Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Brave Shields blocks uploading header graphic cover photo for YouTube channels #3397

Open
Miyayes opened this issue Feb 18, 2019 · 2 comments
Open

Comments

@Miyayes
Copy link
Contributor

@Miyayes Miyayes commented Feb 18, 2019

Description

When updating your YouTube channel's cover/header photo, Brave's Shields will not let you access the upload/picture selection screen. It will continually ask you to "sign in", but nothing will happen.

When Shields are disabled, everything works as expected.

image

Chrome + uBlock Origin: Works as expected with Chrome + uBlock Origin.

Originally reported here: https://community.brave.com/t/brave-blocks-uploading-header-graphic-to-yt-channel/45286 Please see here for more photos.

Steps for reproduction

  1. Log into a YouTube channel on Brave with Shields up.
  2. Go to your channel settings; try to edit the channel header photo/customize channel artwork.
  3. Be prompted to "Sign in". Click "Sign in". Nothing will happen.

Specs

Reproduced on:

  1. Version 0.59.35 Chromium: 72.0.3626.81 (Official Build) (64-bit) (my own machine, MacOS)
  2. Version 0.61.22 Chromium: 72.0.3626.81 (Official Build) dev (64-bit) (according to community report. Appears to be Windows.)
@srirambv srirambv added this to To do in Web Compatibility via automation Feb 18, 2019
@bbondy bbondy added the priority/P3 label Mar 5, 2019
@rebron rebron moved this from To do to P3 backlog in Web Compatibility Apr 2, 2019
@mikedotexe
Copy link

@mikedotexe mikedotexe commented Dec 4, 2019

Bumping this issue as I just saw it as well.
Note that when I allow all cookies, this problem disappears.
Shown below is the change that "fixes" this:
Screenshot 2019-12-04 11 58 31

I don't think that Brave should try customize defaults for all sites, as that's untenable. However, in the case of YouTube channel customization, may I suggest that this gets changed from "Cross-site cookies blocked" to "All cookies allowed" or some sort of modal appears alerting the user that some folks have needed this change for this page/site, or something to the likes of that.

Console log errors here:

rpc.js?c=1&container=onepick:448 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin ('https://www.youtube.com').
(anonymous) @ rpc.js?c=1&container=onepick:448
setTimeout (async)
call @ rpc.js?c=1&container=onepick:446
call @ rpc.js?c=1&container=onepick:678
(anonymous) @ common.js:1563
(anonymous) @ common.js:1559
yja @ common.js:1546
BJ @ common.js:1559
DJ @ common.js:1563
g.h.Sb @ common.js:2783
g.h.show @ channels_edit.js:143
(anonymous) @ channels_edit.js:30
(anonymous) @ common.js:293
k @ base.js:404
videos?disable_polymer=true:1 Invalid 'X-Frame-Options' header encountered when loading 'https://docs.google.com/picker?protocol=gadgets&origin=https%3A%2F%2Fwww.youtube.com&hostId=yt-banner&hl=en_US&title=Channel%20art&thumbs=orig&minSize=2048x1152&cropMode=ytcb&relayUrl=https%3A%2F%2Fwww.youtube.com%2F%2Fs.ytimg.com%2Fyts%2Ffavicon-vfl8qSV2F.ico&nav=((%22upload%22%2Cnull%2C%7B%22query%22%3A%22youtubebanner%22%2C%22data%22%3A%7B%22silo_id%22%3A%2219%22%7D%2C%22ytMaxFileSize%22%3A6%2C%22ytRecWidth%22%3A2560%2C%22ytRecHeight%22%3A1440%7D)%2C(%22photos%22)%2C(%22photos%22%2C%22Gallery%22%2C%7B%22type%22%3A%22ytbanner%22%7D))&rpcService=rs0qrtuk9qwl&rpctoken=j1n8hy7wjm81': 'ALLOW-FROM https://www.youtube.com' is not a recognized directive. The header will be ignored.
videos?disable_polymer=true:1 Access to XMLHttpRequest at 'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
@mikedotexe
Copy link

@mikedotexe mikedotexe commented Dec 4, 2019

I just saw there's a label for this. Note to admins we can probably slap the label: workaround/allow-all-cookies onto this issue.
Label link:
https://github.com/brave/brave-browser/labels/workaround%2Fallow-all-cookies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Web Compatibility
  
P3 backlog
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.