Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block Scripts and Fingerprinting Protection not working when open a guest/tor window multiple times #1381

Closed
jumde opened this issue Oct 1, 2018 · 7 comments · Fixed by brave/brave-core#622
Closed

Block Scripts and Fingerprinting Protection not working when open a guest/tor window multiple times #1381

jumde opened this issue Oct 1, 2018 · 7 comments · Fixed by brave/brave-core#622
Assignees
@yrliou
Labels
feature/private-browsing feature/shields The overall Shields feature in Brave. feature/tor QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes security
Milestone
0.55.x - Release ...

Comments

@jumde
Copy link
Contributor

jumde commented Oct 1, 2018
edited by srirambv

Test plan

See #1381 (comment)

POC: http://peltate-worth.000webhostapp.com/world.html

Version:
0.55.10 Chromium: 70.0.3538.22 (Official Build) beta (64-bit)
@bbondy bbondy added this to the Releasable builds 0.55.x milestone Oct 5, 2018
@bbondy bbondy added this to Tor in 0.55.x - Release Oct 5, 2018
@yrliou
Copy link
Member

yrliou commented Oct 5, 2018
edited

STR:

  1. Open a guest window and close it
  2. Open a guest window again
  3. Open http://peltate-worth.000webhostapp.com/world.html and click block scripts in shields
  4. the script blocking is not working as expected, shield icon is gray out

screen shot 2018-10-05 at 3 20 46 pm

Shields stop working correctly for scripts and fingerprinting protection (ads/trackers still work, I didn't test others) after we open a guest / tor window for the second time.
Things seem to be back to normal after toggle the shield on/off switch or restart the browser

@yrliou
Copy link
Member

yrliou commented Oct 5, 2018

BraveContentSettingsObserver::IsBraveShieldsDown return true when this bug happens, that's why script blocking and fingerprinting protection settings has no effect because it thinks shields is down.

@srirambv
Copy link
Contributor

srirambv commented Oct 5, 2018

@yrliou #1381 (comment) is similar to #1437?

@yrliou
Copy link
Member

yrliou commented Oct 5, 2018

@srirambv Seems different and I can't reproduce #1437 on 0.56.2 (macos).

@yrliou yrliou added feature/shields The overall Shields feature in Brave. feature/private-browsing labels Oct 5, 2018
@yrliou yrliou changed the title Block Scripts not working in tor Block Scripts and Fingerprinting Protection not working when open a guest/tor window multiple times Oct 6, 2018
@yrliou yrliou mentioned this issue Oct 6, 2018
Closed
@yrliou yrliou moved this from Tor to Shields in 0.55.x - Release Oct 6, 2018
@bbondy bbondy added the QA/Yes label Oct 10, 2018
@bbondy bbondy moved this from Shields to Tor in 0.55.x - Release Oct 15, 2018
@yrliou
Copy link
Member

yrliou commented Oct 15, 2018

We lost those brave default rules (especially the braveShields one) which only be set once when init HostContentSettingsMap, I think this issue will also be resolved by brave/brave-core#622.

@pilgrim-brave pilgrim-brave mentioned this issue Oct 15, 2018
Merged
18 tasks
@yrliou
Copy link
Member

yrliou commented Oct 16, 2018

Test Plan:

  1. Open a guest window and close it
  2. Open a guest window again
  3. Open http://peltate-worth.000webhostapp.com/world.html, click on "Show Message" will show an alert window.
  4. Click block scripts in shields
  5. The scripts should be blocked, make sure clicking on "Show Message" will have no alert window
    Fingerprinting
  6. Open a new tab and navigate to https://browserleaks.com/canvas
  7. Open the shield panel and set fingerprinting protection to block all
  8. Fingerprinting should be blocked and the page should be shown as below

screen shot 2018-10-15 at 6 18 48 pm

  1. Open a tor window and close it
  2. Open a tor window again
  3. Repeat step 3 to step 8

@bbondy bbondy removed this from Tor in 0.55.x - Release Oct 16, 2018
@srirambv
Copy link
Contributor

srirambv commented Oct 17, 2018
edited by LaurenWags

Verification Passed on

Brave 0.55.16 Chromium: 70.0.3538.54 (Official Build) (64-bit)
Revision 4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS Linux

Verification Passed on

Brave 0.55.16 Chromium: 70.0.3538.54 (Official Build) (64-bit)
Revision 4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS Windows

Verified passed with

Brave 0.55.17 Chromium: 70.0.3538.67 (Official Build) (64-bit)
Revision 9ab0cfab84ded083718d3a4ff830726efd38869f-refs/branch-heads/3538@{#1002}
OS Mac OS X

*Verified test plan from #1381 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yrliou yrliou

Labels
feature/private-browsing feature/shields The overall Shields feature in Brave. feature/tor QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes security
Projects
None yet
Milestone
0.55.x - Release (Release Channel)
Development

Successfully merging a pull request may close this issue.

Move default rules to content settings brave/brave-core
6 participants
@bbondy @jumde @yrliou @srirambv @LaurenWags @GeetaSarvadnya