covid.cdc.gov - Firefox is unsupported browser

[webcompat-bot]

URL: https://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index

Browser / Version: Firefox 89.0 Operating System: Windows 10 Tested Another Browser: Yes Chrome

Problem type: Site is not usable Description: Browser unsupported Steps to Reproduce: Site displays the following message:

Currently, the content on this page in not accessible using this web browser.

Chrome The above recommended browsers can direct you to the individual download pages

View the screenshot

Browser Configuration

• None

From webcompat.com with ❤️

[softvision-oana-arbuzov]

Thanks for the report, I was able to reproduce the issue.

Note: The issue is not reproducible on Chrome.

Tested with: Browser / Version: Firefox Nightly 91.0a1 (2021-06-14) Operating System: Windows 10 Pro

Moving to Needsdiagnosis for further investigation.

[Gitoffthelawn]

More testing data: I verified the same issue on Firefox 89.0.1 on Win7. So that's 3 browser versions and 2 OS versions with confirmed tests.

I hope you are able to figure out if there really is a browser-side issue or if the issue is server-side. In either case, it's extremely bad form of such a prominent organization to release important data regarding an ongoing pandemic in a method that millions of people will not be able to access.

These days, you almost have to try to make your website completely incompatible with any of the major browser engines. And let's face it, the offending organization isn't exactly known for cutting-edge web content! ;)

[karlcow]

if I fake the UA string of Firefox to be Chrome, the error message is not displayed but the graph is not either.

The console displays an error message: Uncaught (in promise) DOMException: Navigator.getGamepads: Document's Permission Policy does not allow calling getGamepads() from this context. Some clues are given in an article about securing gamepads. This is done in Nightly according to Bug 1591329

And indeed on Firefox release it is working once the user agent is being faked. They need to be contacted.

<iframe id="pviIframe" title="This map shows the COVID-19 Pandemic Vulnerability Index by county in the United States" src="https://covid19pvi.niehs.nih.gov/cdchome.php" width="300px" height="180px"></iframe>

The iframe is created by the main site.

The linked site is working by itself.

    unsupportedContentError: function (e) {
      var t = 'pandemic-vulnerability-index' === e ? 'Healthcare Personnel' : 'US Cases',
      n = '<div class="ui negative message" style="text-align: center;">\n         <div class="header">Currently, the content on this page in not accessible using this web browser.</div>\n            <div class="ui container">\n                <a href="https://www.google.com/chrome/" target="_blank" rel="noopener noreferrer">Chrome</a>\n            </div>\n            <p>The above recommended browsers can direct you to the individual download pages</p>\n            <div class="ui buttons" style="width: 100%;">\n                <button class="ui button" type="button" onClick="location.hash=\''.concat('pandemic-vulnerability-index' === e ? 'health-care-personnel' : 'cases_casesper100klast7days', '\'">Go to ').concat(t, '</button>\n            </div>\n        </div>\n        </div>');
      document.getElementById('mainContent_Title').innerHTML = '',
      document.getElementById('mainContent_Title').style.marginBottom = '0px',
      document.getElementById('mainContent_SubTitle').innerHTML = '',
      document.getElementsByTagName('strong').innerHTML = '',
      document.getElementById('maincontent').innerHTML = n
    },

and this is clearly userAgent sniffing for nothing:

    tabPandemicVulnerabilityIndexRender: function () {
      if (appState.IE_DETECTED || - 1 !== navigator.userAgent.indexOf('Firefox')) _.unsupportedContentError('pandemic-vulnerability-index');
       else {

}

To be contacted and probably sitepatched.

[webcompat-bot]

Generate outreach template

[Gitoffthelawn]

@karlcow

Hi Karl. Thank you for your efforts and excellent analysis.

if I fake the UA string of Firefox to be Chrome, the error message is not displayed but the graph is not either.

In which version of Firefox?

The console displays an error message: Uncaught (in promise) DOMException: Navigator.getGamepads: Document's Permission Policy does not allow calling getGamepads() from this context.

Please pardon my ignorance. Why is this site trying to allow gamepad interaction? Is the site trying to all gamepads to control the scrolling or something like that? Is this normal at all for a site like this to do? Seems real odd, since their other pages that I tested seem to work, but not this one.

And indeed on Firefox release it is working once the user agent is being faked.

I'm confused. Above you mentioned that the graph is not displayed, even if you fake the UA. Are you perhaps referring to 2 different versions of Firefox?

They need to be contacted.

Who is the "they" in this sentence?

and this is clearly userAgent sniffing for nothing:

    tabPandemicVulnerabilityIndexRender: function () {
      if (appState.IE_DETECTED || - 1 !== navigator.userAgent.indexOf('Firefox')) _.unsupportedContentError('pandemic-vulnerability-index');
       else {}

I really wish site devs would contact browser devs before doing this sort of nonsense. I'm sure you do too! ;)

To be contacted and probably sitepatched.

Again, please pardon my ignorance of your terminology. By "sitepatched", do you mean that the problematic site needs to be patched, or that you will recommend that Mozilla add a webcompat intervention to Firefox to handle this site? If the latter, of course, the UA check will have to removed from the problematic site or another UA Override for the host will have to be added to Firefox.

[karlcow]

I have tested with Firefox Nightly 91.

Please pardon my ignorance. Why is this site trying to allow gamepad interaction? Is the site trying to all gamepads to control the scrolling or something like that? Is this normal at all for a site like this to do? Seems real odd, since their other pages that I tested seem to work, but not this one.

They might be using a library which requires this, even if they do not use it in their own graph.

I'm confused. Above you mentioned that the graph is not displayed, even if you fake the UA. Are you perhaps referring to 2 different versions of Firefox?

yes. On Firefox Release (not nightly), this is working. Sorry for the confusion.

Who is the "they" in this sentence?

The site owners.

I really wish site devs would contact browser devs before doing this sort of nonsense. I'm sure you do too! ;)

or better, just do feature detection instead of user agent sniffing.

Again, please pardon my ignorance of your terminology. By "sitepatched", do you mean that the problematic site needs to be patched, or that you will recommend that Mozilla add a webcompat intervention to Firefox to handle this site? If the latter, of course, the UA check will have to removed from the problematic site or another UA Override for the host will have to be added to Firefox.

a Site interventions would make it possible to fake the UA string to be chrome and bypass the unsupportedContentError, that will not remove the issue that getGamePads() is used in unsecure context.

note that it will be broken in future versions of Blink browsers (Chrome, Edge)

getGamepad will now require a Permission Policy. Please update your application accordingly. For more information see https://github.com/w3c/gamepad/pull/112 d.forEachGamepad @ MapView.js:276

Issue 1011006: Add feature policy to gamepad api

[karlcow]

@AABoyles Could you help us find the right person for this @CDCgov issue https://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index which doesn't display in Firefox because of user agent sniffing.

Thanks.

[AABoyles]

Sure! I don't know who it is, but @leebrian might! Alternately: @dmaccannell, @billswitzer2, @eldin-talundzic, @ells, @ikb6, @kwinglee, @mossy426, & @Sergey-Knyazev...

Anybody know who runs covid.cdc.gov?

[billswitzer2]

The site is managed by a contractor team headed by Tess Palmer

[billswitzer2]

Good Morning,

Most of COVID Data Trackerhttps://covid.cdc.gov/covid-data-tracker/#datatracker-home is supported in Firefox. The following two tabs are not:

https://covid.cdc.gov/covid-data-tracker/#social-impacthttps://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index

https://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index

Thanks, Tess

Tess Palmer, MPH

Contractor: DRT Strategies

Geospatial Research, Analysis, and Services Programhttps://intranet.cdc.gov/grasp/index.html (GRASP)

Office of Innovation and Analytics | ATSDR | CDC

@.**@.> | +1 404-498-1034

---

From: Switzer, Bill (CDC/DDID/NCHHSTP/DHP) @.> Sent: Tuesday, June 22, 2021 9:49 AM To: webcompat/web-bugs @.>; webcompat/web-bugs @.> Cc: Mention @.>; Palmer, Tess (ATSDR/OAD/OIA) (CTR) @.***> Subject: RE: [webcompat/web-bugs] covid.cdc.gov - Firefox is unsupported browser (#76944)

The site is managed by a contractor team headed by Tess Palmer

From: Tony Boyles @.> Sent: Tuesday, June 22, 2021 9:21 AM To: webcompat/web-bugs @.> Cc: Switzer, Bill (CDC/DDID/NCHHSTP/DHP) @.>; Mention @.> Subject: Re: [webcompat/web-bugs] covid.cdc.gov - Firefox is unsupported browser (#76944)

Sure! I don't know who it is, but @leebrianhttps://github.com/leebrian might! Alternately: @dmaccannellhttps://github.com/dmaccannell, @billswitzer2https://github.com/billswitzer2, @eldin-talundzichttps://github.com/eldin-talundzic, @ellshttps://github.com/ells, @ikb6https://github.com/ikb6, @kwingleehttps://github.com/kwinglee, @mossy426https://github.com/mossy426, & @Sergey-Knyazevhttps://github.com/Sergey-Knyazev...

Anybody know who runs covid.cdc.gov?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/webcompat/web-bugs/issues/76944#issuecomment-865978087, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHMTDBIEVGFTGLJV63UAZGTTUCE2LANCNFSM46RSQ6ZQ.

[Gitoffthelawn]

Does anyone know if the CDC agreed to sign a contract in which important parts of their new expensive website would be completely incompatible with millions of browsers around the world? Or was this done without the CDC's consent and knowledge?

It would be interesting to learn if this lack of compatibility was disclosed in order to understand if this sort of behaviour is accepted by some large organizations or if it's a "gotcha" that some contractors sneak in at a later date without full disclosure when contracts are written and signed.

[AABoyles]

@Gitoffthelawn I doubt the contract was written with that level of technical granularity. It's much more likely that they just wanted to accomplish some specific thing (looks like ESRI maps?) and couldn't accomplish it with the stack they were already using without sacrificing Firefox.

[denschub]

The breakage in Firefox Nightly is somewhat expected. The same will happen in Chrome one day, but as far as I can tell, there is no timeline yet. As such, pushing an intervention to make the site work in Beta and Release is worth it. For the record, I checked out the GamePad API uses, and from what I can tell, the map library loaded via js.arcgis.com actually has built-in navigation support for a GamePad, where it allows you to interact with the map using a gamepad. Neat.

Given what has been mentioned in https://github.com/webcompat/web-bugs/issues/76944#issuecomment-866009440, the UA sniffing only applies to https://covid.cdc.gov/covid-data-tracker/*, which is a very limited scope, which makes me even more comfortable. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1719846 to track the intervention, so we can get this shipped for Beta 91 and eventually Release 91.

[softvision-oana-arbuzov]

The issue still occurs with the covid.cdc.gov UA override disable (thus the override is still needed).

Tested with: Browser / Version: Firefox Nightly 93.0a1 (2021-08-18), Firefox Nightly 93.0a1 (🦎 93.0a1-20210817094606) Operating System: Windows 10 Pro, Samsung Galaxy S8 (Android 9) - 1440 x 2960 pixels, 18.5:9 ratio (~570 ppi density)

[karlcow]

@ksy36 is the next person in charge of the site interventions.

[karlcow]

hmm though I just tried at https://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index in 93.0a1 (2021-08-22) (64-bit)

This is working. There is no issue.

@softvision-oana-arbuzov

[softvision-oana-arbuzov]

@karlcow, it is all good, I just confirmed the issue still occurs if I disable covid.cdc.gov UA override (thus the override is still needed).

[ksy36]

Yeah, the intervention is working for me on both desktop and mobile on https://covid.cdc.gov/covid-data-tracker/#pandemic-vulnerability-index

[softvision-raul-bucata]

The issue has been fixed, the unsupported error message is no longer displayed.

Tested with: Browser / Version: Firefox Nightly 115.0a1 (2023-05-18) (64-bit) Operating System: Windows 10 PRO x64 Browser / Version: Firefox Nightly 115.0a1 (2015951011-🦎115.0a1-20230516212859🦎) Operating System: Samsung A51 (Android 11) -1080 × 2400 pixels 20:9 aspect ratio (~405 ppi density) Operating System: Google Pixel 3 (Android 12) -1080 x 2160 pixels, 18:9 ratio (~443 ppi density)

I've created a Bugzilla task for this: https://bugzilla.mozilla.org/show_bug.cgi?id=1833868

Closing this as FIXED

[wisniewskit]

This no longer seems to need a site patch.