You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When attempting to sign in to a Zendesk Guide site that uses a custom domain, the sign-in process redirects from the custom domain to a zendesk.com domain and then back to the custom domain. DuckDuckGo Privacy Essentials is removing some part of the authentication token which results in a Forbidden / Invalid Authenticity Token error.
Steps to Reproduce
Attempt to create an account on a site that uses Zendesk with a non-zendesk domain, e.g. https://support.vertigis.com/
This configuration requires a CNAME DNS record
Set the password for your new account and sign in
Expected behavior:
Sign-in succeeds
Actual behavior:
Sign-in is not successful, the user is presented with an error stating Invalid Authenticity Token
Versions
Extension: 2022.01.24
Browser: Chrome
OS: Windows and Linux
Additional Information
Issue is repeatable. Disabling the DuckDuckGo extension immediately resolves the issue. Only appears on sites that use a custom domain, users can successfully sign in to Zendesk sites that use the zendesk.com domain.
The text was updated successfully, but these errors were encountered:
This is due to 3rd party cookie blocking. Despite using the CNAMEd community.vertigis.com as the site domain, login calls to Zendesk still go directly to vertigis.zendesk.com which is seen as a 3rd-party by our code. This looks like an issue with how Zendesk have implemented their custom domain functionality, requiring 3rd party cookies for it to work correctly. On browsers with 3rd party cookie restrictions it looks like they use the Storage Access API to get around the restrictions.
I'll open an issue internally to see if we can get around this issue, or at least mitigate cases like this.
Description
When attempting to sign in to a Zendesk Guide site that uses a custom domain, the sign-in process redirects from the custom domain to a zendesk.com domain and then back to the custom domain. DuckDuckGo Privacy Essentials is removing some part of the authentication token which results in a Forbidden / Invalid Authenticity Token error.
Steps to Reproduce
Expected behavior:
Sign-in succeeds
Actual behavior:
Sign-in is not successful, the user is presented with an error stating Invalid Authenticity Token
Versions
Additional Information
Issue is repeatable. Disabling the DuckDuckGo extension immediately resolves the issue. Only appears on sites that use a custom domain, users can successfully sign in to Zendesk sites that use the zendesk.com domain.
The text was updated successfully, but these errors were encountered: