Skip to content

/ ghostery-extension

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ghostery breaking signed imgix images #369

Open
danieltott opened this issue Apr 3, 2019 · 7 comments
Open

Ghostery breaking signed imgix images #369

danieltott opened this issue Apr 3, 2019 · 7 comments
Assignees
@sammacbeth

Comments

@danieltott
Copy link

@danieltott danieltott commented Apr 3, 2019

Please read the CONTRIBUTING guide before submitting an issue.

Description

Imgix has a GET param called auto that ghostery is changing the value of to auto=ghostery, which breaks the image in our case since we're pre-signing the images.

Example actual image:
https://ralstoninstcms.imgix.net/slideshow/RI-hero-DCAP-PV.jpg?auto=compress%2Cformat%2Cenhance&w=2000&s=0f37d2e8687b2d6199c84fb2077fd238

Ghostery-ed image:
https://ralstoninstcms.imgix.net/slideshow/RI-hero-DCAP-PV.jpg?auto=ghostery&w=2000&s=0f37d2e8687b2d6199c84fb2077fd238

Expected Behavior

Ghostery leaves these images alone.

Actual Behavior

Ghostery rewrites auto GET parameter

Steps to Reproduce

  1. Create pre-signed image on imgix
  2. Load image on site in browser with ghostery enabled

Versions

  • Browser: Chrome 73.0.3683.86
  • OS: MacOS 10.14.3 (18D109)
  • Ghostery 8.3.1

Notably this is not happening on Firefox
@christophertino
Copy link
Member

@christophertino christophertino commented Apr 4, 2019

Looks like an anti-tracking false positive. @sammacbeth can you take a look?
@danieltott
Copy link
Author

@danieltott danieltott commented Apr 4, 2019

OK - looking at this more it appears it's only happening with the images in the /slideshow/ directory. Is that just something that ghostery always blocks? These aren't tracking images or ads, they're just marketing images. But we can probably rename that directory if that's just what it is.
@sammacbeth
Copy link
Contributor

@sammacbeth sammacbeth commented Apr 5, 2019

This is from the anti-tracking module. The value is being rewritten because:

  • The value compress%2Cformat%2Cenhance was not seen by enough users to mark it as safe.
  • The value was used for this domain imgix.net in a third-party context on multiple different sites.

As this value is obviously not a tracking identifier I'd like to debug why we did not whitelist it. Is this value fairly unique? If it is not used very often it may be that too few users saw it for us to mark it as safe.
@danieltott
Copy link
Author

@danieltott danieltott commented Apr 8, 2019

I would guess it'd be fairly unique - the enhance keyword is one we don't even use every time we use imgix.
@homburg
Copy link

@homburg homburg commented May 15, 2019

Seeing this with a custom blend64=... parameter as well
@Haraldson
Copy link

@Haraldson Haraldson commented Mar 31, 2020

Any progress here? Still seeing this behavior regularly—although not with the auto GET parameter, but for imgix hosted images in general.
@christophertino
Copy link
Member

@christophertino christophertino commented Apr 11, 2020

@Haraldson Is the entire image being blocked or are parameters being changed to ghostery?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sammacbeth sammacbeth

Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
@homburg @sammacbeth @Haraldson @danieltott @christophertino