Bug 12690

Summary: REGRESSION: can not log in to bank of america with TOT webkit
Product: WebKit Reporter: Jordan Breeding <jordan.breeding>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major CC: dev+webkit, dglazkov, kmccullough, markmalone, mjs, webkit-bugs
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 420+   
Hardware: Macintosh   
OS: OS X 10.4   
URL: http://www.bankofamerica.com
Attachments:
Description Flags
JavaScript Console
none
JavaScript Code
none
turn multiple form submission protection back on mjs: review+

Description Jordan Breeding 2007-02-07 23:36:03 PST
using webkit.app I can start to log in to bank of america, but when it has me confirm my sitekey and enter my password it always fails to accept my password and log me in

switching back to safari.app makes it work again
Comment 1 David Kilzer (:ddkilzer) 2007-02-08 07:27:10 PST
Jordan, thanks for the bug report!  Do you have the Debug menu enabled in Safari?  If so, are there any messages that appear in the JavaScript Console when you log in?  Are there any resources that don't load in the Activity window (from the "Window" menu) when you try to log in?

If you don't have the Debug menu enabled, could you enable it and test logging in again?

http://www.macosxhints.com/article.php?story=20030110063041629

Comment 2 Jordan Breeding 2007-02-08 16:09:57 PST
Created attachment 13072 [details]
JavaScript Console
Comment 3 Jordan Breeding 2007-02-08 16:10:45 PST
Created attachment 13073 [details]
JavaScript Code
Comment 4 Jordan Breeding 2007-02-08 16:11:41 PST
I just uploaded two attachments, one is just the JS Console, the other is the JavaScript code that showed when I drilled down on the error in the console.
Comment 5 David Kilzer (:ddkilzer) 2007-02-08 16:40:17 PST
Jordan, do you have any experience with HTML, JavaScript and CSS?  To determine what's causing this, we probably need someone with a Bank of America account to "reduce" the error to a relatively small amount of HTML+JavaScript+CSS that will reproduce the bug.  (It's okay if you don't--I'm just asking in case you have such experience.)

Also, looking at this JavaScript code, there is a lot of document.all usage.  I wonder if BoA is detecting the WebKit nightly as MSIE and using the wrong "set" of JavaScript files (since it works with shipping Safari)?

https://sitekey.bankofamerica.com/sas/sas-docs/chat/chat_deployment_global/lp/ADACompliant.js

Mark, do you have any contacts at Bank of America that could test this internally?

Comment 6 Mark Malone 2007-02-09 16:09:27 PST
I'll contact BofA.   
Comment 7 Maciej Stachowiak 2007-02-10 19:13:12 PST
<rdar://problem/4990044>
Comment 8 Rosyna 2007-02-11 23:47:58 PST
I'd like to add that this appears to occur on the post to the final form. In the current ToT, instead of showing the account info, it redirects to the main BofA page.

https://sitekey.bankofamerica.com/sas/signon.do is the site for signing in.
Comment 9 Brady Eidson 2007-02-12 00:03:30 PST
I just successfully logged into my BofA account using ToT WebKit...  what revision is failing for you?
Comment 10 Rosyna 2007-02-12 00:09:27 PST
r19572 is the revision failing for me. Note that I have a sitekey enabled and that I have checking and credit card account (I'm not sure if the procedure is different if you JUST have a checking account or JUST have a credit card account).
Comment 11 Brady Eidson 2007-02-12 00:14:33 PST
I have a credit card acct and an auto loan acct.  But the procedure to login is the same - I just confirmed this with angryluke
Comment 12 Rosyna 2007-02-12 00:40:37 PST
Ok, I just tried it with a bunch of the old nightlies.

The problem occurred somewhere between r18004 and r18012. 18004 logs in fine, 18012 has the issue.
Comment 13 Brady Eidson 2007-02-12 10:40:58 PST
If I could reproduce this with my BofA account, I could build and try the intermediates between 18005 and 18011...  alas I cannot repro...  I'll give those Changelogs a looksy
Comment 14 Jordan Breeding 2007-02-19 20:45:35 PST
One further note.  Without "block pop-ups" enabled it seems to redirect to the front page as Rosyna pointed out.  With "block pop-ups" enabled it just loads the page telling you that authentication failed.
Comment 15 Jordan Breeding 2007-02-19 20:49:05 PST
Actually, as of revision 19713 Webkit.app seems to just redirect to the main page regardless of the pop up blocking setting.
Comment 16 Antti Koivisto 2007-02-28 10:16:11 PST
I can't reproduce this with my BofA checking account.
Comment 17 Rosyna 2007-02-28 10:25:05 PST
I can still repro this as of r19911
Comment 18 Jordan Breeding 2007-02-28 10:44:43 PST
I can still reproduce this as well, Bank Of America makes you choose which state your account is registered in.  Is it possible that this is also affecting things?  If so my account is in Texas.
Comment 19 Antti Koivisto 2007-02-28 20:31:10 PST
After trying a few I can now reproduce this as well. It does not fail every time for me, I can occasionally log in succesfully. 
Comment 20 Antti Koivisto 2007-02-28 20:52:43 PST
It is broken by r18011
Comment 21 David Kilzer (:ddkilzer) 2007-03-01 07:44:38 PST
(In reply to comment #20)
> It is broken by r18011

http://trac.webkit.org/projects/webkit/changeset/18011
Comment 22 Antti Koivisto 2007-03-01 23:25:24 PST
Created attachment 13449 [details]
turn multiple form submission protection back on

Includes HTTP layout test.

Note that this protection does not fully match what other browsers are doing. I'll file bugs for issues I noticed. Those are not regressions from shipping WebKit.
Comment 23 Maciej Stachowiak 2007-03-01 23:33:46 PST
Comment on attachment 13449 [details]
turn multiple form submission protection back on

r=me

I think it would be ok to remove the MULTIPLE_FORM_SUBMISSION_PROTECTION ifdef, now that we know the protection is needed.

I think it would be good to also mention the other bugs this fixes in the ChangeLog.
Comment 24 Antti Koivisto 2007-03-02 00:15:37 PST
r19940 (with #ifdefs removed)

Should also fix bug 12604 and bug 12020
Comment 25 Antti Koivisto 2007-03-02 00:28:25 PST
*** Bug 12604 has been marked as a duplicate of this bug. ***
Comment 26 Antti Koivisto 2007-03-02 00:29:33 PST
*** Bug 12020 has been marked as a duplicate of this bug. ***
Comment 27 Dimitri Glazkov (Google) 2010-05-14 13:58:34 PDT
It's interesting that the test in this bug does the opposite in FF/IE.