RESOLVED CONFIGURATION CHANGED 65576
REGRESSION (r92142): Cannot log in to produbanco.com 
https://bugs.webkit.org/show_bug.cgi?id=65576
Summary REGRESSION (r92142): Cannot log in to produbanco.com
Sveto
Reported 2011-08-02 15:02:42 PDT
r92173 reintroduces a bug from before where I was unable to log-in into my bank located at http://www.produbanco.com/GFPNet/ Reverting to r92092 fixes the issue. The page uses heavy JavaScript, Java applets, and authenticates against a browser version as a security measure. Safari 5.0.5 is accepted and once I changed from the developer menu to browser version Safari 5.0.5 login was accepted. Now it reports I need to activate the cookies and won't let me in. I changed it to accept all cookies but it won't resolve. Adding on as a separate bug, updates of Webkit are not working properly under Lion. 98% of the time I'm forced to download the entire application, while in Snow Leopard it only downloads the small change and updates nicely. In both Snow Leopard and Lion I'm running a plain vanilla Webkit with extensions disabled.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-08-03 10:27:19 PDT
Could you please describe what you are doing step by step, and how it fails? I do not see any link to log in on this page - do you need to click on "Banca de Personas" first, for instance? > Adding on as a separate bug, updates of Webkit are not working properly under Lion. That's tracked as bug 65026.
Sveto
Comment 2 2011-08-03 21:16:27 PDT
Indeed you're supposed to click on "Banca de Personas" which will load the java applet. Than you change the pop up from "CI/RUC" to "USUARIO". Than you type the username and dial on the number keys the password. Than usually it would work if you changed in advance in developer menu to Safary 5.0.5, however since the build I mentioned it just stopped working. IE and Firefox have no problems login in, even with the latest versions. In my case I was changing from developer menu to 5.0.5 because otherwise Webkit would report a unrecognized to the system version and would give an error. (In reply to comment #0) > r92173 reintroduces a bug from before where I was unable to log-in into my bank located at http://www.produbanco.com/GFPNet/ > Reverting to r92092 fixes the issue. The page uses heavy JavaScript, Java applets, and authenticates against a browser version as a security measure. Safari 5.0.5 is accepted and once I changed from the developer menu to browser version Safari 5.0.5 login was accepted. Now it reports I need to activate the cookies and won't let me in. I changed it to accept all cookies but it won't resolve. > Adding on as a separate bug, updates of Webkit are not working properly under Lion. 98% of the time I'm forced to download the entire application, while in Snow Leopard it only downloads the small change and updates nicely. > In both Snow Leopard and Lion I'm running a plain vanilla Webkit with extensions disabled.
Alexey Proskuryakov
Comment 3 2011-08-03 22:59:48 PDT
<rdar://problem/9895098>
Alexey Proskuryakov
Comment 4 2011-08-04 16:46:50 PDT
Our testing says that this started in r92142. Sounds like evangelism to me, the bank's site needs to be fixed. Does allowing 3rd party cookies in Safari Privacy preferences fix the login for you? Note that keeping this preference in this state will make it easier for others to track your Web use.
Sveto
Comment 5 2011-08-04 18:59:56 PDT
No changes in cookies would make it work. Strange enough Firefox and IE both work like champs on this site. Even with the aggressive update numbering policy that Firefox introduced. It just works nice and simple. I had the same problem with Webkit a while back as noted, but than later it was fixed by one of the following builds. To add further on the subject, under Lion it won't work be it Safari or Webkit, but that seems understandable because the bank is probably not yet updating their support for newer browser versions of Safari. It is up to 5.04 what I have noticed so far. It might be that newer builds of Webkit changed the way they identify. I mean under Snow Leopard latest Safari works ok, it is the new Webkit build number from above that broke compatibility.
jochen
Comment 6 2011-08-05 09:16:04 PDT
(In reply to comment #4) > Our testing says that this started in r92142. Sounds like evangelism to me, the bank's site needs to be fixed. Logging in triggers a POST request to a third party site, so this is likely related. However, the 3rd party site doesn't send back any cookies for me. Could you share some more details of the findings of your test folks? > > Does allowing 3rd party cookies in Safari Privacy preferences fix the login for you? Note that keeping this preference in this state will make it easier for others to track your Web use.
Alexey Proskuryakov
Comment 7 2011-08-05 09:30:41 PDT
> Could you share some more details of the findings of your test folks? That's pretty much it - with r92141, there is an error message unless you spoof as Safari 5.0.6; with r92142 and ToT, there is an error message regardless of whether you spoof. Testing was performed on Mac OS X 10.6.8 with Safari 5.1 installed.
jochen
Comment 8 2011-08-05 09:35:35 PDT
(In reply to comment #7) > > Could you share some more details of the findings of your test folks? > > That's pretty much it - with r92141, there is an error message unless you spoof as Safari 5.0.6; with r92142 and ToT, there is an error message regardless of whether you spoof. Testing was performed on Mac OS X 10.6.8 with Safari 5.1 installed. ok I agree with your assessment that this should be fixed on their side
Note You need to log in before you can comment on or make changes to this bug.