Tracking protection basic breaks redditp.com
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
People
(Reporter: ubershmekel, Assigned: twisniewski)
References
(Blocks 1 open bug, )
Details
(Keywords: webcompat:needs-diagnosis, Whiteboard: [tp-ads][tp-social][tp-yellowlist-active][tp-site-unusable])
User Story
reddit.com googleapis.com
Attachments
(3 files)
Reporter | ||
Comment 1•9 years ago
|
||
Updated•9 years ago
|
Updated•9 years ago
|
Comment 3•8 years ago
|
||
Updated•7 years ago
|
Updated•7 years ago
|
Comment 5•7 years ago
|
||
Updated•6 years ago
|
Updated•6 years ago
|
Comment 6•6 years ago
|
||
Comment 7•6 years ago
|
||
Comment 8•6 years ago
|
||
Comment 9•6 years ago
|
||
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Reporter | ||
Comment 11•5 years ago
|
||
Is it true that the "turn off blocking for this site" button is gone in newer versions of Firefox?
https://github.com/ubershmekel/redditp/issues/73#issuecomment-527743988
Assignee | ||
Comment 12•5 years ago
|
||
We will need to unblock/sandbox/proxy https://www.reddit.com/.json
for this page to be able to load its content from Reddit.
Assignee | ||
Updated•5 years ago
|
Comment 13•4 years ago
|
||
I think this ticket could be generalized into "Tracking protection basic breaks any site interacting with Reddit API". Reddit has a nice CORS-compatible JSON API that works well from other browsers.
Whitelisting https://www.reddit.com/<anything>.json
CORS calls would be a good idea. (For the record I'm also impacted: I'm developing a site that allows people to verify their social profiles)
Reporter | ||
Comment 14•4 years ago
|
||
Another note about reddit's api is that there are a few endpoints that don't work with the CORS calls and only work with the JSONP calls. For example:
https://www.reddit.com/r/random/.json returns a 301 redirect to https://www.reddit.com/r/Arcade1Up/.json
This causes the CORS request to fail.
Updated•4 years ago
|
Assignee | ||
Comment 16•3 years ago
|
||
In this case shims might be able to at least provide an opt-in placeholder, like a click-to-play user interface. We're investigating how to implement such a feature, and I'll update here as that investigation progresses.
Comment 17•3 years ago
|
||
In private window the issue is still reproducible with ETP - Standard and Strict.
https://prnt.sc/exOdaVIHuz8n
In normal windows the issue is reproducible only with ETP - Strict.
https://prnt.sc/Uj6P9b3i5Wnh
Tested with:
Browser / Version: Firefox Nightly 101.0a1 (2022-04-07)
Operating System: Windows 10 Pro
Comment 18•2 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Comment 19•2 years ago
|
||
I can confirm that this breaks with ETP set to STRICT, in Normal Mode, and with ETP set to STANDARD in PRIVATE Mode.
Tom, since the behavior is different here, can we move this issue to the relevant Component?
Tested with:
Browser / Version: Firefox Nightly 110.0a1 (2023-01-11) (64-bit) Chrome Version 109.0.5414.75 (Official Build) (64-bit)
Operating System: Windows 10 PRO x64
Updated•2 years ago
|
Assignee | ||
Comment 20•2 years ago
|
||
Yes, done. Thanks Raul!
Updated•1 year ago
|
Description
•