Skip to content

/ ghostery-extension

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ghostery breaks onBeforeRequest redirects made by other extensions #44

Closed
lidel opened this issue Apr 22, 2018 · 2 comments
Closed

Ghostery breaks onBeforeRequest redirects made by other extensions #44

lidel opened this issue Apr 22, 2018 · 2 comments
Assignees
@christophertino
Labels
Type: Bug

Comments

@lidel
Copy link

@lidel lidel commented Apr 22, 2018
edited

Description

IPFS Companion is a browser extension that enables users to detect content-addressed resources on websites and redirect them to a local IPFS2HTTP gateway (localhost or LAN).

It seems that when Ghostery is enabled and user loads a HTTPS website with content-addressed IPFS resources, Ghostery breaks the gateway redirect by forcing HTTPS even if user chose to use a localhost or LAN gateway exposed on HTTP.

More details: ipfs/ipfs-companion#466

Expected Behavior

Ghostery should detect and respect internal redirects (HTTP 307) made by other extensions.

Note that HTTPS Everywhere does not break the same website.

Actual Behavior

Ghostery always upgrades URL of HTTP 307 to HTTPS, breaking IPFS websites:

2018-04-22-021752_877x973_scrot

Steps to Reproduce

  1. Install ipfs-companion and Ghostery
  2. Open Preferences of ipfs-companion
  3. Set up a working "Custom Gateway" to a HTTP port and IP of a go-ipfs node running on your localhost or in LAN.
  4. Open HTTPS website with content-addressed resources, eg. https://d.tube/#!/v/goingforhealthy/go0fyd9m
  5. Open Console, note network errors caused by URLs starting with https:// instead of redirected http:// (like in this screenshot)

Versions

  • IPFS Companion: 2.2.1
  • Browserify: 8.1.2
  • Browser: Chrome and Firefox
@lidel lidel mentioned this issue Apr 22, 2018
Closed
@lidel lidel changed the title Ghostery breaks webRequest.onBeforeRequest made by other extensions Ghostery breaks onBeforeRequest redirects made by other extensions Apr 22, 2018
@christophertino
Copy link
Member

@christophertino christophertino commented Apr 23, 2018

This is most likely coming from Smart Block checking for mixed content. See PolicySmartBlock.js

We had another issue recently where this was breaking SQRL login for the same reason. We need to add a check and allow mixed content from localhost and 127.0.0.1.
@christophertino christophertino self-assigned this Apr 23, 2018
@lidel
Copy link
Author

@lidel lidel commented Apr 23, 2018

Yup, localhost and 127.0.0.1 are safe to whitelist (browsers don't even show a mixed-content warning for 127.0.0.1 eg. Firefox since v55).
christophertino added a commit that referenced this issue Jul 6, 2018
@christophertino
update to localhost check in Smart Block policy. See #44
Loading status checks…
4dd0050
christophertino pushed a commit that referenced this issue Mar 17, 2021
@benstrumeyer @wlycdgr
Onboarding spreadsheet bugs #38 (GH-2259), #44 (GH-2306), and #45 (GH…
Verified
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23 Learn about vigilant mode.
d91b8fc 
…-2305) (#675)

* Expand toggle and select plus plan if user is basic and selects ghostery search

* Make ghostery glow icon bigger in select default search modal

* Move ghostery logo on search option selection container a little to the left

* Remove expansion by default

* Update logo sizes on choose default search view

* Adjust sizing for Yahoo, Startpage, and Bing logos in search selection modals to better match Zeplins

* Increase chance user object is available before choose plan view render. Show expanded view if user picked Glow to match expected UX. Add TODOs so we remember to update AccountReducer to help distinguish between no user present and user not fetched yet

* Factor out option card checkmark item rendering to a helper to reduce duplication.

* Update test snapshots

* Refactor choose plan view plan card feature copy rendering to a helper to reduce duplication

* Factor user status checks in select plan view out to helpers to reduce duplication and bug surface

* Move setting of default plan in plan select view to componentDidMount to avoid using setTimeout to setState in constructor

* Revised setDefaultPlan() logic in ChoosePlanView to make sure everything renders as expected when user is Plus or Premium

Co-authored-by: wlycdgr <ilya.zarembsky@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@christophertino christophertino

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@lidel @christophertino