Bug 17885

Summary: Shopping cart broken on a major outlet
Product: WebKit Reporter: tim bates <timothy.c.bates>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: bfulgham, webkit
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://www.morecomputers.com/extra.asp?pn=931342-1914

Description tim bates 2008-03-16 17:33:38 PDT 
1. browse to the URL given in this bug report
2. You will see an opportunity to put the chosen item in your shopping basket (press the "BUY" button).

EXPECTED: item added to shopping basket
note, you don't need to register to do this, and it will not commit you to anything (and the bug means that it will not work anyhow :-)

OBTAINED: You get dumped into a "nothing in your basket" error page.

The site is a large online retailer and B2B operation, so might be worth seeing why their shopping system is broken on Safari.
Comment 1 Alexey Proskuryakov 2008-03-17 01:02:21 PDT 
When opening the bug URL, I'm just redirected to a blank page.
Comment 2 Robert Blaut 2008-03-17 01:17:05 PDT 
The reported URL redirects to http://www.morecomputers.com/blank.html in Webkit and in Firefox too. Resolved as INVALID. 

tim, feel free to reopen the bug if you provide working test case.
Comment 3 Mark Rowe (bdash) 2008-03-17 16:44:11 PDT 
I can reproduce this in both Safari 3.0 and TOT WebKit.
Comment 4 Mark Rowe (bdash) 2008-03-17 16:47:56 PDT 
As noted in the original report, this does not occur in Firefox.
Comment 5 Mark Rowe (bdash) 2008-03-17 16:48:14 PDT 
<rdar://problem/5803997>
Comment 6 tim bates 2008-03-18 05:57:58 PDT 
Turns out this happens only when security prefs are set to accept cookies ONLY from sites that the user navigates too. If cookies are off, the site throws a "turn cookies on" dialog. If cookies are on without restriction, the site works, but this "off-site" cookie prohibition is not detected by the site.

(As the shopping system is on a different server, this blocks the cart)

What is broken, then, is not the behavior, but perhaps the failure to let the user know that their preference is breaking the site and too allow an exception: It would be nice to flag for the user that the app tried to set a cookie, and give the option to allow it. 

One solution (for Safari, I guess, not webkit per-sé) would be to have a setting "ask user about off-site cookies"). Another would be to put a little icon in the tool bar flagging any override of site requests that have happened: this would allow the user to go in, and set a site-specific deviation from the general preference.