I was very excited to see in the 131.0.3 release notes that it fixed a problem with bill pay. I've been unable to use bill pay at my small local bank since v131. My ban… (read more)
I was very excited to see in the 131.0.3 release notes that it fixed a problem with bill pay. I've been unable to use bill pay at my small local bank since v131. My bank was unable to help me and I couldn't get bill pay to work with v131 even after opening everything up as much as I knew how (cookies, trackers, etc.).
Sadly, v 131.0.3 still has the same behavior of blocking bill pay with a very similar message to the BOA message posted earlier.
My local bank uses a site named: web13.secureinternetbanking.com and in the past, I also needed to exempt cookies from sites named: cwsb40.checkfreeweb.com and cw411.checkfreeweb.com. I've also added these sites to the exceptions list for enhanced tracking without effect.
I found a thread on Mozilla Connect from ipv6_fan that seemed to indicate a solution.
Based on that thread, I checked the following parameters:
The value of network.cookie.cookieBehavior.optInPartitioning is false.
The value of network.cookie.CHIPS.enabled is true.
When I set network.cookie.CHIPS.enabled to false, my billpay popped up as usual.
This seems to indicate (to a novice like me) that there are still issues in 131.0.3 with partitioned cookies.
To make this point, yesterday I spent probably an hour and a 1/2 trying to get to another bank account on Barclays working again because they just "upgraded their web experience". I think I was able to get all the new URLs identified for my exception list for cookies, but blocking cross tracking also creates havoc and I had to turn it off to get the bank site to work. I tried to add sites to the exception list for cross tracking, but firefox still showed it was blocking trackers even though I had added it to the exception list - so I gave up after all that time.
I appreciate the additional security being built into Firefox, but it seems to not play well with banks who seem to be on their own path for increasing security. These two paths don't seem to be converging.
I hope this doesn't sound ungrateful. Thanks for working on this.