Closed
Bug 1266153
Opened 8 years ago
Closed 7 years ago
Tracking protection incorrectly renders blocked images on jetbrains.com
Categories
(Firefox :: Protections UI, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mcomella, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: tp-entitylist)
Attachments
(2 files)
W/ TP (broken)
Page: http://info.jetbrains.com/Kotlin-Night-2016.html With tracking protection, the image overlaps the registration fields, preventing you from registering. Without, the images appear as expected.
|
||
Comment 1•8 years ago
|
||
I can't reproduce. Can you provide a screenshot? Tanvi, is there a designated place for these kinds of bugs yet?
Flags: needinfo?(tanvi)
Flags: needinfo?(michael.l.comella)
|
Reporter | |
Comment 2•8 years ago
|
||
|
|
Reporter | |
Comment 3•8 years ago
|
||
Worth noting I'm running dev edition v47 on OS X.
Flags: needinfo?(michael.l.comella)
|
||
Comment 4•8 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #1) > Tanvi, is there a designated place for these kinds of bugs yet? I'm not sure. Let's ask Javaun.
Flags: needinfo?(tanvi) → needinfo?(jmoradi)
|
||
Comment 5•8 years ago
|
||
I believe we just mark these bugs as blocking the meta bug 1101005. That said, I couldn't reproduce this on either Nightly or Developer Edition, with either of the two block lists. Michael, do you have any ad blocker add-ons installed? Have you tried to reproduce with a clean profile?
Blocks: tp-breakage
|
||
Updated•8 years ago
|
Component: General → Tracking Protection
Flags: needinfo?(jmoradi)
|
|
Reporter | |
Comment 6•8 years ago
|
||
It appears the issue is caused by HTTPSEverywhere (I could not reproduce in safe mode). Does that mean this should be closed?
|
|
||
Comment 7•8 years ago
|
||
Thanks for the update Michael. You might want to move your bug report to https://github.com/EFForg/https-everywhere
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 8•8 years ago
|
||
A thought: HTTPSEverywhere is trying to upgrade resources which are are HTTPS friendly (e.g. it works without tracking protection) but break under tracking protection (presumably because the resources are not mixed content or something – I'm not sure how TP works). Could that be considered a tracking protection bug? Also, this could be the way the page declares the content, but isn't it also on Firefox that, when the resources are blocked, they render incorrectly?
|
|
||
Comment 9•8 years ago
|
||
(In reply to Michael Comella (:mcomella) from comment #8) > A thought: HTTPSEverywhere is trying to upgrade resources which are are > HTTPS friendly (e.g. it works without tracking protection) but break under > tracking protection (presumably because the resources are not mixed content > or something – I'm not sure how TP works). Could that be considered a > tracking protection bug? What is happening is that http://info.jetbrains.com/Kotlin-Night-2016.html has relative links like "/rs/426-QVD-114/images/Kotlin_Night_2016.png" for its images and that http://info.jetbrains.com/rs/426-QVD-114/images/Kotlin_Night_2016.png gets changed to https://na-lon02.marketo.com/rs/426-QVD-114/images/Kotlin_Night_2016.png when using HTTPS Everywhere because of the following rule: <rule from="^http://info\.jetbrains\.com/" to="https://na-lon02.marketo.com/" /> See: https://gitweb.torproject.org/https-everywhere.git/tree/src/chrome/content/rules/JetBrains.xml?id=4332e67208f50fb38cf270d93a4c765182b86c14#n159 And because marketo.com is on the TP list, it gets blocked. Without HTTPS Everywhere, the image gets served over HTTP from the info.jetbrains.com domain which is the same origin as the page and doesn't even show up on the TP list. Also interesting is that https://info.jetbrains.com/rs/426-QVD-114/images/Kotlin_Night_2016.png gives us a TLS name mismatch error: info.jetbrains.com uses an invalid security certificate. The certificate is only valid for the following names: *.marketo.com, marketo.com Error code: SSL_ERROR_BAD_CERT_DOMAIN It does look like jetbrains and marketo belong to the same company. So it might be worth asking Disconnect to get "jetbrains.com" added to the "properties" section of "Marketo" on the entity list: https://github.com/mozilla-services/shavar-prod-lists/blob/d53e8167a9a6c4ada9ecc3c397c61540dcd53228/disconnect-entitylist.json#L4457-L4461 which would prevent blocking marketo.com resources from pages on the jetbrains.com domain. Feedback can be submitted to Disconnect using this form: https://disconnect.me/trackerprotection#feedback
|
|
||
Updated•8 years ago
|
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
||
Updated•8 years ago
|
Summary: Tracking protection incorrectly renders blocked images on page → Tracking protection incorrectly renders blocked images on jetbrains.com
|
|
||
Updated•7 years ago
|
Priority: -- → P2
Whiteboard: tp-whitelist
|
|
||
Updated•7 years ago
|
Whiteboard: tp-whitelist → tp-entitylist
|
||
Comment 10•7 years ago
|
||
Tested on 58.0a1 with TP enabled. Page content, images, videos, links all function correctly.
|
|
||
Updated•7 years ago
|
Status: REOPENED → RESOLVED
Closed: 8 years ago → 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•