Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interference with the Pointless Chrome Extension #1955

Open
FelicianoTech opened this issue Apr 10, 2018 · 8 comments
Open

Interference with the Pointless Chrome Extension #1955

FelicianoTech opened this issue Apr 10, 2018 · 8 comments
Labels
broken extension DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy login cookies A sub-category of "broken site" issues; might be common enough for us to try to work around entirely

Comments

@FelicianoTech
Copy link

I have a Chrome extension called Pointless (Chrome Store/GitHub) that adds features to GitHub.com (and soon BitBucket) that would help CircleCI users.

It looks like Privacy Badger is blocking the extension from working correctly. Any suggestions on what can be done on either end to get both extensions working together nicely?
@ghostwords
Copy link
Member

I'm guessing Privacy Badger learns to block some (CircleCI?) domains (on GitHub pages) that are required for Pointless to function. Could you see if you can find any relevant domains under the Tracking Domains tab on Privacy Badger's options page? Does unblocking them fix the issues?
@drazisil
Copy link

drazisil commented Apr 10, 2018
edited
Loading

Hi @ghostwords ,

It's actually the circleci.com domain itself.

image

What I believe is the issue, is the Chrome Extension reading data from the GitHub pages and then sending that info in an API call back to CircleCI with an auth token (which probably looks like a tracking id) that is upsetting Privacy Badger

ETA: Unblocking the domain fixes the issue.
@ghostwords
Copy link
Member

OK, thanks for letting us know of a workaround!

I am not yet sure what Privacy Badger can do to avoid this sort of conflict (see also: #1868 (comment) and broken app-labeled issues in general). We could perhaps reuse the yellowlist, or maintain a separate list of known extension-related domains.
@drazisil
Copy link

@ghostwords what would be required to move circleci.com from red to cookies-only as a default?
@ghostwords
Copy link
Member

Does "cookieblocking" circleci.com permit Pointless to fully function?

Also, would CircleCI be open to posting the EFF Do Not Track policy on each of its API domains? If CircleCI is able and willing to abide by the policy's requirements on the affected domains, posting the policy on each domain will tell Privacy Badger to always allow loading of resources from the domain.
@ghostwords ghostwords added the DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy label Apr 11, 2018
@drazisil
Copy link

@ghostwords It does not, I assumed incorrectly.

Regarding the DNT policy, I'm going to defer that to @FelicianoTech to investigate.
@FelicianoTech
Copy link
Author

Also, would CircleCI be open to posting the EFF Do Not Track policy on each of its API domains?

I'm not sure what that means nor do I know if I'll be able to make that change myself if that's something that would need to be done within CircleCI's API codebase itself. Like a CircleCI customer, much of the work I end up doing is in implementing the API.
@ghostwords
Copy link
Member

Yeah, this is a question for CircleCI staff.
@ghostwords ghostwords added the login cookies A sub-category of "broken site" issues; might be common enough for us to try to work around entirely label Apr 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
broken extension DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy login cookies A sub-category of "broken site" issues; might be common enough for us to try to work around entirely
3 participants
@drazisil @ghostwords @FelicianoTech