Dear respectful Microsoft engineer,
As everyone knows now MS Edge is based on Chromium, this has brought advantages, but it has also inherited a big BUG to solve (which is not possible to signal with Alt + Shift + I).
--- PREMISE ---
In Europe, due to the new PSD2, during payments made on mobile devices, some apps open the browser with the bank's url, in this tab, the user must type the OTP code received via SMS (Strong Customer Autentication).
If the user enters the OTP code (transaction called challenge) everything works.
If the user does not have to enter any code, because the transaction is identified as "reliable" (transaction called frictionless) due to the automatic redirects, a problem occurs which I describe below:
--- PROBLEM ---
On frictionless 3DS transactions:
- if the browser is left "alone" to perform redirects between the sites of the banks, autonomously -> the POST (with transactions data) is not performed.
- If instead the user touches the browser outside the content view (in the url field, in the menu, in the open tabs button) -> the POST is performed.
The problem therefore goes in two directions:
1) The bank site does not perform "some" POST correctly and therefore it is a problem with the developers of the credit card site, or
2) The browser has a serious security issue that "blocks or allows" POST depending on an action performed outside of the content views (that "triggers" it).
I attempted to report the BUG on the Chromium platform (with a large description, video and screenshot) without success:
https://bugs.chromium.org/p/chromium/issues/detail?id=1140257
