Another one, this time from France:

ZD 1734557: In case you're unaware, the payment doesn't work on Firefox. I succeeded, but using Chrome. Shame!

I was curious whether this was related to this unresolved issue on the forms, but after testing myself with Firefox 128, I was able to populate the fields and submit the form.

I did track down the most recent donors' failed session and can see the version of Firefox they were using was 142:

"browser":"Firefox","browser_version":"142","os":"Windows","os_version":"10"

So I wonder if it's a combination of Windows & Firefox?

One other thing I noticed in the logs was that nginx was reloaded around the same time as the reported issue. I don't think it should matter, as reloading is graceful, but it stood out.

Sep 16 11:01:42 payments1006 gravy_gateway: 235911198:235911198.1 Donor Request URL: https://payments.wikimedia.org/index.php?title=Special:GravyGateway&appeal=JimmyQuote&country=FR&currency=EUR&payment_method=cc&recurring=0&gateway=gravy&uselang=fr&amount=15&opt_in=1&contact_id=35835732&contact_hash=REMOVED&wmf_medium=email&wmf_campaign=C2526_Email2&wmf_source=sp75168325.default%7Edefault%7EJimmyQuote%7Edefault%7Econtrol.cc&wmf_key=otherAmt_0%7Etime_15
...
Sep 16 11:01:43 payments1007 systemd[1]: Reloading nginx.service - A high performance web server and a reverse proxy server...
Sep 16 11:01:43 payments1007 nginx[3217328]: 2025/09/16 11:01:43 [notice] 3217328#3217328: signal process started
Sep 16 11:01:43 payments1007 systemd[1]: Reloaded nginx.service - A high performance web server and a reverse proxy server.

1734026/CID 63667322 got back to us with their tech specs that I've added above though its the same info. that you already found @jgleeson. :)

1734187/CID 46476655 also mentioned trouble with the credit card fields in Firefox (and Safari), but based on what they shared I'm wondering if they had some other issues going on with their browser cookie/settings and they also ended up with the too many requests error. Sharing their comment incase it's helpful: "Happy to renew this donation, but I tried on two different browsers (Firefox, with lots of security/cookies and popups blockes, etc., and Safari, with less), using a US-based CC and an Australian-based CC - neither worked (the name and address fields worked, but the card details fields were greyed-out). Finally I tried Paypal, and I was blocked due to "too many requests"."

Wow, we should send that last donor a t-shirt for perseverance! I'm sad their experience was so poor :(

More instances are rolling in. Here's one, and I'm awaiting reply re possible Windows interplay.

I would be happy to donate again, as I do yearly, but the credit-card donation page does not work in Firefox. You cannot select the credit-card-related fields to enter values.
#1735379 | cid=37743173

Thanks for the info @KHancock99 I tested on Windows Firefox and it went okay but it could be the version, I'll keep trying to replicate

One more case of a Windows 10 & Firefox combo fail.
Tried to donate but the payment system would not let me enter my credit card number: Win-10, Firefox -
#1738003 | cid=18850325

This next Firefox donor in France provides a screenshot which I cannot insert here owing to PII. Feel free to jump into Zendesk.

As indicated previously, I am unable to make a contribution to you since I am unable to enter any information in fields concerned with credit card data: that is to say, those fields entitled Numero de carte, Date de' expiration and Code de securite. I receive no error message it's just that those fields remain blocked. For your information, I have attached a screenshot. As I have also indicated I use a Firefox browser which is up to date and at the moment I am unwilling to load and configure alternative browsers for a number of reasons. My feeling is that you should look into what issues may be affecting possible donors other than me.

#1736823 | cid=47449708

We will continue to use a tweakable browser-related macro, and add instances here if it helps diagnose in any way. Let us know if we should stop that, thanks.

Another instance from France:

Seems unfortunately when trying to fill for CB/Visa card the card nb is not able to be filled, with all 3 navigator tested (firefox, Opera, Mullvad browser), last 3 days at least -> seems something is really wrong !
#1739797 | cid=33439418

Perhaps not isolated to Windows, afterall.

ticket #1740308 writes:
Using Firefox 143.0.1 on MacOs. Credit card fields (but not name/address fields) show "secure input" and won't take keyboard input.

This issue with Firefox preventing field input on our donation form is not going away, unfortunately.

#1748982
inaccessible Input fields - Champs de saisie inaccessibles at "donate" page input fields for card payment are inaccessible (greyed; Mozilla Firefox 140.3.1esr 64 bits)

#1749947
I wanted to do an annual donation to Wikipedia, but I can't fill the information concerning my payment card (I can't click on the slot where I should write them). I'm using Firefox. That's maybe something you would like to fix... If it is not fixed soon, is there another easy way to donate?

#1750102
I've already emailed complaining about this, but the credit-card donation page does not work in Firefox. I'm using Firefox 143.0.4 on Mac OS 15.6.1, with JavaScript enabled. On the donation page, you can select and input information into all of the form fields except "Card number", "Expiry date", and "Security code". You also cannot TAB into those fields. Please do not ask for a screenshot, as not being able to select a form field cannot be revealed by a screenshot; it's like asking for a photo of a package that did not arrive. I would like to donate, as I've been doing for several years. However, on principle, I do not donate to organizations whose websites do not work in Firefox.

This one is really hard to replicate. I tried using a free trial at https://www.browserstack.com/ and visited the donation forms using the same environment, OS 15.6 + Firefox 143, and the card fields work for me. I tried a few other versions of Firefox, too, and didn't have any issues.

Test ct_id: 237698809.2

I'll keep digging.

I just tried the Windows 10 + Firefox 143 combo and also couldn't replicate it on 237699273.1

Thanks for looking at this @jgleeson

Some more examples:

Another instance of blocked secure fields via Firefox :

I tried to donate, same as last time. I clicked the link in your email but it wouldn’t let me get past this point in the transaction. The next field (card number) just wasn’t live – it wouldn’t let me click into it. I tried several times. I am running Firefox on Mac Sequoia 15.7.1. #1753288

We continue to see these. Unfortunately as the browser information is not always provide we're unsure, but are curious if it also could be affecting other browsers outside of Firefox. A few more examples I came across today:

Thanks, @AMJohnson, for the new examples. The amazing folks in fr-online gave us access to a paid account for https://www.browserstack.com/ so we can dig into this more and try to figure out what's going on here. Props @spatton and team

@jgleeson Donors are reporting the Microsoft Edge browser is also blocking input into the secure fields.
Just FYI if you'd like a Phab rename for this one.

"it is Microsoft edge…maybe the company’s internet security software is not allowing me to enter card details. The whole part of the card details is shaded grey and does not allow me to enter anything!"
#1754282 | cid=65562243 (gave successfully thru Edge via Adyen last year)

@jgleeson This may be anecdotal, but @KHancock99 had a look at some of these and noticed that all of these donors donated successfully last year when we were via Adyen direct. Is it possible this is somehow Gravy related?

Yeah, @krobinson, I'm definitely leaning towards this being an issue with the Gravy embedded form fields, although it's been a hard one to confirm so far.

@jgleeson It it helps the Phab investigation and a replication attempt in any way, I've just had a donor provide an extraordinary level of detail via a screen recording. From the secure fields lock-out demonstration, to their phone settings, to their Firefox version, it is all in this 32 second clip created by the donor.

Unfortunately, I cannot place the recording here owing PII, but if you have access to Zendesk, jump into ticket 1754244 to view. If you cannot access, reach out to me in Slack and I will make sure it gets to you via another channel.

Thank you for all your efforts with this one.

@jgleeson For the love of the Phab gods, I hope this is the very last ping from me on this because a donor has just possibly identified the source error and has even provided their exact donation link used, and the Inspect code behind the inoperable secure fields on Firefox in both written and image form (attached):

#1755464 states:

I tried to donate on Firefox, but I'm unable to click into the credit card fields on the donation page. The mouse doesn't change to a cursor when hovering over the text boxes or on clicking, and you can't type anything in them. Managed to donate on Chrome though! :)

Firefox 143.0.4
Windows 10 Pro, version 22H2, OS build 19045.6332
Link: https://payments.wikimedia.org/index.php?title=Special:GravyGateway&appeal=JimmyQuote&country=US&currency=USD&payment_method=cc&recurring=0&gateway=gravy&uselang=en&amount=31.2&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&wmf_source=donate.default%7Edefault%7Edefault%7Edefault%7Econtrol.cc&wmf_key=vw_2112%7Evh_1062%7EotherAmt_0%7Eptf_1%7Etime_158&referrer=en.wikipedia.org%2F

----This donor then writes back 5 minutes later after applying Dev Tools to those secure fields:-----

Ah ok, here's some of the Firefox inspector info:

Console errors:

Uncaught DOMException: The operation is insecure.
457 https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:304
webpack_require https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:23
webpack_exec https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:652
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:653
O https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:59
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:654
webpackJsonpCallback https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:133
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:1
input.a852e57d7ff65a168759.js:304
Uncaught DOMException: The operation is insecure.
457 https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:304
webpack_require https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:23
webpack_exec https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:652
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:653
O https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:59
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:654
webpackJsonpCallback https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:133
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:1
2 input.a852e57d7ff65a168759.js:304
457 https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:304
webpack_require https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:23
webpack_exec https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:652
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:653
O https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:59
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:654
webpackJsonpCallback https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:133
<anonymous> https://secure-fields.wikimedia.gr4vy.app/input.a852e57d7ff65a168759.js:1
Uncaught DOMException: The operation is insecure.
652 https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:324
webpack_require https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:23
webpack_exec https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:500
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:501
O https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:59
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:502
webpackJsonpCallback https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:133
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:1
controller.236bd10331081b15ffe0.js:324
652 https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:324
webpack_require https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:23
webpack_exec https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:500
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:501
O https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:59
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:502
webpackJsonpCallback https://secure-fields.wikimedia.gr4vy.app/runtime.2b6d194d5edbf93e0773.js:133
<anonymous> https://secure-fields.wikimedia.gr4vy.app/controller.236bd10331081b15ffe0.js:1

Javascript lines giving errors:
First two:
a852e57d7ff65a168759.js:304

Third:
controller.236bd10331081b15ffe0.js:324

Good luck!

If the donor has nailed this, never a greater swag candidate have I seen.

@KHancock99 this is fantastic! I'll see if we can figure out how to replicate it via the environment settings now that we know what we're looking for.

Thanks to that donor's report, I've tracked down the cause of the issue, at least for Firefox users. It's due to the "Enhanced Tracking Protection" feature blocking third-party embedded forms (Gravy's card fields) from accessing cookies and the browser's Local Storage. These folks are essentially setting the anti-tracking / privacy dial up to maximum.

I'm following the instructions here to do this myself https://developer.mozilla.org/en-US/docs/Web/Privacy/Guides/State_Partitioning#disable_dynamic_state_partitioning, and once I can replicate it locally, I'll reach out to Gravy.

We've got it!

Nice job @jgleeson !!!

And thank you @KHancock99 for the quick escalation / sharing of that incredible donor feedback. We need to get them some merch!

Firefox donors can temporarily switch this off on a per-site basis, so in the short term, we could advise them to do the following:

1. Click the Shield, left of the address bar at the top of the browser, and temporarily disable Enhanced Tracking Protection(ETP) for this site

2. Complete the donations as normal now that the fields are accessible

3. Revert the setting to re-enable Enhanced Tracking Protection if required.

Longer term: We will engage with Gravy and investigate a solution that eliminates the workaround described above. I'll keep this ticket updated with progress on that discussion.

Great work @jgleeson. Thank you very much!
Offering this donor big thanks and merch now ...