Bug 12690

Summary: REGRESSION: can not log in to bank of america with TOT webkit
Product: WebKit Reporter: Jordan Breeding <jordan.breeding>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major CC: dev+webkit, dglazkov, kmccullough, markmalone, mjs, webkit-bugs
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.bankofamerica.com
Attachments:
Description Flags
JavaScript Console
none
JavaScript Code
none
turn multiple form submission protection back on mjs: review+

Jordan Breeding
Reported 2007-02-07 23:36:03 PST
using webkit.app I can start to log in to bank of america, but when it has me confirm my sitekey and enter my password it always fails to accept my password and log me in switching back to safari.app makes it work again
Attachments
JavaScript Console (162.17 KB, image/png)
2007-02-08 16:09 PST, Jordan Breeding
no flags
JavaScript Code (153.56 KB, image/png)
2007-02-08 16:10 PST, Jordan Breeding
no flags
turn multiple form submission protection back on (3.87 KB, patch)
2007-03-01 23:25 PST, Antti Koivisto
mjs: review+
David Kilzer (:ddkilzer)
Comment 1 2007-02-08 07:27:10 PST
Jordan, thanks for the bug report! Do you have the Debug menu enabled in Safari? If so, are there any messages that appear in the JavaScript Console when you log in? Are there any resources that don't load in the Activity window (from the "Window" menu) when you try to log in? If you don't have the Debug menu enabled, could you enable it and test logging in again? http://www.macosxhints.com/article.php?story=20030110063041629
Jordan Breeding
Comment 2 2007-02-08 16:09:57 PST
Created attachment 13072 [details] JavaScript Console
Jordan Breeding
Comment 3 2007-02-08 16:10:45 PST
Created attachment 13073 [details] JavaScript Code
Jordan Breeding
Comment 4 2007-02-08 16:11:41 PST
I just uploaded two attachments, one is just the JS Console, the other is the JavaScript code that showed when I drilled down on the error in the console.
David Kilzer (:ddkilzer)
Comment 5 2007-02-08 16:40:17 PST
Jordan, do you have any experience with HTML, JavaScript and CSS? To determine what's causing this, we probably need someone with a Bank of America account to "reduce" the error to a relatively small amount of HTML+JavaScript+CSS that will reproduce the bug. (It's okay if you don't--I'm just asking in case you have such experience.) Also, looking at this JavaScript code, there is a lot of document.all usage. I wonder if BoA is detecting the WebKit nightly as MSIE and using the wrong "set" of JavaScript files (since it works with shipping Safari)? https://sitekey.bankofamerica.com/sas/sas-docs/chat/chat_deployment_global/lp/ADACompliant.js Mark, do you have any contacts at Bank of America that could test this internally?
Mark Malone
Comment 6 2007-02-09 16:09:27 PST
I'll contact BofA.
Maciej Stachowiak
Comment 7 2007-02-10 19:13:12 PST
Rosyna
Comment 8 2007-02-11 23:47:58 PST
I'd like to add that this appears to occur on the post to the final form. In the current ToT, instead of showing the account info, it redirects to the main BofA page. https://sitekey.bankofamerica.com/sas/signon.do is the site for signing in.
Brady Eidson
Comment 9 2007-02-12 00:03:30 PST
I just successfully logged into my BofA account using ToT WebKit... what revision is failing for you?
Rosyna
Comment 10 2007-02-12 00:09:27 PST
r19572 is the revision failing for me. Note that I have a sitekey enabled and that I have checking and credit card account (I'm not sure if the procedure is different if you JUST have a checking account or JUST have a credit card account).
Brady Eidson
Comment 11 2007-02-12 00:14:33 PST
I have a credit card acct and an auto loan acct. But the procedure to login is the same - I just confirmed this with angryluke
Rosyna
Comment 12 2007-02-12 00:40:37 PST
Ok, I just tried it with a bunch of the old nightlies. The problem occurred somewhere between r18004 and r18012. 18004 logs in fine, 18012 has the issue.
Brady Eidson
Comment 13 2007-02-12 10:40:58 PST
If I could reproduce this with my BofA account, I could build and try the intermediates between 18005 and 18011... alas I cannot repro... I'll give those Changelogs a looksy
Jordan Breeding
Comment 14 2007-02-19 20:45:35 PST
One further note. Without "block pop-ups" enabled it seems to redirect to the front page as Rosyna pointed out. With "block pop-ups" enabled it just loads the page telling you that authentication failed.
Jordan Breeding
Comment 15 2007-02-19 20:49:05 PST
Actually, as of revision 19713 Webkit.app seems to just redirect to the main page regardless of the pop up blocking setting.
Antti Koivisto
Comment 16 2007-02-28 10:16:11 PST
I can't reproduce this with my BofA checking account.
Rosyna
Comment 17 2007-02-28 10:25:05 PST
I can still repro this as of r19911
Jordan Breeding
Comment 18 2007-02-28 10:44:43 PST
I can still reproduce this as well, Bank Of America makes you choose which state your account is registered in. Is it possible that this is also affecting things? If so my account is in Texas.
Antti Koivisto
Comment 19 2007-02-28 20:31:10 PST
After trying a few I can now reproduce this as well. It does not fail every time for me, I can occasionally log in succesfully.
Antti Koivisto
Comment 20 2007-02-28 20:52:43 PST
It is broken by r18011
David Kilzer (:ddkilzer)
Comment 21 2007-03-01 07:44:38 PST
Antti Koivisto
Comment 22 2007-03-01 23:25:24 PST
Created attachment 13449 [details] turn multiple form submission protection back on Includes HTTP layout test. Note that this protection does not fully match what other browsers are doing. I'll file bugs for issues I noticed. Those are not regressions from shipping WebKit.
Maciej Stachowiak
Comment 23 2007-03-01 23:33:46 PST
Comment on attachment 13449 [details] turn multiple form submission protection back on r=me I think it would be ok to remove the MULTIPLE_FORM_SUBMISSION_PROTECTION ifdef, now that we know the protection is needed. I think it would be good to also mention the other bugs this fixes in the ChangeLog.
Antti Koivisto
Comment 24 2007-03-02 00:15:37 PST
r19940 (with #ifdefs removed) Should also fix bug 12604 and bug 12020
Antti Koivisto
Comment 25 2007-03-02 00:28:25 PST
*** Bug 12604 has been marked as a duplicate of this bug. ***
Antti Koivisto
Comment 26 2007-03-02 00:29:33 PST
*** Bug 12020 has been marked as a duplicate of this bug. ***
Dimitri Glazkov (Google)
Comment 27 2010-05-14 13:58:34 PDT
It's interesting that the test in this bug does the opposite in FF/IE.
Note You need to log in before you can comment on or make changes to this bug.