Closed Bug 1719118 Opened 4 years ago Closed 4 years ago

chat.zalo.me doesn't display with Tracking Protection Basic

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 91
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox91 --- affected

People

(Reporter: karlcow, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

  1. Go to https://chat.zalo.me/

If I deactivate Tracking Protection the site displays.

This seems to be caused by Fingerprinting blocking

Blocks: fingerprinting-breakage
No longer blocks: tp-breakage

johann, this isn't fingerprinting-breakage aka RFP (bug 1507517) .. it's etp-breakage , a la bug 1480137 , unless I'm missing something

chat.zalo.me
14:04:04.065 Request to access cookie or storage on “https://apis.google.com/js/api.js” was blocked
Flags: needinfo?(jhofmann)

Whoops yeah I meant fp-blocking-breakage, thanks!

Blocks: fp-blocking-breakage
No longer blocks: fingerprinting-breakage
Flags: needinfo?(jhofmann)

There are quite a few stylesheets and scripts hosted on the CDN at zadn.vn which their page relies on to render:

https://zalo-chat-static.zadn.vn/v1/vendors-embed-render.f85daca1da58d70b76b1.css
https://zalo-chat-static.zadn.vn/v1/default-embed-render.c74076b5055445f98284.css
https://zalo-chat-static.zadn.vn/v1/render.d689285f6f52748abaeb.css
https://zalo-chat-static.zadn.vn/v1/lazy/vendors-embed-render.d69039eb01bd3c92c126.js
https://zalo-chat-static.zadn.vn/v1/lazy/vendors-render.42814b3ce4c2b1573a28.js
https://zalo-chat-static.zadn.vn/v1/lazy/default-embed-render.df2a8cf6f148a43a4a92.js
https://zalo-chat-static.zadn.vn/v1/render.d1376cf9460c23180d9a.js
https://zalo-chat-static.zadn.vn/v1/lazy/vendors-embed-render.d69039eb01bd3c92c126.js
https://zalo-chat-static.zadn.vn/v1/lazy/vendors-render.42814b3ce4c2b1573a28.js
https://zalo-chat-static.zadn.vn/v1/lazy/default-embed-render.df2a8cf6f148a43a4a92.js
https://zalo-chat-static.zadn.vn/v1/render.d1376cf9460c23180d9a.js
https://stc-sp.zadn.vn/session-sdk/session-sdk.min.js

It appears that these files in turn link to assets like images and the like which are also hosted on that domain, so this isn't a case where shims are suitable (unless we want to discover and bundle all of the necessary files, and keep them updated as they change).

As such this seems like a similar case to bug 1713414.

This was fixed by Disconnect recently https://github.com/disconnectme/disconnect-tracking-protection/commit/21134d05e7a407739d7db0b695cbbf359afffdd2

I'll close the bug when this is deployed.

Flags: needinfo?(jhofmann)

The change has been deployed and the site is working again in standard ETP mode.

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(jhofmann)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.