Closed Bug 1894183 Opened 9 months ago Closed 9 months ago

ETP blocks challenges.cloudflare.com causing some websites couldn't visit, for example, https://www.random.org

Categories

(Core :: Privacy: Anti-Tracking, defect)

Firefox 125
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: Tom25519, Unassigned)

Details

Steps to reproduce:

ETP blocks challenges.cloudflare.com causing some websites couldn't visit, for example, https://www.random.org.

Expected results:

ETP should allow challenges.cloudflare.com.

Thanks! I couldn't reproduce the issue. The challenge passes fine and redirects me to the site. Which ETP settings have you enabled? Are you on ETP standard or strict? Do you have any extensions (e.g. adblockers) enabled?

Flags: needinfo?(Tom25519)

We don't block challenges.cloudflare.com from loading even in ETP strict mode. But I saw https://challenges.cloudflare.com was listed on the phishing list from Google, but I can no longer see it. Maybe it's blocked because of SafeBrowsing, and SafeBrowsing has just updated its list and removed it from the phishing list.

Would you be able to check if the site works for you now? Thanks.

(In reply to Tim Huang[:timhuang] from comment #2)

We don't block challenges.cloudflare.com from loading even in ETP strict mode. But I saw https://challenges.cloudflare.com was listed on the phishing list from Google, but I can no longer see it. Maybe it's blocked because of SafeBrowsing, and SafeBrowsing has just updated its list and removed it from the phishing list.

Would you be able to check if the site works for you now? Thanks.

But it does exist in tracking protection list. You can find it via about:url-classifier, input https://challenges.cloudflare.com, search,
URI: https://challenges.cloudflare.com/ content-track-digest256

Flags: needinfo?(Tom25519)

Thanks Tom! I'm still curious if the site is still broken for you.

(In reply to Tom25519 from comment #3)

(In reply to Tim Huang[:timhuang] from comment #2)

We don't block challenges.cloudflare.com from loading even in ETP strict mode. But I saw https://challenges.cloudflare.com was listed on the phishing list from Google, but I can no longer see it. Maybe it's blocked because of SafeBrowsing, and SafeBrowsing has just updated its list and removed it from the phishing list.

Would you be able to check if the site works for you now? Thanks.

But it does exist in tracking protection list. You can find it via about:url-classifier, input https://challenges.cloudflare.com, search,
URI: https://challenges.cloudflare.com/ content-track-digest256

For me it shows up under tracking-annotation which means we wouldn't block it (Tim please correct me if I'm wrong). It does however show up under "phishing" (goog-phish-proto). The more likely issue is that this is a google safebrowsing false positive as mention in comment 2.

Flags: needinfo?(Tom25519)

Sorry...I found that set dom.enable_resource_timing = false is the root cause of this bug.

Status: UNCONFIRMED → RESOLVED
Closed: 9 months ago
Flags: needinfo?(Tom25519)
Resolution: --- → INVALID

Thanks for verifying the root cause.

You need to log in before you can comment on or make changes to this bug.