RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2126044 - Login fails with "This web browser is too old" with upcoming Firefox and Chromium browsers [rhel-8.7.0]
Summary: Login fails with "This web browser is too old" with upcoming Firefox and Chr...
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2022-09-27
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: cockpit
Version: 8.7
Hardware: All
OS: All
urgent
urgent
Target Milestone: rc
: 8.7
Assignee: Martin Pitt
QA Contact: Jan Ščotka
URL:
Whiteboard:
Depends On: 2126038
Blocks: 2127141 2127142 2129055
TreeView+ depends on / blocked
 
Reported: 2022-09-12 08:46 UTC by Martin Pitt
Modified: 2023-02-11 06:03 UTC (History)
4 users (show)

Fixed In Version: cockpit-276.1-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2126038
: 2127141 2127142 2129055 (view as bug list)
Environment:
Last Closed: 2022-11-08 10:48:03 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github cockpit-project cockpit issues 17724 0 None open This web browser is too old to run the Web Console (missing selector(:is():where())) 2022-09-12 08:48:24 UTC
Red Hat Issue Tracker RHELPLAN-133728 0 None None None 2023-02-11 06:03:34 UTC
Red Hat Product Errata RHBA-2022:7718 0 None None None 2022-11-08 10:48:18 UTC

Description Martin Pitt 2022-09-12 08:46:44 UTC 
+++ This bug was initially created as a clone of Bug #2126038 +++

Description of problem:

Firefox Nightly now reports unsupported CSS selectors. Since that fix was implemented, Firefox Nightly users can no longer log in into Cockpit, the login page just shows:

   This web browser is too old to run the Web Console (missing selector(:is():where()))

This is due to a bad CSS capability check in Cockpit's login page.

See this issue for details: https://bugzilla.mozilla.org/show_bug.cgi?id=1790259

Chromium is affected in the same way.

Current *releases* of Firefox and Chromium are fine still, but it is expected that the upcoming versions will contain this change.

Version-Release number of selected component (if applicable):

cockpit-ws-275-1.el9

How reproducible: Always


Steps to Reproduce:
1. Try to log into Cockpit with Firefox nightly

Actual results: Login page shows the error above, login is not possible.

Expected results: Login should work normally.

This was reported upstream in https://github.com/cockpit-project/cockpit/issues/17724 and fixed in https://github.com/cockpit-project/cockpit/pull/17726

--- Additional comment from Martin Pitt on 2022-09-12 08:31:26 UTC ---

Requesting blocker+ for RHEL 9.1. I'll also clone this for 8.7. We will most probably also need to fix this in earlier RHEL releases in Z-stream.

--- Additional comment from RHEL Program Management on 2022-09-12 08:31:34 UTC ---

A request has been made to block the RHEL release until this bug has been addressed.  If you only meant to get a check-in exception please set "exception?" instead.  For blocker requests please follow the instructions in this comment to verify BZ accuracy and provide answers to 3 blocker review questions. You can fill out this form by clicking the [reply] link on this comment, and then reply in-line to this message.  Please do this even if you believe the case is obvious, or already covered in the BZ, as a way to make it easier for reviewers to approve this request.

Verify the following information is set in the BZ:
- Confirm the Internal Target Release field reflects which release to block

Answer the following 4 questions:
1. What is the scope of harm if this BZ is not resolved in this release?  Reviewers want to know which RHEL features or customers are affected and if it will impact any Layered Product or Hardware partner plans.
2. What are the risks associated with resolving this BZ?  Reviewers want to know the scope of retesting, potential regressions
3. Provide any other details that meet blocker criteria or should be weighed in making a decision (Other releases affected, upstream status, business impacts, etc).

4. Provide reasoning why this request is being solved after regular DTD cycle. This will help us to assess & improve the exception process.

--- Additional comment from Martin Pitt on 2022-09-12 08:42:22 UTC ---

> 1. What is the scope of harm if this BZ is not resolved in this release? 

It will not be possible to log into the Web Console any more once the current nightly Firefox/Chrome browsers get released and widely used.

> 2. What are the risks associated with resolving this BZ?  Reviewers want to
> know the scope of retesting, potential regressions

For Cockpit itself, changes to the login page's capability checks have the potential to break with older browsers. The current check is just plain wrong, and gets fixed to adhere to the W3C spec. But it needs to be tested with older and current Firefox, Chromium, and other browsers (in particular Safari).

For other RHEL components or RH products there is no regression potential. Cockpit has very few reverse dependencies -- the only known one is Foreman/Satellite, which has a [Web Console] button. But this is set up in a way to not ever show the login page, the user gets right into an authenticated Cockpit session. Specifically, the login page is for human users, it is not an API.

The fix is minimal, targeted, and very straightforward (at least to someone with some CSS background): https://github.com/cockpit-project/cockpit/pull/17726/files

> 3. Provide any other details that meet blocker criteria or should be weighed
> in making a decision (Other releases affected, upstream status, business
> impacts, etc).

The Web Console is a popular and widely announced RHEL feature; e.g. it gets a significant number of feature requests and support cases, is installed by default, and is even advertised in motd. As such, failure to log in would be a fairly embarassing and bad behaviour.

> 4. Provide reasoning why this request is being solved after regular DTD
> cycle. This will help us to assess & improve the exception process.

The change in Firefox nightly that exposed/caused this only happened 6 days ago (https://hg.mozilla.org/integration/autoland/rev/3e0a5d1881e9474173e0455972f35022be5192f6). The Cockpit bug was only found/reported yesterday, and a fix got available today.

--- Additional comment from Martin Pitt on 2022-09-12 08:45:49 UTC ---

We have the fix available, and can upload it to RHEL 9.1/8.7 within a day. I'm not entirely sure wrt. exception vs. blocker -- if the reviewers think that exception+ is more appropriate, that's of course fine for us as well.
Comment 14 errata-xmlrpc 2022-11-08 10:48:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cockpit bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7718
Note You need to log in before you can comment on or make changes to this bug.