Issue metadata
Sign in to add a comment
|
[Walmart] Checkout tapped signout from the Application and not able to complete the purchase flow |
||||||||||||||||||||||
Issue descriptionThis report will ONLY be viewable by Google. Device name: HTC One X9 Android version:MRA58K Fingerprint: WebView version (from system settings -> Apps -> Android System WebView):59.0.3056.4 Application: walmart Application version: 17.3.1 Pre condition : Install walmart from the playstore Steps to reproduce: (1) Launch Walmart (2) Login to the app (3) Tap Cart and tap Check out. (4) Observe the device. Expected result: User able to complete the checkout flow and complete the purchase. Actual result: User is logged out from the application. NOTE : Not able to repro on 57.0.2987.132 Able to repro on 58.0.3029.42 ADDITIONAL INFORMATION: 1.Logcat attached. 2.Video Attached.
,
Mar 30 2017
,
Mar 30 2017
,
Mar 30 2017
sending on way to sgurun@ after discussion. Thanks!
,
Mar 30 2017
,
Mar 30 2017
confirmed this is also broken by strict secure cookies change that broke the Yahoo Sports app, crbug.com/702052 I started getting nervous about this. I consider both Yahoo and Walmart as major apps and it seems like the app developers need to publish new versions and release to prevent breakages. My opinion is to to postpone the change for WebView for next release. Other opinions?
,
Mar 30 2017
We have a chromestatus entry for this: https://www.chromestatus.com/feature/4506322921848832 mkwst@, are we warning in the console for this? While I'd concur that this is a bit scary given that two major apps have run into pretty serious regressions, I don't know how get people to address app bugs short of breaking them (outside of proper notification, meaning chromestatus entry, console warnings, etc). mkwst@ would like to hear what you think here given this additional workflow that's now broken.
,
Mar 30 2017
WebView will soon have UMA. (M59) We won't be able to collect app/package names, but I think for this particular case we can count the cases of setting secure cookies from insecure domains/hosts and see how prevalent the behavior is? I will ping Walmart Dev Rel in the meantime.
,
Mar 30 2017
,
Apr 1 2017
this was communicated to walmart.
,
Apr 1 2017
,
Apr 14 2017
,
Apr 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/50549382727806e2ae44c45444827d02270b5d57 commit 50549382727806e2ae44c45444827d02270b5d57 Author: sgurun <sgurun@chromium.org> Date: Fri Apr 14 16:47:33 2017 Allow WebView setCookie api to set secure cookies for http urls. Starting with Chrome M58, setting secure cookies for http urls is not allowed (strict secure cookies). However, Webview using applications used to set cookies using a Webview setCookie API and until now we discovered 3 apps doing that and failing in different ways. This change is a temporary hack to allow this API to modify HTTP urls to HTTPS when setting secure cookies. BUG= 706993 Review-Url: https://codereview.chromium.org/2821623003 Cr-Commit-Position: refs/heads/master@{#464734} [modify] https://crrev.com/50549382727806e2ae44c45444827d02270b5d57/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java [modify] https://crrev.com/50549382727806e2ae44c45444827d02270b5d57/android_webview/native/cookie_manager.cc
,
Apr 14 2017
,
Apr 14 2017
,
Apr 14 2017
Test team: please test both Yahoo sports and Walmart app to verify the problem is fixed as now a fix has landed.
,
Apr 14 2017
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/159d352e7da2f956e8b29f40efc0d6cb50de0f4b commit 159d352e7da2f956e8b29f40efc0d6cb50de0f4b Author: Selim Gurun <sgurun@google.com> Date: Fri Apr 14 17:34:28 2017 Allow WebView setCookie api to set secure cookies for http urls. Starting with Chrome M58, setting secure cookies for http urls is not allowed (strict secure cookies). However, Webview using applications used to set cookies using a Webview setCookie API and until now we discovered 3 apps doing that and failing in different ways. This change is a temporary hack to allow this API to modify HTTP urls to HTTPS when setting secure cookies. BUG= 706993 Review-Url: https://codereview.chromium.org/2821623003 Cr-Commit-Position: refs/heads/master@{#464734} (cherry picked from commit 50549382727806e2ae44c45444827d02270b5d57) Review-Url: https://codereview.chromium.org/2824503002 . Cr-Commit-Position: refs/branch-heads/3029@{#715} Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471} [modify] https://crrev.com/159d352e7da2f956e8b29f40efc0d6cb50de0f4b/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java [modify] https://crrev.com/159d352e7da2f956e8b29f40efc0d6cb50de0f4b/android_webview/native/cookie_manager.cc
,
Apr 14 2017
,
Apr 14 2017
,
Apr 14 2017
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/acf6dff9fb59299ac7bdf99f754f5b56f6300c80 commit acf6dff9fb59299ac7bdf99f754f5b56f6300c80 Author: Selim Gurun <sgurun@google.com> Date: Fri Apr 14 23:03:06 2017 Allow WebView setCookie api to set secure cookies for http urls. Starting with Chrome M58, setting secure cookies for http urls is not allowed (strict secure cookies). However, Webview using applications used to set cookies using a Webview setCookie API and until now we discovered 3 apps doing that and failing in different ways. This change is a temporary hack to allow this API to modify HTTP urls to HTTPS when setting secure cookies. BUG= 706993 Review-Url: https://codereview.chromium.org/2821623003 Cr-Commit-Position: refs/heads/master@{#464734} (cherry picked from commit 50549382727806e2ae44c45444827d02270b5d57) Review-Url: https://codereview.chromium.org/2817343002 . Cr-Commit-Position: refs/branch-heads/3071@{#4} Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641} [modify] https://crrev.com/acf6dff9fb59299ac7bdf99f754f5b56f6300c80/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java [modify] https://crrev.com/acf6dff9fb59299ac7bdf99f754f5b56f6300c80/android_webview/native/cookie_manager.cc
,
Apr 18 2017
Fix verified in both Walmart:v17.5 & Yahoo Sports( crbug.com/702052 ):v6.8.1 apps,with latest M58, tested on Nexus6/6.0.1, Pixel/7.1.2 & Nexus 5X.
,
Apr 19 2017
Fixed verified for Walmart 17.3.1 and 17.5 on HTC X9 with latest M58 webview.
,
Apr 19 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sbash...@chromium.org
, Mar 30 2017