GDPR dialogs have to accepted on Sanoma Corporation sites (issues with embedded content)

[peace2000]

List the website(s) you're having issues:

aamulehti.fi
etlehti.fi
gloria.fi
hs.fi
hyvaterveys.fi
is.fi
jamsanseutu.fi
janakkalansanomat.fi
kankaanpaanseutu.fi
kmvlehti.fi
kodinkuvalehti.fi
merikarvialehti.fi
nokianuutiset.fi
rakennuslehti.fi
rannikkoseutu.fi
satakunnankansa.fi
soppa365.fi
suurkeuruu.fi
sydansatakunta.fi
tiede.fi
tyrvaansanomat.fi
valkeakoskensanomat.fi
vauva.fi

Some sample links:

https://www.is.fi/politiikka/art-2000008974427.html
https://www.hs.fi/ulkomaat/art-2000008983457.html
https://www.jamsanseutu.fi/uutiset/art-2000008830345.html
https://www.aamulehti.fi/ulkomaat/art-2000008983458.html
https://www.vauva.fi/comment/42579908#comment-42579908
https://www.tiede.fi/artikkeli/uutiset/halvaantunut-pystyi-kirjoittamaan-ajatuksen-voimalla

What happens?

GDPR dialog can't be blocked without causing issues with embedded content. It must be allowed.

List Subscriptions you're using:

Easylist Cookie

Your settings

• OS/version: Win 10
• Browser/version: Firefox 103.0.1
• Adblock Extension/version: uBO 1.43.1b10

Other details:

Issues are caused by this rule:

||sp-prod.net^$third-party,domain=~11freunde.de|~autobild.de|~bike-bild.de|~bild.de|~bitcoinmagazine.com|~boerse-online.de|~bold.dk|~businessinsider.de|~businessinsider.fr|~bz-berlin.de|~caramia.de|~clever-tanken.de|~computerbild.de|~dengarden.com|~djbooth.net|~edelblech.de|~f4wonline.com|~fashionista.com|~faz.net|~finanzen.at|~finanzen.ch|~finanzen.net|~fitbook.de|~gentside.com|~gofeminin.de|~hobbylark.com|~holidappy.com|~hubpages.com|~idealo.at|~idealo.co.uk|~idealo.de|~idealo.es|~idealo.fr|~idealo.it|~immonet.de|~insider.com|~kombi.de|~levelskip.com|~maxisciences.com|~meinestadt.de|~metal-hammer.de|~mixedmartialarts.com|~mtonews.com|~musikexpress.de|~myhomebook.de|~n24.de|~noizz.de|~onmeda.de|~owlcation.com|~pairedlife.com|~politico.eu|~psmag.com|~reelrundown.com|~rollingstone.de|~spinditty.com|~sportbild.de|~stylebook.de|~t3n.de|~techbook.de|~testbild.de|~thestreet.com|~toughnickel.com|~transfermarkt.at|~transfermarkt.ch|~transfermarkt.co.uk|~transfermarkt.com|~transfermarkt.com.tr|~transfermarkt.de|~transfermarkt.fr|~transfermarkt.it|~transfermarkt.nl|~transfermarkt.pl|~transfermarkt.pt|~transfermarkt.us|~travelbook.de|~turbofuture.com|~tvspielfilm.de|~vip.de|~welt.de|~wieistmeineip.at|~wieistmeineip.ch|~wieistmeineip.de|~writersdigest.com|~zuio.tv

But frankly, shouldn't that rule be removed instead and use ||sp-prod.net^$third-party only as a specific rule? A blocking rule shouldn't cause issues with that many domains...

[Nojuuu]

https://pelikone.fi/ also now needs cookies to play any game.

[peace2000]

Later, I'm going to make selective blocking rules for uBO on these sites but I'm still working on with that. (Only hide GDPR dialog if the page doesn't have embedded stuff).

But anyway, GDPR requests must be allowed on these pages and dialogs must be dealt with by using cosmetic filters (and +js, :style).

[peace2000]

https://pelikone.fi/ also now needs cookies to play any game.

Lol, even with games... :D But yeah, seems so: https://pelikone.fi/pelit/urheilupelit/Pool-8-Ball-Mania/18174

That is Sanoma owned site also... affected by ||sp-prod.net^$third-party also.

[ryanbr]

How about this. we remove sp-prod.net and replace it with: (Care of Adguard)

/wrapperMessagingWithoutDetection.js$script,domain=lovelybooks.de|hannover.de|visit-hannover.com|wetteronline.de|autozeitung.de|sportbible.com|vox.de|essen-und-trinken.de|jameda.de|gutefrage.net|planetiphone.de|computerfrage.net|helpster.de|heise.de|dpd.com|dpd.de|duden.de|sky.de|sky.com|cardscout.de|meineorte.com|tecchannel.de|itpro.co.uk|tvnow.at|tvnow.de|netdoktor.de|computerwoche.de|the-sun.com|thescottishsun.co.uk|thesun.co.uk|thesun.ie|handelsblatt.com|macwelt.de|lancashiretelegraph.co.uk|idealo.de|myhomebook.de|travelbook.de|4players.de|n-page.de|planet3ds.de|planetds.de|planetgameboy.de|planetswitch.de|planetvita.de|playstationportable.de|portablegaming.de|denofgeek.com|classicfm.com|globalplayer.com|radio.pl|politico.eu|expertreviews.co.uk|radio.net|rtlplus.de|rtl-passion.de|geo-television.de|gruenderkueche.de|techstage.de|praxisvita.de|neuepresse.de|ln-online.de|kn-online.de|nnn.de|geo.de|leserreisen.mz-web.de|kuechengoetter.de|cio.de|cio.com|tv14.de|nitro-tv.de|elektroauto-news.net|channelpartner.de|nowtv.it|macworld.com|radio.de|svz.de|axelspringer.com|businessinsider.es|sueddeutsche.de|livingathome.de|jetzt.de|leonberger-kreiszeitung.de|finanzfrage.netpperMessagingWithoutDetection.js$script,domain=lovelybooks.de|hannover.de|visit-hannover.com|wetteronline.de|autozeitung.de|sportbible.com|vox.de|essen-und-trinken.de|jameda.de|gutefrage.net|planetiphone.de|computerfrage.net|helpster.de|heise.de|dpd.com|dpd.de|duden.de|sky.de|sky.com|cardscout.de|meineorte.com|tecchannel.de|itpro.co.uk|tvnow.at|tvnow.de|netdoktor.de|computerwoche.de|the-sun.com|thescottishsun.co.uk|thesun.co.uk|thesun.ie|handelsblatt.com|macwelt.de|lancashiretelegraph.co.uk|idealo.de|myhomebook.de|travelbook.de|4players.de|n-page.de|planet3ds.de|planetds.de|planetgameboy.de|planetswitch.de|planetvita.de|playstationportable.de|portablegaming.de|denofgeek.com|classicfm.com|globalplayer.com|radio.pl|politico.eu|expertreviews.co.uk|radio.net|rtlplus.de|rtl-passion.de|geo-television.de|gruenderkueche.de|techstage.de|praxisvita.de|neuepresse.de|ln-online.de|kn-online.de|nnn.de|geo.de|leserreisen.mz-web.de|kuechengoetter.de|cio.de|cio.com|tv14.de|nitro-tv.de|elektroauto-news.net|channelpartner.de|nowtv.it|macworld.com|radio.de|svz.de|axelspringer.com|businessinsider.es|sueddeutsche.de|livingathome.de|jetzt.de|leonberger-kreiszeitung.de|finanzfrage.net

[peace2000]

EDIT; check my latest message, not this.

I would not completely remove sp-prod.net as there still could be cname GDPR requests to that address.

This picture is from is.fi, after whitelisting only wrapperMessagingWithoutDetection.js

There are still other connections to that address. Concerning these Sanoma Corporation domains, that connection is required of course (can't be blocked), but if it's ok for the page to block the dialog, blocking just wrapperMessagingWithoutDetection.js might not be enough. Also need to block connections to sp-prod.net in these cases.

[Nojuuu]

Yeah, imo there should be filter for blocking all requests if the site has no issues.

[peace2000]

No wait, I think I was wrong after all.

When I just disabled ||sp-prod.net without making a whitelist rule, blocking wrapperMessagingWithoutDetection.js on is.fi doesn't leave any connections to sp-prod.net after all. So I think that it's ok remove sp-prod.net. Let's go with the suggestion by ryanbr.

[peace2000]

Related: #12822