Package: firefox-esr Version: 128.11.0esr-1~deb12u1 Severity: normal Tags: upstream X-Debbugs-Cc: [email protected]
Dear Maintainer, Firefox ETP attempts to check a site-login cookie (intra-site, not cross-site not advertising-related AFAIK), retrieved from Cisco subsidiary, App Dynamics adtrum.js, but fails and (from console-tab) results in a... Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://thirdparty-request.bankingsite.com/oauth/token. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403 Also (network-tab) has two requests, what I believe to be the original genuine request generated by 'adtrum.js' which is text/plain and succeeds, followed by what I suspect is an ETP request text/html which fails with a '403 Forbidden' response. Reference may assist https://docs.appdynamics.com/appd/23.x/23.11/en/end-user-monitoring/browser-monitoring/browser-real-user-monitoring/troubleshoot-browser-rum/javascript-errors?scroll-versions:version-name=23.12 I looked at #814188 but thought it to be different if similar. If this has been fixed upstream, then consider this a request for a stable-backport inclusion. I use private-browsing mode for this website. The ETP exception list is not consulted in private-browsing mode. I can work-around the issue by disabling the ETP padlock and waiting for a typical 10-minute period before reloading the page with a normal 'ctrl-R' (ctrl-shift-R doesn't appear to help), I can then login successfully but have to repeat this every time that firefox is restarted due to there being no permanent exception. I won't provide logs unless I can anonymize all the domain-related information. Regards, Scott. -- Package-specific info: -- Addons package information -- System Information: Debian Release: 12.11 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-35-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox-esr depends on: ii debianutils 5.7-0.5~deb12u1 ii fontconfig 2.14.1-4 ii libasound2 1.2.8-1+b1 ii libatk1.0-0 2.46.0-5 ii libc6 2.36-9+deb12u10 ii libcairo-gobject2 1.16.0-7 ii libcairo2 1.16.0-7 ii libdbus-1-3 1.14.10-1~deb12u1 ii libevent-2.1-7 2.1.12-stable-8 ii libffi8 3.4.4-1 ii libfontconfig1 2.14.1-4 ii libfreetype6 2.12.1+dfsg-5+deb12u4 ii libgcc-s1 12.2.0-14+deb12u1 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+deb12u1 ii libglib2.0-0 2.74.6-2+deb12u6 ii libgtk-3-0 3.24.38-2~deb12u3 ii libnspr4 2:4.35-1 ii libnss3 2:3.87.1-1+deb12u1 ii libpango-1.0-0 1.50.12+ds-1 ii libstdc++6 12.2.0-14+deb12u1 ii libvpx7 1.12.0-1+deb12u3 ii libx11-6 2:1.8.4-2+deb12u2 ii libx11-xcb1 2:1.8.4-2+deb12u2 ii libxcb-shm0 1.15-1 ii libxcb1 1.15-1 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxrandr2 2:1.5.2-2+b1 ii procps 2:4.0.2-3 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages firefox-esr recommends: ii libavcodec59 10:5.1.3-dmo5 ii libavcodec60 10:6.0.1-dmo0+deb12u1 Versions of packages firefox-esr suggests: pn fonts-lmodern <none> pn fonts-stix | otf-stix <none> ii libcanberra0 0.30-10 ii libgssapi-krb5-2 1.20.1-2+deb12u3 pn pulseaudio <none> -- no debconf information

