Closed Bug 1486755 Opened 4 years ago Closed 2 years ago

Videos are not played on with Basic Tracking Protection ON


(Web Compatibility :: Desktop, defect, P3)

Firefox 62
Windows 10


(Not tracked)



(Reporter: sergiu, Unassigned)


(Blocks 3 open bugs, )


(Whiteboard: [tp-ads][tp-yellowlist-passive][tp-shim-complex][tp-embedded-media])

User Story
Operating system: Windows 10 Pro
Firefox version: Firefox Nightly 63.0a1 (2018-08-27) (64-bit)

Enable Basic Tracking Protection

Steps to reproduce:
1. Navigate to:
2. Play the video.

Expected Behavior:
The video is displayed.

Actual Behavior:
The video placeholder is displayed black.

1. Screenshot attached:
This is related to `tpvideo` breakage #1400025

Looking at the devtools console, here are the blocked resources:

The resource at “” was blocked because content blocking is enabled.[Learn More] steve-bannon
The resource at “” was blocked because content blocking is enabled.[Learn More] steve-bannon

So these are the domains to test:

I opened the URL in a fresh browser profile (Firefox Nightly 63, uMatrix installed, normal mode) and loaded the page. The video did not load.

I disabled the Spoof Referrer option in uMatrix and then *WHITELISTED*:

After this, the video placeholder was correctly displayed.
The other resources didn't help. can be found in the disconnect-blacklist.json and disconnect-entitylist.json. can be found in the disconnect-entitylist.json.

So in conclusion: - Advertising = [tp-ads]
User Story: (updated)
Priority: -- → P3
Product: Tech Evangelism → Web Compatibility

I am able to reproduce this on whichever video is playing at the time on (which doesn't require a CBS All-Access account). I see this in the console:

Error: Script error for ""

And allowing that script, I see this:

Error: Script error for ""

Then I see:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS request did not succeed).

And allowing all of those through, the video finally plays.

Simply pretending that the first two scripts load fine while replacing them with an empty script is fine, but the actual stream information is received through the JSON response in the request, so we would need to yellow-list or proxy that request. Since the user is opting into watching the video, we could detect the request attempt, and confirm with the user if they would like it take place, and then simply allow it (or proxy it).

Whiteboard: [tp-ads] → [tp-ads][tp-yellowlist-passive][tp-shim-complex][tp-embedded-media]
No longer blocks: 1516552

The issue no longer reproduces with ETP - Standard enabled.

Note: The video plays with ETP - Strict in the background with no audio, and when clicking the "Play" button, the video remains in loading state.

Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2021-01-14)
Operating System: Windows 10 Pro

Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.