Request #35864

From:marahmarie: my initials (MM) (everything else, marahmarie)[personal profile] marahmarie
Account Type:Free Account
Dreamwidth:Account Name: [personal profile] marahmarie
Style: (S2) core: public, i18n: none, i18nc: none, layout: public, theme: custom, user: custom,
Email confirmed? Yes
cluster: 8; data version : 9
scheme: tropo-red
Media storage used: 24.551 MB (4.9%)
Support category:General/Unknown [Previous|Next]
Time posted:Tue, 28 Feb 2017 01:51:10 GMT (29 weeks ago)
Status:closed (10 points to [personal profile] jennifer)
Summary:[HTTPS Beta] Inbox "next" or "previous" buttons in HTTPS Everywhere beta
Original Request:
*this is an update/rewrite of my original request at https://www.dreamwidth.org/support/see_request?id=35837: (now closed). That request was sort of a confusing mess that I submitted without cross-browser testing the bug at hand before posting it, so hopefully this request improves on it*

Clicking the Inbox "next" or "previous" buttons while participating in Dreamwidth's HTTPS Everywhere beta with the add-on of the same name installed in your browser can cause you to be logged out of Dreamwidth - but only if you disable the add-on *after* logging into Dreamwidth!

Steps to reproduce:

1) Join Dreamwidth's HTTPS Everywhere beta

2) have the EFF HTTPS Everywhere add-on installed in Firefox (latest versions of public release, dev, or beta Firefox editions all reproduce this bug) or in Opera 43.0 9 (on Windows 10 OS in my case).

2) log in to Dreamwidth with HTTPS Everywhere browser add-on still *enabled*.

3) disable add-on after logging in, or anytime before or while currently viewing DW Inbox. (This bug can't be reproduced if the add-on is disabled *before* logging into DW; only if you disable it *afterward*. Why anyone would disable the add-on after logging in is a good question, but say, maybe because they realize they don't need the add-on because it's duplicating HTTPS Everywhere features already being tested or one day formally adapted on Dreamwidth).

4) Click the "next page" or the "previous page" Inbox buttons.

5) Dreamwidth immediately logs you out when you click either of the above buttons.

This bug doesn't happen if the add-on is disabled *before* logging into Dreamwidth in any browser I tested, only if you disable it after logging in, and doesn't happen at all in Google Chrome latest or in Chromium latest.

I haven't tested if this bug occurs without the add-on installed at all (I'd have to uninstall it first to determine that) but if so I'll update this request to add that in.
Diagnostics: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
marahmarie[personal profile] marahmarie - MM Writes
Comment (#93416)
Posted: Tue, 28 Feb 2017 02:01:44 GMT (29 weeks ago)

I just removed the add-on altogether, restarted Firefox, logged back in, clicked the "previous" and next" pages in my Inbox several times, and didn't get logged out by doing so, so I'd have to guess the bug is a conflict between the add-on and DW's HTTPS beta. My guess is if the add-on is disabled after logging in, something doesn't get passed along correctly or work right between the add-on and DW, but I'm not sure what, as I have no idea what's going on under the hood.

jennifer[personal profile] jennifer - Jennifer
Answer (#93482)
Posted: Wed, 01 Mar 2017 20:13:49 GMT (29 weeks ago)

Hi marahmarie,

Thanks for telling us that disabling the EFF HTTPS Everywhere add-on while logged in can cause you to be logged out of Dreamwidth. This sounds like an issue that should be brought to the attention of the developers of the add-on, since it might affect more sites than just ours.

Please let us know if you notice any other issues using the site with HTTPS.

Best,
--Jen

marahmarie[personal profile] marahmarie - MM Writes
Comment (#93505)
Posted: Thu, 02 Mar 2017 14:05:31 GMT (29 weeks ago)

Hi Jen,

Thanks for the reply. Just so I can make sure I understand, was your answer that you think I should bring this issue to the attention of developers of the add-on, or is that something someone on DW's staff plans to do?

jennifer[personal profile] jennifer - Jennifer
Answer (#93517)
Posted: Thu, 02 Mar 2017 21:43:20 GMT (29 weeks ago)

Hi marahmarie,

I would recommend that you be the one to contact the developers of the add-on, since you are the one experiencing the issue and can test any other workarounds they might suggest.

Best,
--Jen

marahmarie[personal profile] marahmarie - MM Writes
Comment (#93520)
Posted: Fri, 03 Mar 2017 04:05:03 GMT (29 weeks ago)

What if other people start to experience it? Would you have the same advice?

I might not remain the (only) person experiencing this issue. Before replying earlier, I'd re-tested for this bug in Opera, with only the HTTPS Everywhere add-on enabled, and on the same sequence of steps as above watched it happen again. I'd wanted to isolate the add-on in at least one browser to make sure this theory proved out, so as it's a cross-browser issue and might (or might not) happen to someone else, I wonder if it can't be looked into more on Dreamwidth's side?

Does DW not look into add-on conflicts? I think I recall this being the case when I had Lastpass conflicts (to this day still have a bunch when I use the Lastpass "fix" version, which is the only version that currently runs in Webkit browsers, but those have been unreported by me exactly because I was thinking no one will look into them on DW's side so I'll have to contact Lastpass).

I'd be fine with that as far as the HTTPS conflict goes, but since the add-on and the Beta are pretty much doing the same thing, I'm wondering if there might be any exception for conflicts with the add-on, this time around?

Thanks for your patience!

jennifer[personal profile] jennifer - Jennifer
Answer (#93549)
Posted: Sat, 04 Mar 2017 17:21:38 GMT (29 weeks ago)

Hi marahmarie,

Because this is a problem caused by an interaction between your browser activity and the add-on you've installed, the answer is yes, the advice remains the same. Our volunteer support team is only responsible for letting people who experience this problem know that it is an issue with the add-on and not our site. If it becomes a commonly reported issue, we might add it to the list of Known Issues on the support page or include it in a FAQ.

That said, we do appreciate that you took the time to let us know about this issue, in case we do hear about it from anyone else. So far, though, you are the only one who has reported it to us.

Best,
--Jen


Go to: previous open request, next open request
Return to the list of open requests.
Back to the Support Area.