Unable to view the page on 1boon.daum.net when ETP - Strict is enabled
Categories
(Web Compatibility :: Privacy: Site Reports, defect, P3)
Tracking
(firefox87 affected)
| Tracking | Status | |
|---|---|---|
| firefox87 | --- | affected |
People
(Reporter: oanaarbuzov, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [tp-yellowlist-active][tp-site-unusable][tp-embedded-media][tp-shim-content])
Attachments
(1 file)
|
143.94 KB,
image/jpeg
|
Details |
StandardVSStrict.jpg
Environment:
Browser / Version: Firefox Preview Nightly 200311 (🦎:76.0a1-20200310094445)
Operating System: Huawei P20 Lite (Android 8.0.0) - 1080 x 2280 pixels, 19:9 ratio (~432 ppi density)
Steps to Reproduce:
- Navigate https://1boon.daum.net/goodjob/5e660446cca99512707d2e30?_=1583871639556
- Observe the page.
Expected Behavior:
The page is displayed with no errors.
Actual Behavior:
An error page is displayed.
Note:
- With "Standard" protection the page fully loads.
- Screenshot attached.
|
||
Comment 1•5 years ago
|
||
The page scripts rely on Instagram loading up:
TypeError: "can't access property "Embeds", window.instgrm is undefined"
NextJS 59
commons.793fa8db9d6539699f54.js:1:390817
If I whitelist www.instagram.com,platform.instagram.com, it works.
The site loads https://platform.instagram.com/en_US/embeds.js, which redirects to https://www.instagram.com/embed.js, which finally redirects to https://www.instagram.com/static/bundles/es6/EmbedSDK.js.
If I rewrite the response from that with a shim, the page at least loads:
(function() {
if (window.instgrm) return;
window.instgrm = {
Embeds: {},
};
}());
Of course the Twitter embed isn't showing up correctly, but the embed is ultimately loaded by scripts as an iframe:
<iframe class="instagram-media instagram-media-rendered" id="instagram-embed-0" src="https://www.instagram.com/p/B1EmFWIJBza/embed/?cr=1&wp=996&rd=https%3A%2F%2F1boon.daum.net&rp=%2Fgoodjob%2F5e660446cca99512707d2e30%3F_%3D1583871639556#%7B%22ci%22%3A0%2C%22os%22%3A2017%7D" allowtransparency="true" allowfullscreen="true" data-instgrm-payload-id="instagram-media-payload-0" scrolling="no" style="max-width: 500px; width: 100%; background: white none repeat scroll 0% 0%; box-sizing: border-box; border-radius: 3px; border: 1px solid rgb(219, 219, 219); box-shadow: none; display: block; margin: 0px 0px 12px; min-width: 326px; padding: 0px;" height="704" frameborder="0"></iframe>
This iframe seems to work fine with sandbox="allow-scripts" (and even at least shows the first image in the gallery with sandbox="") so it looks possible that we could effectively isolate the frame. Or we could provide our own replacement UI allowing the user to click-to-show the embed, or perhaps just proxy the iframe.
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Comment 2•5 years ago
|
||
Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3 (Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3 (normal.)
|
Reporter | |
Comment 3•4 years ago
|
||
The issue still occurs, with ETP - Strict, error page is displayed.
https://prnt.sc/yesiyc
Tested with:
Browser / Version: Firefox Nightly 210204 (🦎 87.0a1-20210203093146)
Operating System: Huawei P20 Lite (Android 8.0.0) - 1080 x 2280 pixels, 19:9 ratio (~432 ppi density), Samsung Galaxy S6 Edge (Android 7.0) - 1440 x 2560 pixels (~577 ppi pixel density)
|
|
||
Updated•4 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Updated•2 months ago
|
Description
•