Cannot create account on databricks with standard ETP on Nightly
Categories
(Core :: Privacy: Anti-Tracking, defect, P1)
Tracking
()
People
(Reporter: sarah, Assigned: englehardt)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
957 bytes,
text/html
|
Details |
Steps to reproduce:
- Go to https://databricks.com/signup/signup-community
- Sometimes I get a cookie banner, sometimes I don't, not sure whether that's related
- Fill out form
- Press "Sign Up"
Expected: Proceed having signed up
Actual: Nothing happens, button is non-functional
Workaround: After turning off ETP for the site using shield menu, sign up proceeds as expected.
Clean, Nightly profile on Feb 12.
Tracking protection set to Standard
- Name Firefox
- Version 75.0a1
- Build ID 20200212205745
- Update Channel nightly
- User Agent Mozilla/5.0 (X11; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0
- OS Linux 5.4.13-201.fc31.x86_64
Assignee | ||
Comment 1•5 years ago
|
||
This is caused by fingerprinting blocking of maxmind.com
. When the script is blocked we see a reference error in the console: ReferenceError: geoip2 is not defined
and clicking the signup button does nothing. geoip2
is defined by https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js
and the error is thrown by https://databricks.com/wp-content/themes/databricks/assets/js/pages/signup-nk.js?ver=2.2.48
, specifically:
jQuery(document).ready(function($) {
var setupSignupPage = function() {
geoip2.country(onSuccess, onError);
$("#signup-button").on('click', function(event) {
resetErrors();
var $fields = $("#signup-form").find('input,select').filter('[required]:visible');
var invalids = isValid($fields);
if (invalids.length) {
return showErrors(invalids);
}
submitForm();
event.preventDefault();
});
...
Since geoip2 doesn't exist, the click handler is never defined. This seems like a perfect example of something we can fix with Bug 1516552.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
We've decided to fix this by adding a temporary skiplist entry for the geoip2 path since they have a reasonably well defined API both for geolocation and device identification (that latter of which will not be skiplisted). See https://dev.maxmind.com/geoip/geoip2/javascript/.
Grepping in our 2020-02-04 100k crawl I see the following maxmind URLs related to geoip2 (along with site count):
js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js script 134
geoip-js.maxmind.com/geoip/v2.1/country/me xmlhttprequest 68
geoip-js.maxmind.com/geoip/v2.1/city/me xmlhttprequest 60
js.maxmind.com/geoip/v2.1/country/me xmlhttprequest 11
js.maxmind.com/js/apis/geoip2/v2.0/geoip2.js script 6
geoip-js.maxmind.com/geoip/v2.0/city/me xmlhttprequest 6
js.maxmind.com/geoip/v2.1/city/me xmlhttprequest 5
js.maxmind.com/geoip/v2.1/insights/me xmlhttprequest 4
geoip-js.maxmind.com/geoip/v2.0/country/me xmlhttprequest 2
js.maxmind.com/geoip/v2.0/country/me xmlhttprequest 2
geoip-js.maxmind.com/geoip/v2.1/insights/me xmlhttprequest 1
static.maxmind.com/b300f2149f010784e81d/images/product-icon-geoip2-db.svg image 1
geoip.maxmind.com/geoip/v2.1/city/me xmlhttprequest 1
geoip-ipv4.maxmind.com/geoip/v2.0/country/me xmlhttprequest 1
static.maxmind.com/b300f2149f010784e81d/images/geoip2-infographic.svg image 1
j.maxmind.com/app/geoip.js script 1
geoip.maxmind.com/geoip/v2.0/country/me xmlhttprequest 1
We can cover all of these with *.maxmind.com/js/apis/geoip2,*.maxmind.com/geoip
. This only misses j.maxmind.com/app/geoip.js
, but that looks like a dead URL.
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Comment 4•5 years ago
|
||
Deployed this fix to the url-classifier-skip-urls
on STAGE and verified with the simple test page in Comment 3. Ready for deployment on PROD.
Assignee | ||
Comment 5•5 years ago
|
||
This is now live on PROD. I've verified the fix on a fresh Nightly profile.
Assignee | ||
Comment 7•5 years ago
|
||
(In reply to Julien Cristau [:jcristau] from comment #6)
Should this be closed?
No, this is only temporarily mitigated by the intervention. We still need to figure out a long-term solution.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 8•4 years ago
|
||
It looks like maxmind has fixed this issue. As such I'll remove the intervention.
Assignee | ||
Updated•4 years ago
|
Description
•