clusterfuzz icon indicating copy to clipboard operation
clusterfuzz copied to clipboard
verified publisher icon google

Safari can't download oss-fuzz test cases or see Detailed Reports due to recent change to Login flow

Open ddkilzer opened this issue 3 years ago • 1 comments

Summary: Safari can't download oss-fuzz test cases or see Detailed Reports due to recent change to Login flow.

This appears to have started when GitHub login support was added.

Steps to Reproduce:

  1. Open an oss-fuzz bug in Safari: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45947
  2. Click on "Reproducer Testcase" link: https://oss-fuzz.com/download?testcase_id=6294005064794112
  3. Click "Sign in with Google".
  4. Log into your Google account.
  5. Wait for file to download (it never does) after returning to oss-fuzz.com domain.

Expected Results: Login flow completes and file is downloaded.

Actual Results: When trying to download an attachment, the browser gets stuck at this animation and the download never starts:

Screen Shot 2022-03-30 at 9 17 38 AM

The following output is seen in the Console of Safari Web Inspector when the download fails to start:

[Error] Failed to load resource: the server responded with a status of 404 () (webcomponents-lite.js.map, line 0)
[Error] Failed to load resource: the server responded with a status of 404 () (apply-shim.min.js.map, line 0)
[Error] Refused to load data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIj8+Cjxzdmcgd2lkdGg9IjEyIiBoZWlnaHQ9IjQiIHZpZXdQb3J0PSIwIDAgMTIgNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxlbGxpcHNlIGN4PSIyIiBjeT0iMiIgcng9IjIiIHJ5PSIyIj4KICAgIDxhbmltYXRlIGF0dHJpYnV0ZU5hbWU9ImN4IiBmcm9tPSIyIiB0bz0iLTEwIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogIDwvZWxsaXBzZT4KICA8ZWxsaXBzZSBjeD0iMTQiIGN5PSIyIiByeD0iMiIgcnk9IjIiIGNsYXNzPSJsb2FkZXIiPgogICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0iY3giIGZyb209IjE0IiB0bz0iMiIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICA8L2VsbGlwc2U+Cjwvc3ZnPgo= because it does not appear in the img-src directive of the Content Security Policy.
[Error] Failed to load resource: the server responded with a status of 404 () (custom-style-interface.min.js.map, line 0)
[Error] Failed to load resource: the server responded with a status of 403 () (report-csp-failure, line 0)
[Error] Unhandled Promise Rejection: TypeError: Right side of assignment cannot be destructured
	(anonymous function)
	rejectPromise
	promiseReactionJob

Notes: Reproduces with Safari Technology Preview 142 and Safari 14.1.2 on Mac OS Big Sur 11.5.1. Note that each browser gets slightly different error messages, so please test with "older" shipping Safari as well as Safari Technology Preview.

ddkilzer avatar Mar 31 '22 15:03 ddkilzer

Note that the same issue occurs (stuck on the "Login" animation after logging into Google account) when trying to view the Detailed Report for a bug: https://oss-fuzz.com/testcase?key=6294005064794112

Also note that I have not tried the GitHub login flow to see if that gets stuck (as my account likely doesn't have access to anything).

ddkilzer avatar Mar 31 '22 15:03 ddkilzer