Closed
Bug 1217210
Opened 9 years ago
Closed 8 years ago
Tracking protection: Redirect to blocked resource in iframe is not blocked
Categories
(Toolkit :: Safe Browsing, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mwobensmith, Assigned: tnguyen)
References
Details
(Whiteboard: [sb-backlog] [sb-moderate])
Attachments
(2 files, 1 obsolete file)
An iframe whose source is a page that redirects to a blocked URL should be blocked. Currently it is not.
This affects tracking protection in Fx43 and 44, but not Fx42.
Updated•8 years ago
|
Assignee: francois → nobody
Whiteboard: tpe-seceng
Updated•8 years ago
|
Priority: -- → P2
Updated•8 years ago
|
Whiteboard: tpe-seceng → [sb-backlog] [sb-moderate]
Assignee | ||
Comment 1•8 years ago
|
||
Hi Matt,
Could you please test this in current version?
FWIU, loading a page that redirects to a malware/phishing URL in iframe should be blocked.
And tracking protection should have the same behavior.
Thanks
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(mwobensmith)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → tnguyen
Assignee | ||
Comment 2•8 years ago
|
||
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8790194 -
Attachment is obsolete: true
Comment hidden (typo) |
Assignee | ||
Comment 5•8 years ago
|
||
I followed the below steps
1. Run Apache on your machine at 127.0.0.1
2. Use the following Apache config:
# Test tracking protection
<VirtualHost localhost:80>
ServerName testtrackingprotection.appspot.com
DocumentRoot /var/www/html
Redirect "/s/tracking.html" "https://www.google-analytics.com/"
</VirtualHost>
3. Redirect the testsafebrowsing.appspot.com test page to your machine by
putting the following in /etc/hosts:
127.0.0.1 testtrackingprotection.appspot.com
4. Visit the test link I attached in a browser (note that you may need to disable insecure protection- clicking the lock icon on the top left)
5. Enable/disable tracking protection and notice that the page in iframe frame is blocked.
This works for me, please reopen it if you find the test does not work on your machine.
Thanks
Reporter | ||
Comment 6•8 years ago
|
||
Hi Thomas, sorry for the delay, I have been traveling.
This is still a problem for me. See attached test.
Reporter | ||
Updated•8 years ago
|
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Assignee | ||
Comment 7•8 years ago
|
||
Thanks Matt for your help.
Just enable tracking protection and privacy.trackingprotection.enabled to true in about:config and it works
. Could you please try again and please tell me your steps?
Assignee | ||
Comment 8•8 years ago
|
||
Oh, sorry that I did disturb your traveling :), enjoy your time and check this after you come back.
Comment 9•8 years ago
|
||
This issue seems related to Bug 1293476 and supposed to be fixed in the upcoming release (49).
Reporter | ||
Comment 10•8 years ago
|
||
Hi Thomas, no worries. I think you are right, it works now. I should have given more complete steps when I filed the bug, because I'm reasonably sure this was broken at that time. However, it works fine now. Thank you for your help.
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•