An iframe whose source is a page that redirects to a blocked URL should be blocked. Currently it is not. This affects tracking protection in Fx43 and 44, but not Fx42.
Hi Matt, Could you please test this in current version? FWIU, loading a page that redirects to a malware/phishing URL in iframe should be blocked. And tracking protection should have the same behavior. Thanks
I followed the below steps 1. Run Apache on your machine at 127.0.0.1 2. Use the following Apache config: # Test tracking protection <VirtualHost localhost:80> ServerName testtrackingprotection.appspot.com DocumentRoot /var/www/html Redirect "/s/tracking.html" "https://www.google-analytics.com/" </VirtualHost> 3. Redirect the testsafebrowsing.appspot.com test page to your machine by putting the following in /etc/hosts: 127.0.0.1 testtrackingprotection.appspot.com 4. Visit the test link I attached in a browser (note that you may need to disable insecure protection- clicking the lock icon on the top left) 5. Enable/disable tracking protection and notice that the page in iframe frame is blocked. This works for me, please reopen it if you find the test does not work on your machine. Thanks
Hi Thomas, sorry for the delay, I have been traveling. This is still a problem for me. See attached test.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Thanks Matt for your help. Just enable tracking protection and privacy.trackingprotection.enabled to true in about:config and it works . Could you please try again and please tell me your steps?
Oh, sorry that I did disturb your traveling :), enjoy your time and check this after you come back.
This issue seems related to Bug 1293476 and supposed to be fixed in the upcoming release (49).
Hi Thomas, no worries. I think you are right, it works now. I should have given more complete steps when I filed the bug, because I'm reasonably sure this was broken at that time. However, it works fine now. Thank you for your help.
Status: REOPENED → RESOLVED
Closed: 3 years ago → 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.