Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ghostery blocks braintree javascript SDK from making requests. #149

Closed
rg-3 opened this issue Jul 31, 2018 · 8 comments
Closed

Ghostery blocks braintree javascript SDK from making requests. #149

rg-3 opened this issue Jul 31, 2018 · 8 comments

Comments

@rg-3
Copy link

@rg-3 rg-3 commented Jul 31, 2018

Please read the CONTRIBUTING guide before submitting an issue.

Description

Ghostery blocks requests made to braintree through its client-side javascript SDK.
This prevents a user from completing the checkout flow with Ghostery enabled.

Expected Behavior

I expected that Ghostery would not block a request made to Braintree.

Actual Behavior

Ghostery blocked a request to braintree.

Steps to Reproduce

  1. Go to https://www.privateinternetaccess.com
  2. Open chrome developer console
  3. Click "SIGN UP NOW".
  4. observe the paypal button remain in a loading state forever, and
    the following JS error in the console:
Failed to load https://api.braintreegateway.com/merchants/hgkc8vphzdyxjzsx/client_api/v1/configuration?tokenizationKey=production_wfvvry6v_hgkc8vphzdyxjzsx&_meta%5BmerchantAppId%5D=www.privateinternetaccess.com&_meta%5Bplatform%5D=web&_meta%5BsdkVersion%5D=3.21.0&_meta%5Bsource%5D=client&_meta%5Bintegration%5D=custom&_meta%5BintegrationType%5D=custom&_meta%5BsessionId%5D=42b1e22c-bd28-450f-9371-94c29433235e&braintreeLibraryVersion=braintree%2Fweb%2F3.21.0&configVersion=3: Response for preflight is invalid (redirect)
button.js.erb:61 Error creating client: BraintreeError: Cannot contact the gateway at this time.

Versions

  • Browser: Version 67.0.3396.99 (Official Build) (64-bit)
  • OS: MacOS
@philipp-classen
Copy link
Contributor

@philipp-classen philipp-classen commented Aug 9, 2018

Can you still reproduce? For me, the paypal button opens without errors.

Ghostery 8.2.3 (with all blocking rules enabled)
Chrome 68.0.3440.106
OS: Linux

@rg-3
Copy link
Author

@rg-3 rg-3 commented Aug 10, 2018

@philipp-classen i can no longer reproduce. any clues what might have changed?

@philipp-classen
Copy link
Contributor

@philipp-classen philipp-classen commented Aug 10, 2018

@R-obert Your error message mentioned Response for preflight is invalid (redirect). That indicates it was a CORS problem.

We had a bug on that accidentally stripped origin headers from requests, which are needed for the CORS protocol. That bug was fixed in the last release. Now we will only modify requests from the extension itself, as it was originally intended.

The fix itself came in the updated browser-core dependence.

@Cinamonas
Copy link

@Cinamonas Cinamonas commented Aug 16, 2018

I incorrectly reported it to Braintree: braintree/braintree-web#383

But this is still an issue that I’m experiencing and can be reproduced here: https://developers.braintreepayments.com/guides/drop-in/overview/javascript/v3#demo

For whatever reason, Ghostery intercepts the request and replaces braintree-web with ghostery:

screenshot 2018-08-16 09 33 35

@christophertino
Copy link
Member

@christophertino christophertino commented Aug 16, 2018

Look like it's being removed by Anti-Tracking.

@sammacbeth could you take a look?

@sammacbeth
Copy link
Contributor

@sammacbeth sammacbeth commented Aug 20, 2018

Looks like another false positive. I've whitelisted this one and am working on improving the detection.

@rg-3
Copy link
Author

@rg-3 rg-3 commented Sep 3, 2018

@sammacbeth @christophertino this bug is back, in its original form:

Failed to load https://api.sandbox.braintreegateway.com/merchants/gnmt5b5pn9mcnyw2/client_api/v1/configuration?tokenizationKey=sandbox_cqwnq4cc_gnmt5b5pn9mcnyw2&_meta%5BmerchantAppId%5D=staging-4-77b8e3a311bcb6ec5e96.privateinternetaccess.com&_meta%5Bplatform%5D=web&_meta%5BsdkVersion%5D=3.21.0&_meta%5Bsource%5D=client&_meta%5Bintegration%5D=custom&_meta%5BintegrationType%5D=custom&_meta%5BsessionId%5D=49c3f159-eb36-44db-8f4f-43542c7829c2&braintreeLibraryVersion=braintree%2Fweb%2F3.21.0&configVersion=3: Response for preflight is invalid (redirect)
button.js.erb:84 Error creating client: BraintreeError: Cannot contact the gateway at this time.
@tcz
Copy link

@tcz tcz commented Sep 16, 2018

This is still happening.
Ghostery for Chrome version 8.2.4

URL: https://api.braintreegateway.com/merchants/....

Returns 307 from Ghostery.
Non-Authoritative-Reason: Delegate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants