Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Whitelist twitter images in tracking protection
Browse files Browse the repository at this point in the history 
For https://sideway.com/ to work

Auditors: @bbondy
  • Loading branch information
@diracdeltas
diracdeltas committed May 21, 2016
1 parent 69a0284 commit 4c30cd0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/trackingProtection.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ let trackingProtection
let cachedFirstParty = new LRUCache(50)

// Temporary whitelist until we find a better solution
const whitelistHosts = ['connect.facebook.net', 'connect.facebook.com', 'staticxx.facebook.com', 'www.facebook.com', 'scontent.xx.fbcdn.net']
const whitelistHosts = ['connect.facebook.net', 'connect.facebook.com', 'staticxx.facebook.com', 'www.facebook.com', 'scontent.xx.fbcdn.net', 'pbs.twimg.com']

const startTrackingProtection = (wnd) => {
Filtering.registerBeforeRequestFilteringCB((details) => {
Expand Down

9 comments on commit 4c30cd0

@bbondy
Copy link
Member

@bbondy bbondy commented on 4c30cd0 May 21, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we want it everywhere right? ok.

@bbondy
Copy link
Member

@bbondy bbondy commented on 4c30cd0 May 21, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SergeyZhukovsky @garvankeeley you might want to sync to this list to skip to avoid known site problems.

@garvankeeley
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok https://github.com/brave/browser-ios/issues/228

@luixxiul
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if it was safe to add it and the others to the whitelist. Wouldn't it be better to set up a mode like "Block Completely All" to exclude them too for the privacy oriented users?

@diracdeltas
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luixxiul agree, we should eventually have a pref for people to pick how strict they want blocking to be

@BrendanEich
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

img-only attacks have happened, e.g. Stegosploit, so a pref is good. I've been meaning to raise the idea of a pref for blocking all images (requiring click to display, as Firefox used to have). We could have site-specific enabling against a backdrop of default disabling, even. @diracdeltas, WDYT?

For now, pbs.twimg.com seems safe enough in Brave, since we block third party cookies and moreover any that might be set from twimg.com.

/be

@luixxiul
Copy link
Contributor

@luixxiul luixxiul commented on 4c30cd0 May 22, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found it's been worked on #880.

@BrendanEich
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks -- I will file a separate issue on img blocking prefs/options.

/be

@luixxiul
Copy link
Contributor

@luixxiul luixxiul commented on 4c30cd0 May 22, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#624 can be closed by adding static-zend.pantherssl.com to the const, which I confirmed. Is it too much? How do you guys think?

Please sign in to comment.