tracking protection blocks async load of facebook js sdk

NEW
Unassigned

Status

P3
normal
3 years ago
23 days ago

People

(Reporter: m.moeseneder, Unassigned, NeedInfo)

Tracking

(Blocks: 1 bug)

Firefox 62
Unspecified
Windows 7

Firefox Tracking Flags

(platform-rel -, firefox44 affected, firefox47 affected)

Details

(Whiteboard: [platform-rel-Facebook] [tp-social] [tp-content], URL)

User Story

facebook.com
fbcdn.net
(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36

Steps to reproduce:

I am loading the facebook js sdk asynchronous in my project with the following code:

window.fbAsyncInit = function () {
    FB.init({
        appId: settings.facebookAppId,
        cookie: true,  // enable cookies to allow the server to access the session
        xfbml: true,  // parse social plugins on this page
        version: 'v2.0' // use version 2.0
    });
    FB.Canvas.setAutoGrow();
};

// Load the SDK asynchronously
(function (d, s, id) {
    var js, fjs = d.getElementsByTagName(s)[0];
    if (d.getElementById(id)) return;
    js = d.createElement(s);
    js.id = id;
    js.src = "//connect.facebook.net/de_DE/sdk.js";
    fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));


Actual results:

the tracking protection blocks the asynchronous load of the facebook js sdk.
but it seems to be only blocked, when i am not logged in on facebook.

you can see the problem here: http://artworx.at/promotion/werbeplanung/onliner/html/kategorien.php


Expected results:

as the script under //connect.facebook.net/de_DE/sdk.js is not for tracking, but for using facebook functionality it should not be blocked by the tracking protection
(Reporter)

Updated

3 years ago
OS: Unspecified → Windows 7
Blocks: 1101005
Component: General → DOM: Security

Comment 1

3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0

This happens to me as well. Disabling "Use Tracking Protection in Private Windows" allows it to load properly in non-private windows. Shouldn't that option only apply to private windows?

Comment 2

3 years ago
Can confirm this is still happening in FF 44 private browsing mode. Brave browser has this issue too: https://github.com/brave/browser-laptop/issues/780.

Also confirmed in various places around the web, such as http://stackoverflow.com/questions/30599918/firefox-tracking-protection-breaks-facebook-login.

Test case: https://quora.com
François, who owns triaging Tracking Protection breakage? Is this an evangelism issue?
Status: UNCONFIRMED → NEW
status-firefox44: --- → affected
status-firefox47: --- → affected
Ever confirmed: true
Flags: needinfo?(francois)
(In reply to Chris Peterson [:cpeterson] from comment #3)
> François, who owns triaging Tracking Protection breakage?

I'm not sure. We haven't really discussed it. Maybe Javaun knows.

> Is this an evangelism issue?

In this particular case, I'm not sure there's a whole lot that can be done since that domain is on the blocklist.
Component: DOM: Security → Safe Browsing
Flags: needinfo?(francois) → needinfo?(jmoradi)
Product: Core → Toolkit
For now, we're logging breakage to block bug 1101005 as Boris has done. We're about to gather more data on the extent of damage to understand how pervasive and how severe the breakage might be. We don't have any action beyond that, we need to really assess the impact to the UX.
Flags: needinfo?(jmoradi)

Comment 6

3 years ago
This also happens with embedded twitter cards. The widget.js file from platform.twitter.com doesn't load, and so the cards do not appear as twitter cards but simply unformatted blocks of text. Disabling "Tracking Protection" fixes this here as well.
Component: Safe Browsing → Tracking Protection
Product: Toolkit → Firefox
Version: 42 Branch → unspecified
Whiteboard: [platform-rel-Facebook]
platform-rel: --- → ?
platform-rel: ? → ---
Whiteboard: [platform-rel-Facebook]
Duplicate of this bug: 1243799
Duplicate of this bug: 1163771
Duplicate of this bug: 1283107

Comment 10

3 years ago
I think that block by default Facebook and Twitter is a error, the common users not know how disable Tracking Protection generate too incidents.

Updated

3 years ago
Duplicate of this bug: 1304312
platform-rel: --- → ?
Whiteboard: [platform-rel-Facebook]
platform-rel: ? → -
Duplicate of this bug: 1111156
Duplicate of this bug: 1374498
Whiteboard: [platform-rel-Facebook] → [platform-rel-Facebook] tp-product
Priority: -- → P3
Whiteboard: [platform-rel-Facebook] tp-product → [platform-rel-Facebook]
Duplicate of this bug: 1468122

Updated

9 months ago
Duplicate of this bug: 1469994
Whiteboard: [platform-rel-Facebook] → [platform-rel-Facebook] tp-needsrepro
As this is a pretty old issue, we are wondering if this is still reproducible.
Flags: needinfo?(m.moeseneder)
The exact breakage reported in this bug is not as important since we have made all of the other Facebook SDK breakage reports duplicates of this one. As long as one of them is valid, we should keep this open.
Blocks: 1470298
User Story: (updated)
Component: Tracking Protection → Desktop
Product: Firefox → Tech Evangelism
Whiteboard: [platform-rel-Facebook] tp-needsrepro → [platform-rel-Facebook] [tp-social] [tp-content]
Version: unspecified → Firefox 62
Investigated Bug 1163771

It's still reproducible.

Comment 19

7 months ago
I was able to replicate it too.
Duplicate of this bug: 1487045
No longer blocks: 1101005

Comment 21

6 months ago
Is this resolved in Firefox v62.0.3?

Comment 22

5 months ago
(In reply to Nick S from comment #21)
> Is this resolved in Firefox v62.0.3?

In firefox 64 still the bug

Updated

4 months ago
Duplicate of this bug: 1512403

Comment 24

2 months ago

This issue still persists (tried it in Firefox 64.0.2 on Mac version 10.13.3.

When I loaded a website which uses the FB SDK js file, it failed to load with below error:

The resource at “https://connect.facebook.net/en_US/all.js” was blocked because content blocking is enabled.

Question:
Is the tracking protection setting enabled by default in latest Firefox versions? Because I don't remember enabling this setting myself.

Comment 25

2 months ago

It is enabled by default in private windows and has been so since around November 2015.

Component: Desktop → Desktop
Product: Tech Evangelism → Web Compatibility

Comment 26

23 days ago
You need to log in before you can comment on or make changes to this bug.