| Summary: | "Advanced privacy protection" should not be blocked on first-party sites. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | sbdok6kgic |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW --- | ||
| Severity: | Normal | CC: | bfulgham, charliew, webkit-bug-importer, wenson_hsieh, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 17 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
|
Description
sbdok6kgic
2023-06-12 21:54:07 PDT
Hi! Could you explain what is blocked, please? Is it a subresource request? If so, does the subresource request start out as first party but CNAME-mapped to a third party? Thanks! Hi! Thanks for your comment. Here are some examples I found. Blocked connection https://go.adjust.com/l/597731/2018-11-20/n95w8v?theme=dark&locale=ja&Last_Thank_You_Redirect_URL=https://www.adjust.com/ja/thank-you/demo-requests/ in displaying https://www.adjust.com/ja/request-a-demo/see-adjust/ Blocked connection https://www.instagram.com/logging/falco in displaying https://www.instagram.com/ Blocked connection https://b92.yahoo.co.jp/js/s_retargeting.js in displaying https://store.shopping.yahoo.co.jp/lifedrinkcompany/zaosoda-500-48.html?sc_i=shp_pc_search_itemlist_shsrg_img Blocked connection https://adservice.google.co.jp/adsid/google/ui in displaying https://www.google.co.jp/ Blocked connection https://aax-fe.amazon.co.jp/x/px/RP_zK1e5cfJbbmIz-Xn7DDsAAAGIt-9iFAcAAAIAAQBvbm9fdHhuX2JpZDEgICBvbm9fdHhuX2ltcDEgICBLHAqZ/atf/%7B%22atf%22:false,%22ape_al%22:true%7D in displaying https://www.amazon.co.jp Thanks for the information! I think that in the case of https://www.instagram.com/logging/falco, we should definitely not be blocking that, since it's a proper first party — do you happen to have an example instagram page where you're seeing that? (I tried going to a couple instagram pages in private browsing in Safari 17 on Sonoma, but didn't observe that connection being blocked). With regards to the others: • go.adjust.com is a CNAME alias for pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com • b92.yahoo.co.jp is a CNAME alias for edge.g.yimg.jp (this one is perhaps a bit unfortunate since yahoo.co.jp and yimg.jp are first parties in practice, but we don't have an explicit exception for that). • adservice.google.co.jp is a CNAME alias for pagead46.l.doubleclick.net • aax-fe.amazon.co.jp is a CNAME alias for aax-fe.amazon-adsystem.com (In reply to sbdok6kgic from comment #2) > Hi! Thanks for your comment. > Here are some examples I found. > > Blocked connection > https://go.adjust.com/l/597731/2018-11-20/ > n95w8v?theme=dark&locale=ja&Last_Thank_You_Redirect_URL=https://www.adjust. > com/ja/thank-you/demo-requests/ > in displaying https://www.adjust.com/ja/request-a-demo/see-adjust/ > > > Blocked connection > https://www.instagram.com/logging/falco > in displaying https://www.instagram.com/ > > > Blocked connection > https://b92.yahoo.co.jp/js/s_retargeting.js > in displaying > https://store.shopping.yahoo.co.jp/lifedrinkcompany/zaosoda-500-48. > html?sc_i=shp_pc_search_itemlist_shsrg_img > > > Blocked connection > https://adservice.google.co.jp/adsid/google/ui > in displaying https://www.google.co.jp/ > > > Blocked connection > https://aax-fe.amazon.co.jp/x/px/RP_zK1e5cfJbbmIz-Xn7DDsAAAGIt- > 9iFAcAAAIAAQBvbm9fdHhuX2JpZDEgICBvbm9fdHhuX2ltcDEgICBLHAqZ/atf/%7B%22atf%22: > false,%22ape_al%22:true%7D > in displaying https://www.amazon.co.jp Thank you for your investigation.
> https://www.instagram.com/logging/falco
I can reproduce this on my device when I view the home page without logging in.
|