat.com with ❤️

[karlcow]

@jyavenard were the cookies disabled? This will be hard to test without an acount.

[jyavenard]

Yes they were, it's in the original report.

Tried with a default profile too.

[karlcow]

maybe an interaction with tracking protection. https://acrobat.adobe.com/us/en/sign.html

There seems to be an iframe too for the sign-in part. No sure how to move forward without access to anything.

Firefox is supported https://helpx.adobe.com/sign/system-requirements.html

According to https://community.adobe.com/t5/adobe-sign/adobe-sign-allow-cookies/td-p/9672535?page=1 That seems like a third party cookies issue, and likely to be Tracking Protection.

Probably the test would be to try in a fresh profile with tracking protection disabled.

[karlcow]

So I get a link to https://login.xero.com/c?token=*** (remove the real token) Just by accessing that link.

I'm accessing this page

And it creates already this issue in the console. Uncaught ReferenceError: iFrameAcceptedOrigin is not defined

iFrameAcceptedOrigin is not defined

I can still activate the account.

And I indeed get the screen about cookies.

The cookie screen is coming from (removed the pid value just in case)

<iframe 
  class="c-sign-doc__embed qa-sign-doc-embed" 
  src="https://secure.na1.echosign.com/public/apiesign?pid=***%2A&amp;noChrome=true" 
  data-reactid=".0.1.0.0.0.0">
</iframe>

If I choose the Open in a new tab button on the top. It open the URL to (removed the aid value)

https://secure.na1.echosign.com/public/esign?aid=****%2A&fromIframe=true

And the document is displayed without issues.

So I guess there's a question of secure context with an embedded document into an iframe.

SameSite policy issue?

The JavaScript code is also super obfuscated.

So for @jyavenard the "Open New tab" is working that would prevent you to have to open in a different browser

For the webcompat issue I wonder if it relates to https://bugzilla.mozilla.org/show_bug.cgi?id=1454723 or something close.

@wisniewskit What do you think?

[wisniewskit]

@karlcow, I get directed to https://login.xero.com/identity/user/login?ReturnUrl=(omitted) when I visit the reported link now. It appears to not be broken anymore, and I don't see any console warnings either (though I do see a safesite warning and a script failing to load, though I can still attempt to log in). Perhaps they have fixed this since?

[karlcow]

it's only testable with a private login and password.

[softvision-raul-bucata]

@jyavenard Without an account, this will be difficult to test, as I do not see the same error messages in the console. Can you please re-test the issue?

[inv_45/2022]

[softvision-raul-bucata]

ping @jyavenard

[inv_49/2022]