Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

www.ulta.com checkout doesn't work due to fingerprinting. #25309

Closed
ryanbr opened this issue Sep 9, 2022 · 4 comments · Fixed by brave/brave-core#15121
Closed

www.ulta.com checkout doesn't work due to fingerprinting. #25309

ryanbr opened this issue Sep 9, 2022 · 4 comments · Fixed by brave/brave-core#15121
Assignees
@pilgrim-brave
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Desktop priority/P4 Planned work. We expect to get to it "soon". QA Pass-macOS QA/Test-Plan-Specified QA/Yes release-notes/exclude webcompat/not-shields-related Sites are breaking because of something other than Shields.
Milestone
1.46.x - Release

Comments

@ryanbr
Copy link

ryanbr commented Sep 9, 2022
edited
Loading

Description

Unable to go through checkout on https://www.ulta.com

Steps to Reproduce

  1. Open https://www.ulta.com/featured/50off_jaclyn_cosmetics_highlighters?N=7vzezd&Ns=product.bestseller%7C1
  2. Add an item to Bag
  3. Click on top right to view cart
  4. Click on Secure Checkout

Actual result:

Doesn't forward to checkout, when clicking on the red Secure Checkout button.
checkout-console

Expected result:

Let user go through checkout process

Reproduces how often:

With default shields,

Brave version (brave://version info)

[Version 1.45.35 Chromium: 105.0.5195.102 (Official Build) nightly (64-bit)

Version/Channel Information:

  • Can you reproduce this issue with the current release? Yes
  • Can you reproduce this issue with the beta channel? Yes
  • Can you reproduce this issue with the nightly channel? Tes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? Yes (Fingerprinting specifically)
  • Does the issue resolve itself when disabling Brave Rewards?
  • Is the issue reproducible on the latest version of (Safari)? No.

Miscellaneous Information:

Disabling Fingerprinting fixes this. Also Safari works without issue.
@ryanbr ryanbr added webcompat/not-shields-related Sites are breaking because of something other than Shields. feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Desktop priority/P4 Planned work. We expect to get to it "soon". labels Sep 9, 2022
@pes10k
Copy link
Contributor

pes10k commented Sep 10, 2022

The issue is with Ulta not accepting Brave's randomized weight on accept-language (disabing language based fingerprinting protections fixes the issue), despite Brave's randomized weight being valid by the spec

Short term, @ryanbr will reach out to Ulta and see if (fingers crossed) they'll fix their busted stuff. If not, @pilgrim-brave will add an exception to not apply randomization for ulta.

Medium term, we might create a new component to allow us to ship exceptions to users faster

@pilgrim-brave pilgrim-brave mentioned this issue Sep 16, 2022
Merged
25 tasks
@brave-builds brave-builds added this to the 1.46.x - Nightly milestone Sep 23, 2022
@LaurenWags
Copy link
Member

@pilgrim-brave @pes10k can this please be marked QA/Yes or QA/No as appropriate? If QA/Yes, let's make sure there's a test plan as well if the STR aren't sufficient. Thanks!

cc @rebron @kjozwiak

@pes10k
Copy link
Contributor

pes10k commented Oct 18, 2022

Yep, sorry for missing that @LaurenWags . Marking QA/Yes, and the STR are perfect

@pes10k pes10k added the QA/Yes label Oct 18, 2022
@stephendonner
Copy link

Verified PASSED using

Brave 1.46.76 Chromium: 107.0.5304.62 (Official Build) beta (x86_64)
Revision 1eec40d3a5764881c92085aaee66d25075c159aa-refs/branch-heads/5304@{#942}
OS macOS Version 11.7 (Build 20G817)

Steps:

  1. installed 1.46.76
  2. launched Brave
  3. loaded ulta.com
  4. searched for jacelyn cosmetics highlighters (https://www.ulta.com/ulta/a/_/Ntt-jaceyln%20cosmetics%20highlighters/Nty-1?Dy=1&ciSelector=searchResults)
  5. clicked on https://www.ulta.com/p/accent-light-highlighter-pimprod2022958 and added to to my cart/bag
  6. clicked on Secure checkout

Confirmed I was taken to the secure-checkout page, to fill out payment & shipping details, successfully (did not complete purchase, of course).

example example example example
Screen Shot 2022-10-24 at 2 42 40 PM Screen Shot 2022-10-24 at 2 42 49 PM Screen Shot 2022-10-24 at 2 45 12 PM Screen Shot 2022-10-24 at 2 46 04 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pilgrim-brave pilgrim-brave

Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Desktop priority/P4 Planned work. We expect to get to it "soon". QA Pass-macOS QA/Test-Plan-Specified QA/Yes release-notes/exclude webcompat/not-shields-related Sites are breaking because of something other than Shields.
Projects
None yet
Milestone
1.46.x - Release
Development

Successfully merging a pull request may close this issue.

Implement exception list for farbling Accept-Language HTTP header brave/brave-core
6 participants
@pes10k @stephendonner @ryanbr @LaurenWags @pilgrim-brave @brave-builds