Closed Bug 1138056 Opened 10 years ago Closed 10 years ago

Tracking Protection breaks Yahoo! Mail attachment download

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: soeren.hentzschel, Assigned: francois)

References

(Blocks 1 open bug)

Details

With tracking protection enabled it's not possible to download attachments from Yahoo! Mail. The console says: The resource at "https://ir2-attach.ymail.com/ ... " was blocked because tracking protection is enabled. (I shortened the full url)
My wife just ran into the same thing. Her blocked domain was https://bf1-attach.ymail.com/... I wonder if the list has *.ymail.com on the list because some subdomains are ad servers without considering not all subdomains are evil. If TP uses the same hash-matching as the other parts of safeBrowsing there's no regexp support. We'd have to either enumerate all possible host names under there (probably unknown number, but their naming format supports tens of thousands), let them all pass, or block them all. We currently appear to be doing the last one, but maybe we can get agreements from Yahoo not to track users with DNT and then convince the list maintainers to take ymail.com off the list.
We probably can't ship TP with this bug. How do we bring this up with the list providers?
Flags: needinfo?(francois)
I can reproduce this too. I've added an exception to our list (https://github.com/mozilla-services/shavar-list-exceptions/commit/f137bad3a1f853b393ffbca73d87d31ba2c20766), it should be fixed within the next 45 minutes. I also reported it to Disconnect.
Assignee: nobody → francois
Status: NEW → ASSIGNED
Flags: needinfo?(francois)
Confirmed fixed as of 2015-05-07.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.