Strict content blocker blocks images on website
Categories
(Web Compatibility :: Site Reports, defect, P3)
Tracking
(firefox63 affected, firefox64 affected, firefox65 affected, firefox86 affected)
People
(Reporter: muk.anc, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: webcompat:needs-diagnosis, Whiteboard: [tp-content][tp-social][sci-exclude][tp-yellowlist-active][tp-shim-content][tp-embedded-media])
User Story
aolcdn.com twitter.com
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 Steps to reproduce: When content blocker is enabled, image gallery on www.engadget.com doesn't display properly. Actual results: Enable "Tracking protection" from firefox menu Open the link : https://www.engadget.com/2018/10/18/samsung-galaxy-book2-hands-on/ Click one of the product images to open the gallery view Full scale image not displayed. Clicking the close button doesn't return to the main page Expected results: Image should have been displayed. Clicking on the close button (X) should have navigated to the main story.
Comment 1•6 years ago
|
||
Hi, I've managed to reproduce this issue using Firefox 63.0(20181018182531), Firefox Beta 64.0b3(20181022150107) and Firefox Nightly 65.0a1(20181023222913) Thank you for reporting!
Reporter | ||
Comment 2•6 years ago
|
||
Just to update, this is not specific to Windows 10. I happens on all Desktop systems. Also, as we start using the blocking protection more and more, would it make more sense to create a web page where all the non working sites can be posted? Creating one bug report per website will become unmanageable very soon. Cheers
Updated•6 years ago
|
Updated•6 years ago
|
Comment 3•6 years ago
|
||
I was able to reproduce the issue and it is related to `trackingprotection` breakage. [Tested with:] Browser / Version: Firefox Nightly 65.0a1 (2018-11-01) Operating System: Windows 10 Pro Looking at the devtools console, here are the blocked resources: The resource at “https://s.skimresources.com/js/72705X1521812.skimlinks.js” was blocked because content blocking is enabled. The resource at “https://plugin.mediavoice.com/mediaconductor/mc.js” was blocked because content blocking is enabled. The resource at “https://sb.scorecardresearch.com/beacon.js” was blocked because content blocking is enabled. The resource at “https://cdn.taboola.com/libtrc/aol-engadget/loader.js” was blocked because content blocking is enabled. The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled. The resource at “https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D271858%26extuid%3D%24UID” was blocked because content blocking is enabled. The resource at “https://sync.search.spotxchange.com/partner?source=211945” was blocked because content blocking is enabled. The resource at “https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156758&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID” was blocked because content blocking is enabled. The resource at “https://z.moatads.com/aolvidibleapi29384728347/moatapi.js#moatApiCallback=moatApiInit1541161432127” was blocked because content blocking is enabled. The resource at “https://plugin.mediavoice.com/mediaconductor/mc.js” was blocked because content blocking is enabled. The resource at “https://apx.moatads.com/pixel.gif?e=17&i=AOL2&cm=1&pl=0&bq=2&f=0&j=&o=3&t=1541161432636&de=781160629846&m=0&ar=2269dd6-clean&q=0&cb=0&cu=1541161432046&r=0&em=0&en=0&d=-%3A-&qs=5&bd=963890305&bo=&ac=1&it=500&cs=0” was blocked because content blocking is enabled. The resource at “https://platform.twitter.com/widgets.js?_=1541161431791” was blocked because content blocking is enabled. The resource at “https://aka-cdn.adtech.de/apps/308/Ad0St3Sz154Sq0V1Id112633140/UK_Finance_Podcast_display_160x600.jpg” was blocked because content blocking is enabled. The resource at “https://s-jsonp.moatads.com/ocr/AOL2/level3/963890306?t=2018102144” was blocked because content blocking is enabled. The resource at “https://dis.criteo.com/dis/usersync.aspx?r=45&p=96&cp=millennial&cu=1&url=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55945%2Fsync%3F_origin%3D0%26uid%3D%40%40CRITEO_USERID%40%40” was blocked because content blocking is enabled. The resource at “https://p.rfihub.com/cm?in=1&pub=758&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&forward=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55856%2Fsync%3Fuid%3D%7Buserid%7D%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3DBOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled. The resource at “https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled. The resource at “https://sync.mathtag.com/sync/img?mt_exid=21&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55938%2Fsync%3Fuid%3D%5BMM_UUID%5D%26_origin%3D0” was blocked because content blocking is enabled. The resource at “https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=O2c2c78c32-de99-11e8-ab22-0242f18cd76f&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&rurl=http%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0” was blocked because content blocking is enabled. The resource at “https://sync-tm.everesttech.net/upi/pid/eknnbrON?gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3DBOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled. The resource at “https://bh.contextweb.com/bh/rtset?pid=558299&ev=1&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55972%2Fsync%3Fuid%3D%25%25VGUID%25%25%26_origin%3D0” was blocked because content blocking is enabled.. So below are the domains to test: - s.skimresources.com - plugin.mediavoice.com - sb.scorecardresearch.com - cdn.taboola.com - www.google-analytics.com - ib.adnxs.com - sync.search.spotxchange.com - ads.pubmatic.com - z.moatads.com - plugin.mediavoice.com - apx.moatads.com - platform.twitter.com - aka-cdn.adtech.de - s-jsonp.moatads.com - dis.criteo.com - p.rfihub.com - pixel.quantserve.com - sync.mathtag.com - aol-match.dotomi.com - sync-tm.everesttech.net - bh.contextweb.com I opened the URL in a fresh browser profile (Firefox Nightly 65, uMatrix installed, normal mode) and loaded the page. The slideshow is not triggered. I disabled the Spoof Referrer option in uMatrix and then WHITELISTED: - aolcdn.com (including all related domains) - blogsmithmedia.com (including all related domains) and the slideshow is triggered but no images displayed. I then Whitelisted: - blogcdn.com (including all related domains) - twitter.com (including all related domains) and the images were displayed and slideshow could be closed. The other resources didn't help. So in conclusion: - aolcdn.com is in Content category = [tp-content] - blogsmithmedia.com and blogcdn.com are not listed - twitter.com is in Disconnect list at Social = [tp-social]
Assignee | ||
Updated•6 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
The image-galleries start working when I whitelist https://platform.twitter.com/widgets.js
. It turns out that their scripts expect to be able to call window.twttr.widgets.load
, or they break. Shimming like in bug 1519448 comment 3 seems to un-break it just fine.
Reporter | ||
Comment 7•4 years ago
|
||
In Firefox 75.0, clicking the image doesn't even open the gallery view anymore. It just brings me to the top of the page.
Updated•4 years ago
|
Comment 8•4 years ago
|
||
The issue is not reproducible with ETP - Standard, but still occurs with ETP - Strict.
https://prnt.sc/xgdc1q
Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2021-01-21)
Operating System: Windows 10 Pro
Changing the title so it reflects the above.
Comment 9•4 years ago
|
||
If embedded Twitter contents require cookies from twitter.com (third party cookie) to embed contents, this is the right behavior.
Description
•