Closed
Bug 1185117
Opened 9 years ago
Closed 9 years ago
Investigate - TP shield shows up incorrectly when pressing back while loading a page with tracking elements
Categories
(Firefox :: Address Bar, defect, P1)
Firefox
Address Bar
Tracking
()
RESOLVED
FIXED
Iteration:
42.3 - Aug 10
Tracking | Status | |
---|---|---|
firefox42 | --- | affected |
People
(Reporter: bgrins, Assigned: bgrins)
References
Details
(Whiteboard: [fxprivacy] [campaign])
Attachments
(3 files)
There seems to be an issue with the way securityChange is reported when navigating back and forward (see STR below or the animated gif screencast). 1) Open http://people.mozilla.org/ (no tracking elements) 2) Navigate to cnn.com 3) Wait for a second and then press back while it is still loading. If that doesn't work, press forward to go back to cnn and wait for 'a bit' before pressing back again (just long enough for the shield to show up). It definitely depends on the timing, but I can get the shield to eventually show up on the people.mozilla.org site. I have some logging in place and it looks like there is a securityChange event firing with STATE_BLOCKED_TRACKING_CONTENT (which is presumably due to a request that was being blocked during the page load of cnn when it was interrupted to go backwards).
Flags: firefox-backlog?
Assignee | ||
Comment 1•9 years ago
|
||
In addition to that, in the Browser Console I'm seeing messages that there are resources blocked on people.mozilla.org even though they originated from the other page (see screenshot) The resource at "http://widgets.outbrain.com/outbrain.js" was blocked because tracking protection is enabled. people.mozilla.org The resource at "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-204044h&cg=0&cc=1&si=http%3A//www.cnn.com/&rp=&ts=compact&rnd=1437168860603" was blocked because tracking protection is enabled. people.mozilla.org François, do you have ideas about what is going on, or know who to direct this to?
Flags: needinfo?(francois)
Comment 2•9 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #1) > Created attachment 8635541 [details] > browser-console-logs.png > > In addition to that, in the Browser Console I'm seeing messages that there > are resources blocked on people.mozilla.org even though they originated from > the other page (see screenshot) > > The resource at "http://widgets.outbrain.com/outbrain.js" was blocked > because tracking protection is enabled. people.mozilla.org > The resource at > "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us- > 204044h&cg=0&cc=1&si=http%3A//www.cnn.com/&rp=&ts=compact&rnd=1437168860603" > was blocked because tracking protection is enabled. people.mozilla.org > > François, do you have ideas about what is going on, or know who to direct > this to? That's quite strange. As if the browser is firing events for a page after leaving it for another. CCing Javaun just so he knows about this problem.
Flags: needinfo?(francois)
Comment 3•9 years ago
|
||
(In reply to François Marier [:francois] from comment #2) > That's quite strange. As if the browser is firing events for a page after > leaving it for another. That could possibly be caused by a unload event handler making an XHR.
Updated•9 years ago
|
Flags: firefox-backlog? → firefox-backlog+
Priority: -- → P2
Comment 4•9 years ago
|
||
Investigation if issue is front-end or platform. Follow up ticket for resolving the issue to be filed as necessary.
Points: --- → 3
Summary: TP shield shows up incorrectly when pressing back while loading a page with tracking elements → Investigate - TP shield shows up incorrectly when pressing back while loading a page with tracking elements
Updated•9 years ago
|
Flags: qe-verify?
Updated•9 years ago
|
Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Flags: qe-verify? → qe-verify-
Priority: P2 → P1
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
Updated•9 years ago
|
Assignee: MattN+bmo → nobody
Status: ASSIGNED → NEW
Iteration: 42.3 - Aug 10 → ---
Priority: P1 → P2
Whiteboard: [fxprivacy] [campaign] → [fxprivacy]
Assignee | ||
Comment 5•9 years ago
|
||
Found an easier STR: 1) Open a page with no trackers, like: `data:text/html,no tracking here` 2) Navigate to a page with the following content: <script> window.onunload = function() { var img = new Image(); img.src = "http://trackertest.org"; document.body.appendChild(img); } </script> 3) Go back. This will cause the shield to show up on the first page
Assignee | ||
Comment 6•9 years ago
|
||
Using the simple STR from Comment 5, I've confirmed that that the webProgress object being passed in as the first argument to onSecurityChange has the wrong values set. In this case, webProgress.DOMWindow.location and webProgress.currentURI are both pointing to the incorrect URL (the page from step 1, even though the onSecurityChange is firing due to blocked content on the page from step 2). My best guess is that the docShell's mSecurityUI has already been updated to the new page when the channel classifier requests it [0]. This could also potentially lead to a bug where a third party tracking request is allowed to Site 1 during the onunload from Site 2 if the browser is navigating to Site 1. [0]: https://dxr.mozilla.org/mozilla-central/source/netwerk/base/nsChannelClassifier.cpp#469
Updated•9 years ago
|
Assignee: nobody → bgrinstead
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Priority: P2 → P1
Updated•9 years ago
|
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
Assignee | ||
Comment 7•9 years ago
|
||
Assignee | ||
Comment 8•9 years ago
|
||
Closing this now since it was just for investigation and I've filed 1190450
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•