Bug 157720

Summary: Can't login on www.safeco.com
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED MOVED    
Severity: Normal CC: ap, bfulgham, jond, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: http://www.safeco.com
Attachments:
Description Flags
Screenshot none

Description Ryosuke Niwa 2016-05-14 21:49:56 PDT
Created attachment 278959 [details]
Screenshot

Reproduction steps:
1. Click on "Account login"

Expected result:
Login form appears

Actual result:
There is no login form
Comment 1 Radar WebKit Bug Importer 2016-05-14 21:50:28 PDT
<rdar://problem/26288435>
Comment 2 Ryosuke Niwa 2016-05-14 21:53:42 PDT
I'm seeing the following error:

[Error] Multiple 'X-Frame-Options' headers with conflicting values ('ALLOW-FROM http://www.safeco.com, SAMEORIGIN') encountered when loading 'https://customer.safeco.com/accountmanager/Login/loginportlet.aspx'. Falling back to 'DENY'.
[Error] Refused to display 'https://customer.safeco.com/accountmanager/Login/loginportlet.aspx' in a frame because it set 'X-Frame-Options' to 'ALLOW-FROM http://www.safeco.com, SAMEORIGIN'.
Comment 3 Ryosuke Niwa 2016-05-14 21:56:26 PDT
Actually, the bug is also reproducing on Firefox so this might be a bug on the site.

John, do you know what might be going wrong here?