Closed
Bug 1500315
Opened 6 years ago
Closed 4 years ago
Strict content blocker blocks images on website
Categories
(Web Compatibility :: Site Reports, defect, P3)
Tracking
(firefox63 affected, firefox64 affected, firefox65 affected, firefox86 affected)
RESOLVED
DUPLICATE
of bug 1628176
People
(Reporter: muk.anc, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: webcompat:needs-diagnosis, Whiteboard: [tp-content][tp-social][sci-exclude][tp-yellowlist-active][tp-shim-content][tp-embedded-media])
User Story
aolcdn.com twitter.com
Attachments
(2 files)
SlideshowBroken.jpg
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Steps to reproduce:
When content blocker is enabled, image gallery on www.engadget.com doesn't display properly.
Actual results:
Enable "Tracking protection" from firefox menu
Open the link : https://www.engadget.com/2018/10/18/samsung-galaxy-book2-hands-on/
Click one of the product images to open the gallery view
Full scale image not displayed.
Clicking the close button doesn't return to the main page
Expected results:
Image should have been displayed.
Clicking on the close button (X) should have navigated to the main story.
|
||
Comment 1•6 years ago
|
||
Hi,
I've managed to reproduce this issue using Firefox 63.0(20181018182531), Firefox Beta 64.0b3(20181022150107) and
Firefox Nightly 65.0a1(20181023222913)
Thank you for reporting!
Status: UNCONFIRMED → NEW
status-firefox63:
--- → affected
status-firefox64:
--- → affected
status-firefox65:
--- → affected
Component: Untriaged → Tracking Protection
Ever confirmed: true
OS: Unspecified → Windows 10
Version: 62 Branch → Trunk
|
Reporter | |
Comment 2•6 years ago
|
||
Just to update, this is not specific to Windows 10. I happens on all Desktop systems.
Also, as we start using the blocking protection more and more, would it make more sense to create a web page where all the non working sites can be posted? Creating one bug report per website will become unmanageable very soon.
Cheers
|
|
||
Updated•6 years ago
|
OS: Windows 10 → All
|
||
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: tp-needsrepro
|
||
Comment 3•6 years ago
|
||
I was able to reproduce the issue and it is related to `trackingprotection` breakage.
[Tested with:]
Browser / Version: Firefox Nightly 65.0a1 (2018-11-01)
Operating System: Windows 10 Pro
Looking at the devtools console, here are the blocked resources:
The resource at “https://s.skimresources.com/js/72705X1521812.skimlinks.js” was blocked because content blocking is enabled.
The resource at “https://plugin.mediavoice.com/mediaconductor/mc.js” was blocked because content blocking is enabled.
The resource at “https://sb.scorecardresearch.com/beacon.js” was blocked because content blocking is enabled.
The resource at “https://cdn.taboola.com/libtrc/aol-engadget/loader.js” was blocked because content blocking is enabled.
The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled.
The resource at “https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D271858%26extuid%3D%24UID” was blocked because content blocking is enabled.
The resource at “https://sync.search.spotxchange.com/partner?source=211945” was blocked because content blocking is enabled.
The resource at “https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156758&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID” was blocked because content blocking is enabled.
The resource at “https://z.moatads.com/aolvidibleapi29384728347/moatapi.js#moatApiCallback=moatApiInit1541161432127” was blocked because content blocking is enabled.
The resource at “https://plugin.mediavoice.com/mediaconductor/mc.js” was blocked because content blocking is enabled.
The resource at “https://apx.moatads.com/pixel.gif?e=17&i=AOL2&cm=1&pl=0&bq=2&f=0&j=&o=3&t=1541161432636&de=781160629846&m=0&ar=2269dd6-clean&q=0&cb=0&cu=1541161432046&r=0&em=0&en=0&d=-%3A-&qs=5&bd=963890305&bo=&ac=1&it=500&cs=0” was blocked because content blocking is enabled.
The resource at “https://platform.twitter.com/widgets.js?_=1541161431791” was blocked because content blocking is enabled.
The resource at “https://aka-cdn.adtech.de/apps/308/Ad0St3Sz154Sq0V1Id112633140/UK_Finance_Podcast_display_160x600.jpg” was blocked because content blocking is enabled.
The resource at “https://s-jsonp.moatads.com/ocr/AOL2/level3/963890306?t=2018102144” was blocked because content blocking is enabled.
The resource at “https://dis.criteo.com/dis/usersync.aspx?r=45&p=96&cp=millennial&cu=1&url=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55945%2Fsync%3F_origin%3D0%26uid%3D%40%40CRITEO_USERID%40%40” was blocked because content blocking is enabled.
The resource at “https://p.rfihub.com/cm?in=1&pub=758&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&forward=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55856%2Fsync%3Fuid%3D%7Buserid%7D%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3DBOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled.
The resource at “https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled.
The resource at “https://sync.mathtag.com/sync/img?mt_exid=21&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55938%2Fsync%3Fuid%3D%5BMM_UUID%5D%26_origin%3D0” was blocked because content blocking is enabled.
The resource at “https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=O2c2c78c32-de99-11e8-ab22-0242f18cd76f&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&rurl=http%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0” was blocked because content blocking is enabled.
The resource at “https://sync-tm.everesttech.net/upi/pid/eknnbrON?gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3DBOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo” was blocked because content blocking is enabled.
The resource at “https://bh.contextweb.com/bh/rtset?pid=558299&ev=1&gdpr=1&gdpr_consent=BOWmowSOWmowfAOABCENBnqAAAAghyfJfe7f98fR9v_lVkR7Gn6MwWiTwEQ4PEcH5ATzwQJhegZg0HcIydxJAoQQMARALYJCDEgSkiMSoAiGgpQwoMgo&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55972%2Fsync%3Fuid%3D%25%25VGUID%25%25%26_origin%3D0” was blocked because content blocking is enabled..
So below are the domains to test:
- s.skimresources.com
- plugin.mediavoice.com
- sb.scorecardresearch.com
- cdn.taboola.com
- www.google-analytics.com
- ib.adnxs.com
- sync.search.spotxchange.com
- ads.pubmatic.com
- z.moatads.com
- plugin.mediavoice.com
- apx.moatads.com
- platform.twitter.com
- aka-cdn.adtech.de
- s-jsonp.moatads.com
- dis.criteo.com
- p.rfihub.com
- pixel.quantserve.com
- sync.mathtag.com
- aol-match.dotomi.com
- sync-tm.everesttech.net
- bh.contextweb.com
I opened the URL in a fresh browser profile (Firefox Nightly 65, uMatrix installed, normal mode) and loaded the page. The slideshow is not triggered.
I disabled the Spoof Referrer option in uMatrix and then WHITELISTED:
- aolcdn.com (including all related domains)
- blogsmithmedia.com (including all related domains)
and the slideshow is triggered but no images displayed.
I then Whitelisted:
- blogcdn.com (including all related domains)
- twitter.com (including all related domains)
and the images were displayed and slideshow could be closed.
The other resources didn't help.
So in conclusion:
- aolcdn.com is in Content category = [tp-content]
- blogsmithmedia.com and blogcdn.com are not listed
- twitter.com is in Disconnect list at Social = [tp-social]
Blocks: tp-breakage
User Story: (updated)
Component: Tracking Protection → Desktop
OS: All → Windows 10
Product: Firefox → Tech Evangelism
Hardware: Unspecified → x86_64
Whiteboard: tp-needsrepro → [tp-content][tp-social]
Version: Trunk → Firefox 65
|
|
||
Comment 4•6 years ago
|
||
Slideshow broken.
|
|
||
Comment 5•6 years ago
|
||
Added uMatrix results.
|
Assignee | |
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
Whiteboard: [tp-content][tp-social] → [tp-content][tp-social][sci-exclude]
|
||
Comment 6•5 years ago
|
||
The image-galleries start working when I whitelist https://platform.twitter.com/widgets.js. It turns out that their scripts expect to be able to call window.twttr.widgets.load, or they break. Shimming like in bug 1519448 comment 3 seems to un-break it just fine.
Blocks: tp-twitter
|
|
Reporter | |
Comment 7•5 years ago
|
||
In Firefox 75.0, clicking the image doesn't even open the gallery view anymore. It just brings me to the top of the page.
|
|
||
Updated•5 years ago
|
Whiteboard: [tp-content][tp-social][sci-exclude] → [tp-content][tp-social][sci-exclude][tp-yellowlist-active][tp-shim-content][tp-embedded-media]
|
|
||
Comment 8•4 years ago
|
||
The issue is not reproducible with ETP - Standard, but still occurs with ETP - Strict.
https://prnt.sc/xgdc1q
Tested with:
Browser / Version: Firefox Nightly 86.0a1 (2021-01-21)
Operating System: Windows 10 Pro
Changing the title so it reflects the above.
status-firefox86:
--- → affected
Keywords: webcompat:needs-diagnosis
Summary: Content blocker blocks images on website → Strict content blocker blocks images on website
|
||
Comment 9•4 years ago
|
||
If embedded Twitter contents require cookies from twitter.com (third party cookie) to embed contents, this is the right behavior.
You need to log in
before you can comment on or make changes to this bug.
Description
•