Closed Bug 1875268 Opened 2 years ago Closed 2 years ago

The burger menu does not respond at trademygun.com with ETP set to STANDARD

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Version:
Firefox 123
Platform:
Other
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
124 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox122 --- disabled
firefox123 + fixed
firefox124 + fixed

People

(Reporter: rbucata, Assigned: manuel)

References

(Blocks 2 open bugs, Regression,
URL
)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(2 files)

Screenshot_2.png
660.49 KB, image/png
Details
Bug 1875268 - Fix Early Hints Preload channel sharing aCallbacks with main request r=#necko
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review
Attached image Screenshot_2.png

Environment:
Operating system: Android 12/Android 13
Firefox version: Firefox Nightly 123.0a1 (2015998247-🦎123.0a1-20240117145030🦎)

Preconditions:
Clean profile
ETP set to STANDARD

Steps to reproduce:

  1. Navigate to: https://trademygun.com/
  2. Tap on the burger menu located in the page header.
  3. Observe the result.

Expected Behavior:
The menu opens

Actual Behavior:
Nothing happens

Notes:

  • Not reproducible with ETP OFF (Both Normal and Private Browsing)
  • Works as expected using Chrome
  • Screenshot attached
Summary: The burger menu does not respond at trademygun.com with ETP set to STRICT → The burger menu does not respond at trademygun.com with ETP set to STANDARD
Flags: needinfo?(hsohaney)

I ran mozregression but the bug it points to seems unrelated?

15:41.84 INFO: No more integration revisions, bisection finished.
15:41.84 INFO: Last good revision: 8c19dab5b51003effa919d308ff033031f7c52f7
15:41.84 INFO: First bad revision: c18688c9011d0dc50b79d2f830dbf323c8c75604
15:41.84 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=8c19dab5b51003effa919d308ff033031f7c52f7&tochange=c18688c9011d0dc50b79d2f830dbf323c8c75604

This actually seems to break with early hints enabled. But we could only reproduce in private browsing mode on desktop. Manuel, do you know why?

Flags: needinfo?(manuel)

Setting Regressed by field after analyzing regression range found by mozregression in comment #1.

Keywords: regression
Regressed by: 1836289

Set release status flags based on info from the regressing bug 1836289

status-firefox124: --- → affected
status-firefox-esr115: --- → unaffected

The issue is intermittent, because the Early Hints aren't always returned and it seems to also depend on whether the resource is in the http cache already.

curl -I https://trademygun.com/
HTTP/2 103 
link: <https://bigcommerce.livechatinc.com/api/v2/script/55c84e4d-d7a4-49d2-a93b-f50a62fed9b0/widget.js>; as=script; rel=preload, <https://static.zotabox.com/4/f/4f45d0a96a42c4b070f0f04d38775208/widgets.js>; as=script; rel=preload, <https://static.zotabox.com/4/f/4f45d0a96a42c4b070f0f04d38775208/widgets.js>; as=script; rel=preload, <https://cdn11.bigcommerce.com/s-ypdshx1ud>; as=font; crossorigin=anonymous; rel=preconnect, <https://fonts.googleapis.com/>; as=font; crossorigin=anonymous; rel=preconnect, <https://fonts.gstatic.com/>; as=font; crossorigin=anonymous; rel=preconnect, <https://fonts.googleapis.com/css?family=Roboto+Condensed:400,600%7CRoboto:400,700%7CBarlow:700&display=swap>; as=style; rel=preload, <https://cdn11.bigcommerce.com/s-ypdshx1ud/stencil/291d6c00-e913-013b-3be4-5e203764b409/e/89f1b9f0-49ae-013c-d1b9-4e356000fbdb/css/theme-972e9d50-801f-013c-d764-0a3eede8020b.css>; as=style; rel=preload, <https://cdn11.bigcommerce.com/s-ypdshx1ud/stencil/291d6c00-e913-013b-3be4-5e203764b409/e/89f1b9f0-49ae-013c-d1b9-4e356000fbdb/css/custom-972e9d50-801f-013c-d764-0a3eede8020b.css>; as=style; rel=preload

HTTP/2 200 
[...]

The following resources are loaded. The preconnect likely don't change anything. One of the scripts likely do change how the website is displayed.

Both scripts are blocked by ublock origin and still the hamburger menu doesn't show for me. It is probably related to how the style sheets load. Whether from Network or from cache.

I can reliably reproduce in private browsing.

  • When using ctrl + shift + r to reload the website: The hamburger menu is clickable
  • When using ctrl + r to reload the website: The hamburger menu is not clickable

So the error happens on the path when we make the Early Hints request and it is loaded from the cache. Bug 1815884 might be related here.

The style sheets have cache control that allows caching:

$ curl -I 'https://cdn11.bigcommerce.com/s-ypdshx1ud/stencil/291d6c00-e913-013b-3be4-5e203764b409/e/89f1b9f0-49ae-013c-d1b9-4e356000fbdb/css/custom-972e9d50-801f-013c-d764-0a3eede8020b.css'
cache-control: public, max-age=31536000
last-modified: Mon, 18 Dec 2023 22:06:24 GMT
$ curl -I 'https://fonts.googleapis.com/css?family=Roboto+Condensed:400,600%7CRoboto:400,700%7CBarlow:700&display=swap'
expires: Wed, 24 Jan 2024 13:18:44 GMT
date: Wed, 24 Jan 2024 13:18:44 GMT
cache-control: private, max-age=86400

I see that with enhanced tracking protection off, the bug doesn't appear anymore, but I have no clue yet why that is the case. Taking a look at HTTP log next.

Blocks: earlyhints
Flags: needinfo?(manuel)
See Also: → 1815884

Early Hints preload was still disabled in stable 122, so shouldn't be affected: network.early-hints.enabled is false. Although that depends on what affected really means. Whether it is about users being affected by default, or whether it is about the bug existing in a (usually dead) code path. See Bug 1874445.

status-firefox122: affectedunaffected
See Also: → 1874445

[Tracking Requested - why for this release]:
How does tracking protection and early hints interact? Since we're not shipping it yet, but it's enabled by default in 123, it seems whorth figuring this out.

status-firefox122: unaffecteddisabled
tracking-firefox123: --- → ?
tracking-firefox124: --- → ?

What's suspicious from the ETP side is that we log:

Request to access cookie or storage on “https://trademygun.com/” was blocked because it came from a tracker and content blocking is enabled.

trademygun.com is the first party so it seems unexpected that cookie access would be blocked.

I see a denied storage request further down the log:

Uncaught DOMException: The operation is insecure.

That's the script https://js.smile.io/v1/smile-bigcommerce-7ff4886f0ab633b96e74.modern.js:1 trying to access localStorage.

Another failed storage access request:

storageAvailable https://cdn11.bigcommerce.com/s-ypdshx1ud/stencil/291d6c00-e913-013b-3be4-5e203764b409/e/89f1b9f0-49ae-013c-d1b9-4e356000fbdb/dist/theme-bundle.main.js:4

This one may be responsible for the hamburger button not working. This throwing could lead to the site not registering an event listener for the button.

Kershaw helped to investigate what happens. Thanks a lot! Will add info what exactly goes wrong and write a patch tomorrow. Testing this is more effort.

Assignee: nobody → manuel
Flags: needinfo?(hsohaney)

What is going wrong:

To resolve it, I'm going to copy the nsILoadContext to the EarlyHintPreloader and don't add the DocumentLoadListener to the callbacks of the channel.

Moving to networking, because it is clearly an Early Hints bug. + Triaging It's important for us to fix, because we want to ship Early Hints and it currently enabled for 123.

Severity: -- → S3
Component: Privacy: Anti-Tracking → Networking
Priority: -- → P1
Whiteboard: [necko-triaged]

The bug is marked as tracked for firefox123 (beta) and tracked for firefox124 (nightly). However, the bug still has low severity.

:ghess, could you please increase the severity for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(ghess)
Severity: S3 → S2
Flags: needinfo?(ghess)
Component: Networking → Networking: HTTP
Pushed by mbucher@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/32618bc831ba Fix Early Hints Preload channel sharing aCallbacks with main request r=necko-reviewers,kershaw

https://hg.mozilla.org/mozilla-central/rev/32618bc831ba

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox124: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 124 Branch

Manuel, do you want to request uplift to beta given that we ship the feature in 123 or is it too risky for an uplift? Thanks

Flags: needinfo?(manuel)

Comment on attachment 9376478 [details]
Bug 1875268 - Fix Early Hints Preload channel sharing aCallbacks with main request r=#necko

Beta/Release Uplift Approval Request

  • User impact if declined: Possible site breakage due to interaction between Early Hints request and tracking protection. And other unknown consequences of interaction from Early Hints Preloader with other components.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Not risky, due to straight forward patch (separating main and early hint request) and existing test coverage.
  • String changes made/needed:
  • Is Android affected?: Yes
Flags: needinfo?(manuel)
Attachment #9376478 - Flags: approval-mozilla-beta?

Comment on attachment 9376478 [details]
Bug 1875268 - Fix Early Hints Preload channel sharing aCallbacks with main request r=#necko

Approved for 123 beta 5, thanks.

Attachment #9376478 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: