Tweeter and Facebook comments are not displayed on the-village.ru while Tracking Protection Basic is enabled
Categories
(Web Compatibility :: Site Reports, defect, P3)
Tracking
(Not tracked)
People
(Reporter: oanaarbuzov, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [tp-social][tp-yellowlist-active][tp-shim-content][tp-embedded-media])
User Story
twitter.com facebook.com
Attachments
(2 files)
[Environment:] Browser / Version: Firefox Nightly 63.0a1 (2018-08-21) Operating System: Windows 10 Pro [Prerequisites:] 1. Tracking Protection Basic enabled. [Steps to Reproduce:] 1. Navigate to http://www.the-village.ru/village/city/situation-comment/265890-pika-pika 2. Scroll down the page and observe the comments area. [Expected Behavior:] The Tweeter and Facebook comments are displayed. [Actual Behavior:] The Tweeter and Facebook comments are not displayed.
Reporter | ||
Comment 1•6 years ago
|
||
The issue is related to `trackingprotection` breakage. Looking at the devtools console, here are the blocked resources: The resource at “https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js” was blocked because content blocking is enabled. The resource at “https://platform.twitter.com/widgets.js” was blocked because content blocking is enabled. The resource at “https://bs.yandex.ru/informer/1599625/1_0_F3F3F3FF_F3F3F3FF_0_uniques” was blocked because content blocking is enabled. The resource at “https://www.googleadservices.com/pagead/conversion.js” was blocked because content blocking is enabled. The resource at “https://stats.g.doubleclick.net/dc.js” was blocked because content blocking is enabled. The resource at “https://mc.yandex.ru/metrika/watch.js” was blocked because content blocking is enabled. The resource at “https://an.yandex.ru/mapuid/yandex/” was blocked because content blocking is enabled. The resource at “https://connect.facebook.net/en_US/fbevents.js” was blocked because content blocking is enabled. The resource at “https://platform.twitter.com/widgets.js” was blocked because content blocking is enabled. The resource at “https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fparkhoman%2Fposts%2F1436664733052487&width=500” was blocked because content blocking is enabled. The resource at “https://www.tns-counter.ru/V13a***R%3E*lookatmedia_ru/ru/UTF-8/tmsec=village_total/625086212” was blocked because content blocking is enabled. The resource at “https://gaua.hit.gemius.pl/xgemius.js” was blocked because content blocking is enabled. The resource at “https://vk.com/rtrg?r=Gw*G7e1kY*IGW9JYEuKvCFCu5i*KX3Zmeupn*CDvXkbAhyBvUa8cNlemF8gcbt0fujzp0VUcrP66dZj7Le3Se*V8j668Jh1Db1iw*/nn7pNnOVA24n1NIVtzC8uaK3N/3j4YRsy5k/e7vNfW0h1igfefPIWqYednm86XsFObkNU-” was blocked because content blocking is enabled. The resource at “https://ads.adfox.ru/5024/getBulk/v2?bids=W10%3D&dl=https%3A%2F%2Fwww.the-village.ru%2Fvillage%2Fcity%2Fsituation-comment%2F265890-pika-pika&date=2018-08-22T15%3A20%3A09.563%2B03%3A00&pd=22&pdh=1080&pdw=1920&pr1=4108131078&pr=1293496032&prr=&pv=15&pw=3&ylv=0.971&ybv=0.971&extid_loader=MTUzNDk0MDM3ODU2NjMzNDk1Nw%3D%3D&extid_tag_loader=www.the-village.ru&ytt=3605&is-turbo=0&skip-token=&ad-session-id=1280811534940409567&layout-config=%7B%22win_width%22%3A1284%2C%22win_height%22%3A894%2C%22width%22%3A0%2C%22height%22%3A0%2C%22left%22%3A954%2C%22top%22%3A2688%2C%22visible%22%3A1%2C%22req_no%22%3A0%7D&enable-flat-highlight=1&pp=g&ps=nil&p2=cbf&puid1=&puid2=&puid3=&puid4=&puid5=&puid6=&puid7=&puid8=&puid9=&puid10=&lpdid=5%3A555577166&utf8=%E2%9C%93&grab=dNCa0LDQuiDQsiDRgdC-0YbRgdC10YLRj9GFINGA0LXQsNCz0LjRgNGD0Y7RgiDQvdCwIMKr0YPRgdC70L7QstC60YPCuyDQtNC70Y8g0LvQvtCy0YbQsCDQv9C-0LrQtdC80L7QvdC-0LIg4oCUIFRoZSBWaWxsYWdlCjHQmtC-0LzQvNC10L3RgtCw0YDQuNC5INCa0LDQuiDQsiDRgdC-0YbRgdC10YLRj9GFINGA0LXQsNCz0LjRgNGD0Y7RgiDQvdCwIMKr0YPRgdC70L7QstC60YPCuyDQtNC70Y8g0LvQvtCy0YbQsCDQv9C-0LrQtdC80L7QvdC-0LIgCjLQodCy0Y_RidC10L3QvdC-0YHQu9GD0LbQuNGC0LXQu9GMIOKAlCDQviDQv9GA0LDQstC-0YHQu9Cw0LLQvdGL0YUg0LDQutGC0LjQstC40YHRgtCw0YUsINGB0LzQtdGA0YLQuCDQuCDRgdC10LvRhNC4IAoy0KDQtdC70LjQs9C40L7QstC10LQg0JTQvNC40YLRgNC40Lkg0KPQt9C70LDQvdC10YAg4oCUINC-INGC0L7QvCwg0L_QvtGH0LXQvNGDINGA0LXQu9C40LPQuNC4INGB0YLQsNC90L7QstGP0YLRgdGPINCy0YHRkSDQsdC-0LvQtdC1INC-0L_QsNGB0L3Ri9C80LggCjLCq9CvINC_0YDQvtCy0LXQu9CwINCyINC80L7QvdCw0YHRgtGL0YDQtSAxOCDQu9C10YLCuyAKMtCQ0LvQtdC60YHQsNC90LTRgCDQndC10LLQt9C-0YDQvtCyIOKAlCDQviDRgdCy0Y_Qt9C4INGB0YPQtNCwINC90LDQtCDQodC-0LrQvtC70L7QstGB0LrQuNC8INC4INC00LXRgtGB0LrQuNC80Lgg0YHRg9C40YbQuNC00LDQvNC4IAoywqvQm9C-0LLRhtGDINC_0L7QutC10LzQvtC90L7QssK7INCg0YPRgdC70LDQvdGDINCh0L7QutC-0LvQvtCy0YHQutC-0LzRgyDQtNCw0LvQuCDRg9GB0LvQvtCy0L3Ri9C5INGB0YDQvtC6IAoy0J3QvtCy0YvQtSDQuCDQu9GD0YfRiNC40LUgCjLQmtC-0LzQvNC10L3RgtCw0YDQuNC4IAoy0JTQstGD0YHRgtC-0YDQvtC90L3QuNC5INC_0LvQsNGJIFNo4oCZdSDQuCBGYWNlcyAmIExhY2VzIExvY2FscyAKMtCT0LTQtSDQv9GA0LjQstC10YHRgtC4INCyINC_” was blocked because content blocking is enabled. So below are the domains to test: - pagead2.googlesyndication.com - platform.twitter.com - bs.yandex.ru - www.googleadservices.com - stats.g.doubleclick.net - mc.yandex.ru - an.yandex.ru - connect.facebook.net - www.facebook.com - platform.twitter.com - www.tns-counter.ru - gaua.hit.gemius.pl - vk.com - ads.adfox.ru I opened the URL in a fresh browser profile (Firefox Nightly 63, uMatrix installed, normal mode) and loaded the page. The page is black. I disabled the Spoof Referrer option in uMatrix and then WHITELISTED: - facebook.com(including all related domains) - facebook.net(including all related domains) - fbcdn.net (including all related domains) - twimg.com (including all related domains) - twitter.com (including all related domains) and the Facebook and Twitter comments (including videos and images) are displayed. The other resources didn't help. So in conclusion: - facebook.com is in Disconnect category = [tp-social] - twitter.com is in Disconnect category = [tp-social]
Reporter | ||
Comment 2•6 years ago
|
||
Added uMatrix results.
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Assignee | ||
Updated•5 years ago
|
Updated•4 years ago
|
Comment 3•4 years ago
|
||
Yellow-listing these resources fixes the Facebook posts:
https://www.facebook.com/plugins/post.php
https://www.facebook.com/plugins/video.php
https://www.facebook.com/rsrc.php/
https://scontent-yyz1-1.xx.fbcdn.net/v/
https://video-yyz1-1.xx.fbcdn.net/v/
They are loaded in iframes like this:
<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fparkhoman%2Fposts%2F1436664733052487&width=500" style="border:none;overflow:hidden" scrolling="no" allowtransparency="true" width="500" height="540" frameborder="0"></iframe>
As such, we would need to proxy or sandbox these iframes, as in bug 1265457. We should be able to provide a basic "click to view Facebook posts on this page" placeholder if we'd like to go further.
Comment 4•4 years ago
|
||
As for the Twitter posts, they are embedded with markup like this:
<figure class="stk-reset stk-embed-figure" data-ce-tag="embed-figure">
<code class="stk-reset stk-code" style="padding-top: 0; ">
<blockquote class="twitter-tweet" data-lang="ru"> <p lang="ru" dir="ltr">Интересно, что в итоге ловец покемонов Соколовский провёл в камере времени гораздо больше, чем Васильева по делу Оборонсервиса.</p>— Alexey Navalny (@navalny) <a href="https://twitter.com/navalny/status/862583472073961472">11 мая 2017 г.</a> </blockquote>
<script async="" src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
</code>
<figcaption class="stk-reset stk-description stk-element_no-text" data-ce-tag="description"></figcaption>
</figure>
As such, it works for me to shim widgets.js
and put a placeholder near all .twitter-tweet
elements, which when clicked drops those placeholders and then re-loads each scripts tag with widgets.js
, while yellowlisting at these Twitter domains:
https://platform.twitter.com/
https://syndication.twitter.com/
https://cdn.syndication.twimg.com/
https://abs.twimg.com/
https://pbs.twimg.com/
Updated•4 years ago
|
Reporter | ||
Comment 5•3 years ago
•
|
||
The issue seems to be fixed now while ETP - Standard is enabled.
https://prnt.sc/wnarfp
Note: The issue still occurs with ETP - Strict enabled.
https://prnt.sc/wngyaj
Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2021-01-13)
Operating System: Windows 10 Pro
Reporter | ||
Updated•3 years ago
|
Description
•