1244140 - when blocking flash plugin, don't let pages think it's present

Status: RESOLVED DUPLICATE of bug 1186948

(Core Graveyard :: Plug-ins, defect)

Description

[David Jaša]

Currently, many sites do offer html5 videos (and other content, such as some click-through work compliance presentations etc.) when they can't detect flash plugin presence but the do return flash when the plugin is present no matter if it will be actually displayed or blocked. Therefore, it would make sense to change plugin blocking behaviour from the current one that make web pages think that flash is supported to completely hiding flash presence (with an information that page tried use of flash - plugin loading/SWF object creation/...).

Version:
Firefox up to ESR 45.0


How to reproduce
================

visit these pages:
http://edition.cnn.com/videos/tv/2016/01/26/exp-gps-0124-witw-sweden.cnn
http://www.reuters.com/video/2016/01/28/chinas-green-cars-are-making-things-wors?videoId=367200589&videoChannel=118110&channelName=Dateline+Asia

1. with a firefox with flash plugin present and set to "Block" or "Ask"
2. without flash installed

What happens:
pages look different:
1. they try loading flash ending ending up with grey placeholders and no way to get to html5 video
2. the pages successfully load and play html5 videos

What should happen:
pages should behave in 1. almost the same as in 2. - they should load html5 video and show in page info area that the page tried using flash


More info:
  * I couldn't get the desired behaviour by any flash-blocking extensions
    (I didn't dig through ad-blockers though)
  * this change of approach could have nice side effects:
    * drop of flash usage where alternatives exist but aren't preferred
      server-side
    * making flash demise hopefully faster while allowing users to keep it
      around for legacy sites or just-in-case
    * lesser browser fingerprint if applied to other plugins as well

Comment 1

[Tony Mechelynck [:tonymec]]

• When set to "Never Activate", it makes sense to make the page believe that it isn't installed.
• When set to "Always Activate", of course the fact will be made known to the page.
• When set to "Ask to Activate", the site must ask for it, or we won't show a popup; and if we pretend that it isn't installed, we will never be asked: some sites will switch to a different video format such as HTML5, and others will tell us "In order to view this video, you need Flash. Go to [link] to install it."

So IMHO it makes sense to pretend the plugin is not installed when it is disabled ("Never Activate"), but not when it is set to "Ask to Activate".

Comment 2

[David Jaša]

(In reply to Tony Mechelynck [:tonymec] from comment #1)
> • When set to "Never Activate", it makes sense to make the page believe that
> it isn't installed.
> • When set to "Always Activate", of course the fact will be made known to
> the page.
> • When set to "Ask to Activate", the site must ask for it, or we won't show
> a popup; and if we pretend that it isn't installed, we will never be asked:

Pages will ask that by serving flash <object> or accessing navigator.(mimeTypes|plugins)[MIME_of_flash]. They seem to do that irrespective of headers sent by browser (based on my rather quick and inconclusive experiment with outgoing headers mangling).

> some sites will switch to a different video format such as HTML5,

This is desirable outcome BTW

> and others
> will tell us "In order to view this video, you need Flash. Go to [link] to
> install it."

These others try loading flash using JS or <object> which would half-succeed in current way (with "enable plugin" placeholders). If I understand the whole thing correctly.