Closed
Bug 1139627
Opened 9 years ago
Closed 9 years ago
audit hardcoded URLs from Disconnect's exception list
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mmc, Unassigned)
References
(Blocks 1 open bug)
Details
I found 28 URLs in Disconnect's exception list: https://github.com/disconnectme/disconnect/blob/ff3302665953194128474cf83c0762d9146fd4cb/firefox/content/overlay.js#L1004 This bug is to record their findings. Kamil and Matt W QAed this list according to the following instructions: Steps to be used: (Note: don't have to start a new profile every single time for each website) 1) Start new Nightly with new profile 2) Disable e10s and enable tracking protection by going into about:config and turning on privacy.trackingprotection.enabled. 3) Wait 30 s and see if test page http://people.mozilla.org/~mchew/test_tp.html renders with blank boxes. If not, wait a bit more. 4) Enable webconsole and look at messages in the security tab 5) Visit all sites below. For shopping sites, try to look at an item or put something in the cart. For news sites, visit one article. You don't need a new profile for each site, just once. 6) If any page hangs, try disabling TP (click on the shield https://support.mozilla.org/en-US/kb/tracking-protection-firefox) and see if that helps. If the page fixes itself, TP is an issue. 7) If disabling TP fixes the problem, please include the list of blocked elements in the report. Blocked elements show up in the webconsole under the security tab with message "The resource at XXX was blocked because tracking protection is enabled." Build being used: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2015-03-03-03-02-30-mozilla-central/ Websites: allocine.fr [PASSED] barackobama.com [PASSED] bloomberg.com [PASSED] cbs.com [PASSED] cbsnews.com [PASSED] cvs.com - FAILED (https://bugzilla.mozilla.org/show_bug.cgi?id=1139620 dailymail.co.uk [PASSED] deviantart.com [PASSED] easyjet.com [PASSED] ford.com [PASSED] fossil.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139624 fossil.com [PASSED] freshdirect.com [PASSED] gamespot.com [PASSED] hm.com [PASSED] ign.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139625 macys.com - FAILED https://bugzilla.mozilla.org/show_bug.cgi?id=1139621 minecraft.net [PASSED] newyorker.com [PASSED] nordstrom.com https://bugzilla.mozilla.org/show_bug.cgi?id=1139623 playtv.fr [PASSED] slideshare.net [PASSED] subaru.com [PASSED] target.com [PASSED] techrepublic.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139626 ted.com [PASSED] telegraph.co.uk [PASSED] vimeo.com [PASSED]
Reporter | ||
Comment 1•9 years ago
|
||
Bugs have been filed for all the ones that failed, so closing.
You need to log in
before you can comment on or make changes to this bug.
Description
•