(In reply to Daniel Holbert [:dholbert] from comment #3) > The Chrome Mask extension (activated for https://www.pge.com/) does not help here, but the "User Agent Switcher" extension does help (spoofing as Chrome 143 on Windows). > > So this appears to be UA-sniffing, but it might be done on a script or iframe that's got a different origin from www.pge.com. Update -- it's not an iframe, but rather a `POST` to a server on a different domain, which returns back an action to take, which in part is dependent on the user-agent that gets sent with that request. It's a POST to this URL: https://pge.tt.omtrdc.net/rest/v1/delivery?client=pge&sessionId=d7504161420b42eb814c55361ebfc7bc&version=2.11.7 DevTools show that the POST request to that domain gives a JSON response with this as part of the JSON: ``` { "execute": { "pageLoad": { "options": [ { "content": [ { "type": "customCode", "selector": "HEAD", "cssSelector": "", "content": "<script>\nsetTimeout(function(){ \n document.getElementsByTagName(\"body\")[0].insertAdjacentHTML(\"afterend\",\n '<div id=\"targetModal\" class=\"modal\" style=\"display:none;position:fixed;z-index:999999;padding-top:150px;left:0;top:0;width:100%;height:100%;overflow:auto;background-color: rgb(0,0,0);background-color: rgba(0,0,0,0.4);\"><div class=\"modal-content\" style=\" position: relative;background-color: #fefefe;margin: auto;padding: 0;border: 1px solid #888; width: 80%;box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);\"><div class=\"modal-header\" style=\"padding: 2px 16px;color:#000;\"><span id=\"targetModalClose\" class=\"close\" style=\"float: right;font-size: 28px;font-weight: bold;cursor: pointer;\">×</span></div><div class=\"modal-body cmp-text\" style=\"padding:20px;color:#1b1c1d;\"><h5>Your current browser may not give you the best experience.</h5><br/><p> We test our site on the browser versions used by 97% of our customers. It doesn’t look like the one you’re using has been tested. Please use a browser listed at <a id=\"browsers\" target=\"_blank\" href=\"https://www.pge.com/browsers\">pge.com/browsers</a>.</p><br/></div></div></div>'); \n var modal = document.getElementById(\"targetModal\");\n modal.style.display = \"block\";\n var span = document.getElementById(\"targetModalClose\");\n span.onclick = function() {\n modal.style.display = \"none\";\n }\n window.onclick = function(event) {\n if (event.target == modal) {\n modal.style.display = \"none\";\n }\n }\n},1000);\n</script>" } ], "type": "actions", "responseTokens": { "activity.id": "310983", "experience.id": "0", "experience.name": "Experience A", "activity.name": "PGE.COM: Unsupported Browser (Firefox) - 2025.12 - AA" }, "sourceType": "target" } ] } } } ``` And then that `<script>` element gets inserted into the DOM and results in this popup. If I manually visit https://pge.tt.omtrdc.net/ and activate Chrome Mask on that domain, then my response instead just has: ``` { "execute": { "pageLoad": {} } } ```
Bug 2008115 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Daniel Holbert [:dholbert] from comment #3) > The Chrome Mask extension (activated for https://www.pge.com/) does not help here, but the "User Agent Switcher" extension does help (spoofing as Chrome 143 on Windows). > > So this appears to be UA-sniffing, but it might be done on a script or iframe that's got a different origin from www.pge.com. Update -- it's not an iframe, but rather a `POST` to a server on a different domain, which returns back an action to take, which in part is dependent on the user-agent that gets sent with that request. It's a POST to this URL: https://pge.tt.omtrdc.net/rest/v1/delivery?client=pge&sessionId=d7504161420b42eb814c55361ebfc7bc&version=2.11.7 DevTools show that the POST request to that domain gives a JSON response with this as part of the JSON: ``` { "execute": { "pageLoad": { "options": [ { "content": [ { "type": "customCode", "selector": "HEAD", "cssSelector": "", "content": "<script>\nsetTimeout(function(){ \n document.getElementsByTagName(\"body\")[0].insertAdjacentHTML(\"afterend\",\n '<div id=\"targetModal\" class=\"modal\" style=\"display:none;position:fixed;z-index:999999;padding-top:150px;left:0;top:0;width:100%;height:100%;overflow:auto;background-color: rgb(0,0,0);background-color: rgba(0,0,0,0.4);\"><div class=\"modal-content\" style=\" position: relative;background-color: #fefefe;margin: auto;padding: 0;border: 1px solid #888; width: 80%;box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);\"><div class=\"modal-header\" style=\"padding: 2px 16px;color:#000;\"><span id=\"targetModalClose\" class=\"close\" style=\"float: right;font-size: 28px;font-weight: bold;cursor: pointer;\">×</span></div><div class=\"modal-body cmp-text\" style=\"padding:20px;color:#1b1c1d;\"><h5>Your current browser may not give you the best experience.</h5><br/><p> We test our site on the browser versions used by 97% of our customers. It doesn’t look like the one you’re using has been tested. Please use a browser listed at <a id=\"browsers\" target=\"_blank\" href=\"https://www.pge.com/browsers\">pge.com/browsers</a>.</p><br/></div></div></div>'); \n var modal = document.getElementById(\"targetModal\");\n modal.style.display = \"block\";\n var span = document.getElementById(\"targetModalClose\");\n span.onclick = function() {\n modal.style.display = \"none\";\n }\n window.onclick = function(event) {\n if (event.target == modal) {\n modal.style.display = \"none\";\n }\n }\n},1000);\n</script>" } ], "type": "actions", "responseTokens": { "activity.id": "310983", "experience.id": "0", "experience.name": "Experience A", "activity.name": "PGE.COM: Unsupported Browser (Firefox) - 2025.12 - AA" }, "sourceType": "target" } ] } } } ``` And then that `<script>` element gets inserted into the DOM and results in this popup. If I manually visit https://pge.tt.omtrdc.net/ and activate Chrome Mask on that domain, then on my next visit to pge.com, my response for that POST request instead just has this -- no special actions to execute, no special named "Experience" ``` { "execute": { "pageLoad": {} } } ```