Skip to content

/ ghostery-extension

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ghostery is blocking reCAPTCHA v3 API key in Chrome #584

Closed
MarkoSulamagi opened this issue Jul 20, 2020 · 3 comments
Closed

Ghostery is blocking reCAPTCHA v3 API key in Chrome #584

MarkoSulamagi opened this issue Jul 20, 2020 · 3 comments

Comments

@MarkoSulamagi
Copy link

@MarkoSulamagi MarkoSulamagi commented Jul 20, 2020

Description

Ghostery blocks reCAPTCHA v3 API key in Chrome. This only happens with one specific API key and only on my own Chrome browser. This leads me to think there's some kind of learning algorithm in Ghostery and given enough time/traffic the block will appear for other people/API keys eventually as well.

If I change the Site Key then Ghostery won't block it for me anymore.

Expected Behavior

I'd expect reCAPTCHA v3 to work for chrome (regardless if the site is trusted, on default settings, or restricted).

Actual Behavior

Issue is in Chrome (Version 84.0.4147.89 (Official Build) (64-bit)). On my own browser and laptop with specific reCAPTCHA API key (works fine with Chrome on other laptops)

There are different scenarios:

  1. If the site is marked as trusted then the CAPTCHA is allowed (good)
  2. If Ghostery settings are marked as "Restrict Site" then the following API is blocked by ghostery: (bad)
    https://www.google.com/recaptcha/api.js?render=[SITE_KEY]&onload=ng2recaptchaloaded
  3. If Ghostery is on default settings something else weird happens. The initial request to the reCAPTCHA API gets "Internal Redirect" and then Ghostery tries to execute the same request again, but changes the SITE_KEY to word ghostery (and this will obviously fail).

image

Steps to Reproduce

I only see this issue on my own browser's chrome. I haven't been able to replicate it with other API keys, other browsers, or on chrome with another laptop (using the same API key).

I created a fiddle with reCAPTCHA. But I don't know how to replicate the "blocking" scenario in Ghostery (it seems to be specific to my browser and API key combination). https://jsfiddle.net/xnwL8t4a/

Versions

  • Browser: Chrome Version 84.0.4147.89 (Official Build) (64-bit) *
  • OS: Ubuntu 20.04
@christophertino
Copy link
Member

@christophertino christophertino commented Aug 10, 2020

We pushed an Anti-Tracking whitelist update for this issue a little while back. Can you let us know if you're still seeing the API key scrubbed?
@MarkoSulamagi
Copy link
Author

@MarkoSulamagi MarkoSulamagi commented Aug 11, 2020
edited

@christophertino, it seems to be working nicely for me now 👍
Hopefully, the whitelist update fixed it and it wasn't as a result of my browser cache clearing. I'll close the issue and re-open if it should come back.

Thanks :)
@bencmbrook
Copy link

@bencmbrook bencmbrook commented Dec 3, 2020
edited

I'm getting the exact same issue but with recaptcha.net which is Google's alt URL for reCAPTCHA
(https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally)
@bencmbrook bencmbrook mentioned this issue Dec 3, 2020
Open
@e271828- e271828- mentioned this issue Dec 14, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@MarkoSulamagi @christophertino @bencmbrook