Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

heise.de #57

Closed
philipp-classen opened this issue Sep 22, 2022 · 3 comments · Fixed by ghostery/common#66
Closed

heise.de #57

philipp-classen opened this issue Sep 22, 2022 · 3 comments · Fixed by ghostery/common#66
Labels
Broken page Never-Consent - broken interaction Never-Consent triggers but does not work Never-Consent - does not trigger autoconset supports the cookie popup but Never-Consent does not trigger

Comments

@philipp-classen
Copy link
Member

philipp-classen commented Sep 22, 2022
edited

On heise.de, there are separated issues:

  • On Manifest V2 (main branch, 381e19be516c277b9069d3b9f8ba6c1fceb31cab), it enters an infinite reload loop
  • On Manifest V3, it doesn't. But a separate problem there is that annoyance lists are loaded, which block https://cmp.heise.de/wrapperMessagingWithoutDetection.js. Thus, the consent dialog is not shown. Would it be shown, it would run in a broken-interaction problem though.

To reproduce:

  • Create a new profile
  • Go to heise.de
  • Let Never Consent operate on all pages
@philipp-classen
Copy link
Member Author

Comment from Dominik that sums it up:

It is not related at all to our initial popup (and reloading page after user’s choice). The issue is related to some “bug” in autoconsent library, which runs in the main frame (it works kind of) and again in the iframe - where it causes reload when tries to opt out. If we cut the iframes from autoconsent (frameId !== 0) then reloading stops.

It does not reload pages on V3 because the autoconsent does not run there. The DNR lists blocks some requests, so the library does not detect CMP at all, so it cannot break there.

@chrmod chrmod mentioned this issue Oct 19, 2022
Open
@chrmod
Copy link
Member

chrmod commented Oct 19, 2022

let's first fix the problem with the fact that on MV2 we don't block the request.

There is an EasyList Cookie rule:

/wrappermessagingwithoutdetection.js$domain=10kysymysta.fi|4players.de|abiristeilyt.fi|ad-alliance.de|akuankka.fi|alypaa.com|auto-motor-und-sport.de|autoexpress.co.uk|automobil-elektronik-kongress.de|autotrader.co.uk|autozeitung.de|axelspringer.com|baby-und-familie.de|badoo.com|bestcheck.de|bitpipe.com|bitpipe.com.br|businessinsider.com|businessinsider.es|camping.info|capital.de|caravaning.de|cardscout.de|cavallo.de|channelpartner.de|chesterstandard.co.uk|chip.de|cio.com|cio.de|classicfm.com|computerfrage.net|computerhoy.com|computerweekly.com|computerwoche.de|computerworld.com|csoonline.com|dailyresearchplot.com|denofgeek.com|dexerto.com|digilehdet.fi|digitalartsonline.co.uk|dpd.com|dpd.de|duden.de|ecomento.de|edpc.eu|eiu.com|elektroauto-news.net|essen-und-trinken.de|expertreviews.co.uk|familie.de|finanzen100.de|finanzfrage.net|flugrevue.de|frag-mutti.de|futisporssi.fi|geo-television.de|geo.de|gladbachlive.de|globalplayer.com|goom.net|gruenderkueche.de|gutefrage.net|handelsblatt.com|hannover.de|heise.de|helpster.de|himosjuhannus.fi|hobbyconsolas.com|hockeygm.fi|idealo.de|iltapulu.fi|iskelma.fi|iskelmafestivaali.fi|itpro.co.uk|jameda.de|jetzt.de|justthenews.com|jysari.fi|kachelmannwetter.com|klamm.de|kn-online.de|krzbb.de|kuechengoetter.de|kuopiorock.fi|lancashiretelegraph.co.uk|leijonaporssi.fi|lemagit.fr|leonberger-kreiszeitung.de|lepoint.fr|leserreisen.mz-web.de|liberation.fr|liigaporssi.fi|livingathome.de|ln-online.de|lovelybooks.de|macwelt.de|macworld.com|mcnmotorcycleshow.com|mediaimpact.de|meine.noz.de|meineorte.com|menshealth.de|morewithvpro.com|mountainbike-magazin.de|muehlacker-tagblatt.de|myhomebook.de|n-page.de|nelonenmedialive.fi|netdoktor.de|netmoms.de|networkworld.com|neuepresse.de|nitro-tv.de|nnn.de|nowtv.it|noz.de|oekotest.de|oskar.de|pclifecyclemanagement.com|pcwelt.de|pcworld.com|phonostar.de|planet3ds.de|planetds.de|planetgameboy.de|planetiphone.de|planetswitch.de|planetvita.de|playpilot.com|playstationportable.de|podplay.com|politico.eu|portablegaming.de|praxisvita.de|pricespy.co.uk|pride.com|prignitzer.de|qz.com|radio.de|radio.net|radio.pl|radiocity.fi|radionova.fi|radioplay.fi|radiopooki.fi|rakennuslehti.fi|reisefrage.net|rheinpfalz.de|rmj.fi|roadbike.de|rockfest.fi|rtl-passion.de|rtlplus.de|rugbydump.com|rugbyonslaught.com|ruutu.fi|sanakirja.org|sanoma.fi|scholieren.com|senioren-ratgeber.de|shz.de|sky.de|speed.io|sportbible.com|startpagina.nl|stern.de|streampicker.de|studyflix.de|stuff.tv|sueddeutsche.de|sueddeutscher-verlag.de|suomipopfestivaali.fi|suomitutka.fi|sv-veranstaltungen.de|svz.de|swmh.de|tahkojuhannus.fi|tammerfest.fi|tecchannel.de|techadvisor.com|techadvisor.fr|techhive.com|techstage.de|techtarget.com|techtarget.de|techtarget.fr|testedich.de|the-sun.com|thepeoplesperson.com|thescottishsun.co.uk|theserverside.com|thesun.co.uk|thesun.ie|toggo.de|travelbook.de|tv14.de|tvnow.at|tvnow.de|vaalikone.fi|visit-hannover.com|vkmag.com|vkz.de|voice.fi|vox.de|wetteronline.de|whats-on-netflix.com|wisden.com|wiwo.de|zvw.de

which should trigger.

@cliqz/adblocker seems to handle it correctly:

((url) => require('@cliqz/adblocker').FiltersEngine.fromLists(require('node-fetch'), require('@cliqz/adblocker').fullLists, { debug: true }).then(filters => console.log(filters.match(require('@cliqz/adblocker').Request.fromRawDetails({ url, type: 'script', sourceUrl: 'https://www.heise.de/' })))))('https://cmp.heise.de/wrapperMessagingWithoutDetection.js')

Promise { <pending> }
> {
  exception: undefined,
  filter: NetworkFilter {
    csp: undefined,
    filter: '/wrappermessagingwithoutdetection.js',
    hostname: undefined,
    mask: 65535,
    domains: Domains {
      entities: undefined,
      hostnames: [Uint32Array],
      notEntities: undefined,
      notHostnames: undefined
    },
    denyallow: undefined,
    redirect: undefined,
    rawLine: '/wrapperMessagingWithoutDetection.js$domain=10kysymysta.fi|4players.de|abiristeilyt.fi|ad-alliance.de|akuankka.fi|alypaa.com|auto-motor-und-sport.de|autoexpress.co.uk|automobil-elektronik-kongress.de|autotrader.co.uk|autozeitung.de|axelspringer.com|baby-und-familie.de|badoo.com|bestcheck.de|bitpipe.com|bitpipe.com.br|businessinsider.com|businessinsider.es|camping.info|capital.de|caravaning.de|cardscout.de|cavallo.de|channelpartner.de|chesterstandard.co.uk|cio.com|cio.de|classicfm.com|computerfrage.net|computerhoy.com|computerweekly.com|computerwoche.de|computerworld.com|csoonline.com|dailyresearchplot.com|denofgeek.com|dexerto.com|digilehdet.fi|digitalartsonline.co.uk|dpd.com|dpd.de|duden.de|ecomento.de|edpc.eu|eiu.com|elektroauto-news.net|essen-und-trinken.de|expertreviews.co.uk|familie.de|finanzen100.de|finanzfrage.net|flugrevue.de|frag-mutti.de|futisporssi.fi|geo-television.de|geo.de|gladbachlive.de|globalplayer.com|goom.net|gruenderkueche.de|gutefrage.net|handelsblatt.com|hannover.de|heise.de|helpster.de|himosjuhannus.fi|hobbyconsolas.com|hockeygm.fi|idealo.de|iltapulu.fi|iskelma.fi|iskelmafestivaali.fi|itpro.co.uk|jameda.de|jetzt.de|justthenews.com|jysari.fi|kachelmannwetter.com|kn-online.de|krzbb.de|kuechengoetter.de|kuopiorock.fi|lancashiretelegraph.co.uk|leijonaporssi.fi|lemagit.fr|leonberger-kreiszeitung.de|lepoint.fr|leserreisen.mz-web.de|liberation.fr|liigaporssi.fi|livingathome.de|ln-online.de|lovelybooks.de|macwelt.de|macworld.com|mcnmotorcycleshow.com|mediaimpact.de|meine.noz.de|meineorte.com|menshealth.de|morewithvpro.com|mountainbike-magazin.de|muehlacker-tagblatt.de|myhomebook.de|n-page.de|nelonenmedialive.fi|netdoktor.de|netmoms.de|networkworld.com|neuepresse.de|nitro-tv.de|nnn.de|nowtv.it|noz.de|oekotest.de|oskar.de|pclifecyclemanagement.com|pcwelt.de|pcworld.com|phonostar.de|planet3ds.de|planetds.de|planetgameboy.de|planetiphone.de|planetswitch.de|planetvita.de|playpilot.com|playstationportable.de|podplay.com|politico.eu|portablegaming.de|praxisvita.de|pricespy.co.uk|pride.com|prignitzer.de|qz.com|radio.de|radio.net|radio.pl|radiocity.fi|radionova.fi|radioplay.fi|radiopooki.fi|rakennuslehti.fi|reisefrage.net|rheinpfalz.de|rmj.fi|roadbike.de|rockfest.fi|rtl-passion.de|rtlplus.de|rugbydump.com|rugbyonslaught.com|ruutu.fi|sanakirja.org|sanoma.fi|scholieren.com|senioren-ratgeber.de|shz.de|sky.de|speed.io|sportbible.com|startpagina.nl|stern.de|streampicker.de|studyflix.de|stuff.tv|sueddeutsche.de|sueddeutscher-verlag.de|suomipopfestivaali.fi|suomitutka.fi|sv-veranstaltungen.de|svz.de|swmh.de|tahkojuhannus.fi|tammerfest.fi|tecchannel.de|techadvisor.com|techadvisor.fr|techhive.com|techstage.de|techtarget.com|techtarget.de|techtarget.fr|testedich.de|the-sun.com|thepeoplesperson.com|thescottishsun.co.uk|theserverside.com|thesun.co.uk|thesun.ie|toggo.de|travelbook.de|tv14.de|tvnow.at|tvnow.de|vaalikone.fi|visit-hannover.com|vkmag.com|vkz.de|voice.fi|vox.de|wetteronline.de|whats-on-netflix.com|wisden.com|wiwo.de|zvw.de',
    id: undefined,
    regex: undefined
  },
  match: true,
  redirect: undefined
}

so question is why ghostery-extension decides to allow it.

chrmod added a commit to ghostery/common that referenced this issue Oct 19, 2022
@chrmod
Adblocker: url matched against engine should be lower cased
e8d41f8 
fix ghostery/broken-page-reports#57

as this is done here https://github.com/ghostery/adblocker/blob/b99780705bde71734be6f768b27baa5cc39ce685/packages/adblocker/src/request.ts#L255
@chrmod chrmod mentioned this issue Oct 19, 2022
Merged
chrmod added a commit to ghostery/common that referenced this issue Oct 20, 2022
@chrmod
Adblocker: url matched against engine should be lower cased (#66)
0b112f8 
fix ghostery/broken-page-reports#57

as this is done here https://github.com/ghostery/adblocker/blob/b99780705bde71734be6f768b27baa5cc39ce685/packages/adblocker/src/request.ts#L255
@philipp-classen
Copy link
Member Author

autoconsent 3.1 now disables heise.de (duckduckgo/autoconsent#35)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Broken page Never-Consent - broken interaction Never-Consent triggers but does not work Never-Consent - does not trigger autoconset supports the cookie popup but Never-Consent does not trigger
Projects
Broken Page Reports
Status: Fixed merged
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adblocker: url matched against engine should be lower cased ghostery/common
2 participants
@chrmod @philipp-classen