1487062 - Layout is broken on store.vmware.com while Tracking Protection Basic is enabled

Status: RESOLVED DUPLICATE of bug 1475929

(Web Compatibility :: Privacy: Site Reports, defect, P3)

Description

[Oana Arbuzov [:oanaarbuzov]]

Attachment: BrokenLayout.png

[Environment:]
Browser / Version: Firefox Nightly 63.0a1 (2018-08-27)
Operating System: Windows 10 Pro

[Prerequisites:]
    1. Tracking Protection Basic enabled.
[Steps to Reproduce:]
    1. Navigate to  http://store.vmware.com/store/vmwde/de_DE/DisplayProductDetailsPage/ThemeID.29219600/productID.5125188900 
    2. Observe the page.
        
[Expected Behavior:]
Layout is displayed correctly.
 
[Actual Behavior:]
Layout is broken (images, css).

Comment 1

[Oana Arbuzov [:oanaarbuzov]]

The issue is related to `trackingprotection` breakage.

Looking at the devtools console, here are the blocked resources:
The resource at “https://drh.img.digitalriver.com/DRHM/Storefront/Site/vmware/cm/multimedia/css/styles.css” was blocked because content blocking is enabled.
The resource at “https://s7.addthis.com/js/300/addthis_widget.js#pubid=vmwAddThis” was blocked because content blocking is enabled.
The resource at “https://api.demandbase.com/api/v2/ip.js?key=e1f90d4a92d08428627aa34a78d58cc3e866c84f&var=dbInfo” was blocked because content blocking is enabled.
The resource at “http://media.fastclick.net/w/tre?ad_id=35052;evt=27333;cat1=37683;cat2=37684;” was blocked because content blocking is enabled.
The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled.
The resource at “https://dpm.demdex.net/id?d_visid_ver=1.10.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=5B29123F5245AD520A490D45%40AdobeOrg&d_nsid=0&ts=1535546143888” was blocked because content blocking is enabled.
The resource at “https://www.upsellit.com/launch/vmware.jsp” was blocked because content blocking is enabled.
Loading failed for the <script> with source “https://www.upsellit.com/launch/vmware.jsp”. store:1:1
The resource at “https://connect.facebook.net/en_US/fbevents.js” was blocked because content blocking is enabled.
Loading failed for the <script> with source “https://connect.facebook.net/en_US/fbevents.js”. store:1:1
The resource at “https://static.hotjar.com/c/hotjar-216475.js?sv=5” was blocked because content blocking is enabled.
Loading failed for the <script> with source “https://static.hotjar.com/c/hotjar-216475.js?sv=5”. store:1:1
The resource at “https://sjs.bizographics.com/insight.min.js” was blocked because content blocking is enabled.
Loading failed for the <script> with source “https://sjs.bizographics.com/insight.min.js”. store:1:1
The resource at “https://www.googleadservices.com/pagead/conversion_async.js” was blocked because content blocking is enabled.
Loading failed for the <script> with source “https://www.googleadservices.com/pagead/conversion_async.js”. store:1:1
The resource at “https://s279193683.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=279193683&ref2=elqNone&tzo=-120&ms=948&optin=disabled” was blocked because content blocking is enabled.

So below are the domains to test:
- drh.img.digitalriver.com
- s7.addthis.com
- api.demandbase.com
- media.fastclick.net
- www.google-analytics.com
- dpm.demdex.net
- www.upsellit.com
- connect.facebook.net
- static.hotjar.com
- sjs.bizographics.com
- www.googleadservices.com
- s279193683.t.eloqua.com

I opened the URL in a fresh browser profile (Firefox Nightly 63, uMatrix installed, normal mode) and loaded the page. The page layout is broken (no images, css)

I disabled the Spoof Referrer option in uMatrix and then WHITELISTED:
- digitalriver.com (including all related domains)
and the layout is displayed correctly.

The other resources didn't help. 

So in conclusion:
- digitalriver.com is in Advertising category = [tp-ads]

Comment 2

[Oana Arbuzov [:oanaarbuzov]]

Attachment: uMatrixResults.png

Added uMatrix results.