Closed Bug 1809209 Opened 2 years ago Closed 2 years ago

Redirecting SmartBlock shims can cause spurious CSP report-spam

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox111 --- fixed

People

(Reporter: twisniewski, Assigned: twisniewski)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1809209 - Avoid extra CSP reporting spam from redirecting SmartBlock shims; r?ksenia
48 bytes, text/x-phabricator-request
Details | Review

As reported by an Amazon contact, they are receiving many CSP reports which are related to the StickyAdsTV shim.

This is because the shim is redirecting through a fake URL, redirect.firefox.etp, as there are sites which explicitly check whether request to their tracking pixels were redirected, and break otherwise (discovered in bug 1717806). But their CSP does not list this URL, so things break.

I believe it should be sufficient to just use a "less fake" URL which is on a common domain for that tracker likely to be included in such a CSP, so let's try that here.

Assignee: nobody → twisniewski
Pushed by twisniewski@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/de577f352d00 Avoid extra CSP reporting spam from redirecting SmartBlock shims; r=ksenia,webcompat-reviewers

https://hg.mozilla.org/mozilla-central/rev/de577f352d00

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox111: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: