Closed Bug 1185117 Opened 9 years ago Closed 9 years ago

Investigate - TP shield shows up incorrectly when pressing back while loading a page with tracking elements

Categories

(Firefox :: Address Bar, defect, P1)

Product:
Firefox
Component:
Address Bar
Type:
defect
Points:
3

Tracking

()

Status:
RESOLVED FIXED
Iteration:
42.3 - Aug 10
Tracking Flags:
Tracking Status
firefox42 --- affected

People

(Reporter: bgrins, Assigned: bgrins)

References

Details

(Whiteboard: [fxprivacy] [campaign])

Attachments

(3 files)

shield-people.gif
101.66 KB, image/gif
Details
browser-console-logs.png
181.92 KB, image/png
Details
tracking-unload.html
162 bytes, text/html
Details
Attached image shield-people.gif 
There seems to be an issue with the way securityChange is reported when navigating back and forward (see STR below or the animated gif screencast).

1) Open http://people.mozilla.org/ (no tracking elements)
2) Navigate to cnn.com
3) Wait for a second and then press back while it is still loading.  If that doesn't work, press forward to go back to cnn and wait for 'a bit' before pressing back again (just long enough for the shield to show up).  It definitely depends on the timing, but I can get the shield to eventually show up on the people.mozilla.org site.

I have some logging in place and it looks like there is a securityChange event firing with STATE_BLOCKED_TRACKING_CONTENT (which is presumably due to a request that was being blocked during the page load of cnn when it was interrupted to go backwards).
Flags: firefox-backlog?
In addition to that, in the Browser Console I'm seeing messages that there are resources blocked on people.mozilla.org even though they originated from the other page (see screenshot)

The resource at "http://widgets.outbrain.com/outbrain.js" was blocked because tracking protection is enabled. people.mozilla.org
The resource at "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-204044h&cg=0&cc=1&si=http%3A//www.cnn.com/&rp=&ts=compact&rnd=1437168860603" was blocked because tracking protection is enabled. people.mozilla.org

François, do you have ideas about what is going on, or know who to direct this to?
Flags: needinfo?(francois)
(In reply to Brian Grinstead [:bgrins] from comment #1)
> Created attachment 8635541 [details]
> browser-console-logs.png
> 
> In addition to that, in the Browser Console I'm seeing messages that there
> are resources blocked on people.mozilla.org even though they originated from
> the other page (see screenshot)
> 
> The resource at "http://widgets.outbrain.com/outbrain.js" was blocked
> because tracking protection is enabled. people.mozilla.org
> The resource at
> "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-
> 204044h&cg=0&cc=1&si=http%3A//www.cnn.com/&rp=&ts=compact&rnd=1437168860603"
> was blocked because tracking protection is enabled. people.mozilla.org
> 
> François, do you have ideas about what is going on, or know who to direct
> this to?

That's quite strange. As if the browser is firing events for a page after leaving it for another.

CCing Javaun just so he knows about this problem.
Flags: needinfo?(francois)
(In reply to François Marier [:francois] from comment #2)
> That's quite strange. As if the browser is firing events for a page after
> leaving it for another.

That could possibly be caused by a unload event handler making an XHR.
Flags: firefox-backlog? → firefox-backlog+
Priority: -- → P2
Investigation if issue is front-end or platform.  Follow up ticket for resolving the issue to be filed as necessary.
Points: --- → 3
Summary: TP shield shows up incorrectly when pressing back while loading a page with tracking elements → Investigate - TP shield shows up incorrectly when pressing back while loading a page with tracking elements
Flags: qe-verify?
Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Flags: qe-verify? → qe-verify-
Priority: P2 → P1
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
Assignee: MattN+bmo → nobody
Status: ASSIGNED → NEW
Iteration: 42.3 - Aug 10 → ---
Priority: P1 → P2
Whiteboard: [fxprivacy] [campaign] → [fxprivacy]
Found an easier STR:

1) Open a page with no trackers, like: `data:text/html,no tracking here`
2) Navigate to a page with the following content:

  <script>
  window.onunload = function() {
    var img = new Image();
    img.src = "http://trackertest.org";
    document.body.appendChild(img);
  }
  </script>

3) Go back.  This will cause the shield to show up on the first page
Using the simple STR from Comment 5, I've confirmed that that the webProgress object being passed in as the first argument to onSecurityChange has the wrong values set.  In this case, webProgress.DOMWindow.location and webProgress.currentURI are both pointing to the incorrect URL (the page from step 1, even though the onSecurityChange is firing due to blocked content on the page from step 2).

My best guess is that the docShell's mSecurityUI has already been updated to the new page when the channel classifier requests it [0].  This could also potentially lead to a bug where a third party tracking request is allowed to Site 1 during the onunload from Site 2 if the browser is navigating to Site 1.

[0]: https://dxr.mozilla.org/mozilla-central/source/netwerk/base/nsChannelClassifier.cpp#469
Assignee: nobody → bgrinstead
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Priority: P2 → P1
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
Attached file tracking-unload.html 

    
  
Blocks: 1190450

    
    

    
  
Closing this now since it was just for investigation and I've filed 1190450
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: