Ticket #349 (new defect)

Opened 1 year ago

Last modified 1 month ago

Can't sign in to Yahoo mail with OWB

Reported by: sszymczy Assigned to: mike3050
Priority: major Milestone: Pukarua
Component: Bug Fix Version: 1.0
Keywords: Cc:
Number of hours worked: % Complete: 00
Number of hours remaining:

Description

After introduction of the new cookie manager (most likely) it's not possible to sign in to Yahoo mail account from OWB anymore. Yahoo site doesn't display any error message.

How to reproduce: 1. Go to http://mail.yahoo.com 2. Entery Yahoo ID and password 3. Click on Sign In

What should happen: Yahoo mail application should open What happens instead: browser returns to the login page, there are no error messages

Tested with SDL port (threads disabled, JIT disabled), revision 1000.

Attachments

secure_cookie_fix.diff (1.3 kB) - added by sszymczy on 06/13/09 21:54:05.
Patch fixing misplaced parenthesis in secure connection test in getCookie()

Change History

(follow-up: ↓ 2 ) 06/11/09 10:21:02 changed by sszymczy

Just a quick note about this problem: it's caused by cURL still maintaining its own cookie list and sending it along with a cookie header created from cookies stored in OWB cookie manager - at least it looks like that talking from the HTTP traffic.

I added 

curl_easy_setopt(d->m_handle, CURLOPT_COOKIELIST, "ALL");

to clear internal cURL cookie list in ResourceHandle::checkAndSendCookies() before setting cookie header and Yahoo started working again.

(in reply to: ↑ 1 ; follow-up: ↓ 4 ) 06/11/09 13:50:40 changed by jchaffraix

  • owner changed from mbensi to jchaffraix.

Replying to sszymczy:

Just a quick note about this problem: it's caused by cURL still maintaining its own cookie list and sending it along with a cookie header created from cookies stored in OWB cookie manager - at least it looks like that talking from the HTTP traffic.

You were right about cURL getting in the way.

I added {{{ curl_easy_setopt(d->m_handle, CURLOPT_COOKIELIST, "ALL"); }}} to clear internal cURL cookie list in ResourceHandle::checkAndSendCookies() before setting > cookie header and Yahoo started working again.

The fix is instead to not initialize the cookie engine so that cURL leaves the cookie management to us. I have committed a fix in r1002. Could you confirm that it solves this issue? As a side note, I cannot start directly Yahoo from the cookie stored in the database (even if you tick the option when logging in Yahoo mail).

(follow-up: ↓ 6 ) 06/13/09 07:12:54 changed by kiranps

I think there is an issue with accessing any https:// site. It is failing when the login page redirects to https://login.yahoo.com

(in reply to: ↑ 2 ) 06/13/09 18:38:20 changed by sszymczy

Replying to jchaffraix:

The fix is instead to not initialize the cookie engine so that cURL leaves the cookie management to us. I have committed a fix in r1002. Could you confirm that it solves this issue?

Your solution seems to work equally well, thanks.

As a side note, I cannot start directly Yahoo from the cookie stored in the database (even if you tick the option when logging in Yahoo mail).

Yes, I'm currently investigating this and other remaining Yahoo issues.

06/13/09 21:54:05 changed by sszymczy

  • attachment secure_cookie_fix.diff added.

Patch fixing misplaced parenthesis in secure connection test in getCookie()

(follow-up: ↓ 7 ) 06/13/09 21:59:43 changed by sszymczy

While looking for other problems in Yahoo cookie handling I found that OWB is always sending secure cookies regardless of the type of connection. It was caused by misplaced parenthesis in CookieManager::getCookie(): 

    bool isConnectionSecure = false;
    if (url.string().startsWith(String("https:", false)))
        isConnectionSecure = true;

I guess String("https:", false) was interpreted as String(const char*, int), so instead of "https:" an empty string with length 0 was created that was always matching the beginning of the url. Attached patch fixes this problem.

(in reply to: ↑ 3 ) 06/14/09 17:04:08 changed by jchaffraix

Replying to kiranps:

I think there is an issue with accessing any https:// site. It is failing when the login page redirects to https://login.yahoo.com

I guess you are hitting a known issue with the curl backend and SSL pages. There is a workaround: to set the WEBKIT_IGNORE_SSL_ERRORS environment variable. Unfortunately it works only in debug and it disables the certificates' validation. Feel free to open a ticket about that as it is quite a long standing issue that we should fix (if you do CC'ed me on this one).

(in reply to: ↑ 5 ; follow-up: ↓ 8 ) 06/14/09 17:31:31 changed by jchaffraix

Replying to sszymczy:

I guess String("https:", false) was interpreted as String(const char*, int), so instead of "https:" an empty string with length 0 was created that was always matching the beginning of the url. Attached patch fixes this problem.

You are right: this is definitely a bug! I am ok with your fix. I will just add an improvement to your patch before committing it: the code your are quoting is using 

bool startsWith(const String& s, bool caseSensitive = true) const

which means that we have an unneeded conversion from char* to String each time it is called (which means also calling the String constructor and adds some overhead). I will just add a static String that will hold the converted value.

Thanks for your work!

(in reply to: ↑ 7 ) 06/15/09 11:41:54 changed by jchaffraix

Committed the misplaced parentheses (with the tweak I mentioned) in r1009.

(follow-up: ↓ 10 ) 06/15/09 16:56:13 changed by kiranps

Hello,

https:// sites are still not working (rev 1009).

bin/owb https://www.verisign.com does not work (Progress reaches 100 instantly). Yahoo mail is still not logging in. I also have set export WEBKIT_IGNORE_SSL_ERRORS=1

When I traced using gdb this function was returning false for http urls. WebFrameLoaderClient::representationExistsForURLScheme

(in reply to: ↑ 9 ) 06/16/09 16:39:45 changed by jchaffraix

@kiranps: Please, raise your issue on the owb-dev mailing list (http://owb.sand-labs.org/ml/listinfo/owb-dev)! I bet others would be interested in such an issue. Also it is clobbering this ticket which is only about Yahoo. Thanks!

06/17/09 14:50:58 changed by kiranps

I apologise, I have created a new ticket for this.

07/05/09 10:09:55 changed by AirJordansForce

Thanks for your patch fix and your hard job! Air Jordans Retro

(follow-up: ↓ 15 ) 02/23/10 14:48:23 changed by sim

decoration Changed 1 year ago by admin

bathtub Changed 1 year ago by admin

solar system Changed 1 year ago by admin

stair parts Changed 1 year ago by admin

solar supply Changed 1 year ago by admin

04/25/10 13:46:37 changed by mike3050

  • owner changed from jchaffraix to mike3050.

Did you check your email account if it works? Mike from insurance quotes.

(in reply to: ↑ 13 ) 08/05/10 18:58:11 changed by mikeqw

Replying to sim:

auto insurance rates Changed 1 year ago by admin insurance for young Changed 1 year ago by admin buy phentermine online Changed 1 year ago by admin dierct insurance Changed 1 year ago by admin car insurance cheapest Changed 1 year ago by admin

I guess you are hitting a known issue with the curl backend and SSL pages. There is a workaround: to set the WEBKIT_IGNORE_SSL_ERRORS environment variable. Unfortunately it works only in debug and it disables the certificates' validation. Feel free to open a ticket about that as it is quite a long standing issue that we should fix (if you do CC'ed me on this one).