Combine the two Network/TP warnings for blocked scripts
Categories
(Firefox :: Protections UI, defect, P2)
Tracking
()
People
(Reporter: Harald, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
STR: - Open https://bugzilla.mozilla.org/enter_bug.cgi with Content Blocking enabled ER: One message about blocked GA script. AR: GA gets blocked and generates 2 warnings The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled. enter_bug.cgi Loading failed for the <script> with source “https://www.google-analytics.com/analytics.js”. enter_bug.cgi:162:1 One message must be enough, to avoid noise and over-stimulation – training users to get blind to warnings. The first warning has more context in the text and an MDN link. The two information bits that would be useful to carry over from second warning would be: 1. The fact that a <script> tag was blocked, not just a generic resource 2. The location of the script tag.
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Comment 1•6 years ago
|
||
Easy way to reproduce this is: 1) Open New Private Window 2) Open DevTools Toolbox and select the Console panel 3) Load https://bugzilla.mozilla.org/enter_bug.cgi The panel should display aforementioned messages. In my case, I am actually seeing the blocking message twice. Might be another bug? See the attached screenshot. @Michal: I am seeing that the blocking message is generated here: https://searchfox.org/mozilla-central/rev/f2028b4c38bff2a50ed6aa1763f6dc5ee62b0cc4/netwerk/base/nsChannelClassifier.cpp#875 and the failed <script> message here: https://searchfox.org/mozilla-central/rev/f2028b4c38bff2a50ed6aa1763f6dc5ee62b0cc4/dom/script/ScriptLoader.cpp#3051 Would it be possible to attach an identifier (e.g. Resource ID) with those warnings so, the UI can merge it together? Or any better solution come to mind? Honza
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 3•6 years ago
|
||
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f9c08f2f2c68 Don't doubly warn when we can't load a script due to tracking protection; r=baku
Comment 5•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f9c08f2f2c68
Updated•6 years ago
|
Updated•5 years ago
|
Comment 6•5 years ago
|
||
Considering the long time it took for someone to get on this time, it appears that a few cycles have passed. Considering that this bug is fixed in firefox66, then it should also be fixed in firefox69, firefox68 and firefox67 and should reproduce in firefox65 (or older).
-
This is the messages that are being considered incorrect:
"
The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled. enter_bug.cgi
Loading failed for the <script> with source “https://www.google-analytics.com/analytics.js”. enter_bug.cgi:162:1
" -
This is in firefox65 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
" -
This is in firefox66 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled. enter_bug.cgi
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
" -
This is in firefox67 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled. enter_bug.cgi
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
" -
This is in firefox68 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled.
enter_bug.cgi
nsLoginManager: searchLogins:formSubmitURL
orhttpRealm
is recommended 2 LoginManager.jsm:392:13
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
"
Can you help me with the verification of this issue? I don't really understand which is a good result and which is a bad one. Thanks.
Assignee | ||
Comment 7•5 years ago
|
||
Hi Bodea,
The fix here eliminated the extra "Loading failed for the <script> with source..." message that you see in comment 0. The verification here would be to look at the console for that message and verify that you don't see it any more.
There are possibly many other messages that may come from other sources (as you've noted) that aren't related to the work that happened in this bug.
Comment 8•5 years ago
|
||
The issue does not reproduce in firefox65, but it also does not reproduce in any of the newer versions, as described in comment 5. Based on all the above, I will consider this issue verified. Thank you.
Updated•5 years ago
|
Description
•