Closed
Bug 1228965
Opened 9 years ago
Closed 5 years ago
tracking protection (strict list) blocks scripts from yandex.st
Categories
(Web Compatibility :: Privacy: Site Reports, defect, P5)
Web Compatibility
Privacy: Site Reports
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: lmironov, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: tp-content [platform-rel-Yandex])
User Story
yandex.st
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39
Build ID: 20151103191810
Steps to reproduce:
tracking protection blocks fairly innocuous scripts from yandex.st javascript library e.g. jquery which breaks numerous sites using this library e.g. bash.im (voting). No such problem in 2.38.
Warning: The resource at "http://yandex.st/jquery/1.8.3/jquery.min.js" was blocked because tracking protection is enabled.Source File: http://bash.im/Line: 0
Warning: The resource at "http://yandex.st/json2/2011-10-19/json2.min.js" was blocked because tracking protection is enabled.Source File: http://bash.im/Line: 0
how can I modify the blocklist myself?
|
||
Comment 1•9 years ago
|
||
@reporter:
For support requests please use newsgroup <mozilla.support.seamonkey>
If you want to report a bug please contribute a problem related step by step instruction containing every key press and every mouse click how to reproduce your problem due to <https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines> (similar to report in Bug 1139273)
Flags: needinfo?(lvm)
prerequisites: tracking protection is enabled (privacy.trackingprotection.enabled=true)
steps:
1. open bash.im
2. check the error console
3. locate the following messages
Warning: The resource at "http://yandex.st/jquery/1.8.3/jquery.min.js" was blocked because tracking protection is enabled.Source File: http://bash.im/Line: 0
Warning: The resource at "http://yandex.st/json2/2011-10-19/json2.min.js" was blocked because tracking protection is enabled.Source File: http://bash.im/Line: 0
actually these scripts shouldn't be blocked and these messages shouldn't be displayed
Flags: needinfo?(lvm)
|
|
||
Comment 3•9 years ago
|
||
(In reply to lvm from comment #2)
> actually these scripts shouldn't be blocked and these messages shouldn't be
> displayed
Why?
Because it breaks the site. Don't see what is has to do with the problem, but if you are interested in details, the construct used for voting buttons on bash.im <a href="/quote/436884/rulez" class="up" rel="nofollow" onclick="v('436884',0,0); return false;"> refers to function v from http://s.bash.im/bor.js which fails without jquery from yandex.st and causes clicking on voting buttons to open the link target instead of NOT opening it because the script never reaches the trailing 'return false' put there specifically for this purpose.
Also another false blocking:
Warning: The resource at "http://vk.com/video_ext.php?oid=23624606&id=171431211&hash=fb940c0d934bb1d2&hd=2" was blocked because tracking protection is enabled.
Source File: http://rusdtp.ru/44111-razbudil-peugeot-3008.html
which blocks the embedded video on the page mentioned above. Or should I file a separate bug?
|
||
Updated•8 years ago
|
Component: General → Tracking Protection
Product: SeaMonkey → Firefox
Version: SeaMonkey 2.39 Branch → unspecified
|
|
||
Comment 5•8 years ago
|
||
yandex.st is only in the "Strict" tracking protection list since Disconnect has it in the "Content" category: https://github.com/mozilla-services/shavar-prod-lists/blob/ce41e57e1c9e8cbf6bb2eb4b7645ca45e376c196/disconnect-blacklist.json#L8407
So it's not blocked in the default configuration of tracking protection.
|
|
||
Updated•8 years ago
|
Blocks: tp-breakage
|
|
||
Updated•8 years ago
|
Summary: tracking protection blocks scripts from yandex.st → tracking protection (strict list) blocks scripts from yandex.st
|
|
||
Comment 6•7 years ago
|
||
We could try to work with Yandex to host these scripts on a different domain on which they would comply with Disconnect policies.
Alternatively we could convince developers to host their own copy of jquery or use a CDN that's not on the list.
|
|
||
Updated•7 years ago
|
Whiteboard: tp-strict → tp-content
|
|
||
Updated•7 years ago
|
Whiteboard: tp-content → tp-content [platform-rel-Yandex]
|
|
||
Updated•7 years ago
|
Component: Tracking Protection → Desktop
Keywords: DevAdvocacy
Priority: P5 → --
Product: Firefox → Tech Evangelism
|
||
Updated•7 years ago
|
Priority: -- → P5
|
|
||
Updated•7 years ago
|
URL: http://bash.im
User Story: (updated)
|
Assignee | |
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
|
||
Comment 8•5 years ago
|
||
The page is working fine in strict mode now (the scripts aren't used by bash.im anymore). If we run into this problem elsewhere again and suspect that yandex is tracking users instead of just providing a CDN for those scripts, then we can likely just provide our own copies without hitting the CDN in the first place.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
|
||
Updated•4 months ago
|
Component: Site Reports → Privacy: Site Reports
You need to log in
before you can comment on or make changes to this bug.
Description
•