privacybadger
privacybadger copied to clipboard
EFForg
PrivacyBadger breaks logging in to blogger
What is your browser and browser version?
Chrome x64, v75.0.3770.100.
What is broken and where?
Attempting to log in to a personal Google blogspot, will redirect you to the logged in page, however; you aren't actually logged in. Moving the slider to Green (it is Yellow by default) will resolve the issue.
What is the "culprit" domain?
Logging in to *.blogspot.com, the culprit domain is *.blogger.com.
What is your debug output for this domain?
**** ACTION_MAP for blogger.com
VM130:5 accounts.blogger.com {
"dnt": false,
"heuristicAction": "cookieblock",
"nextUpdateTime": 1559093813394,
"userAction": ""
}
VM130:5 blogger.com {
"dnt": false,
"heuristicAction": "cookieblock",
"nextUpdateTime": 0,
"userAction": ""
}
VM130:5 draft.blogger.com {
"dnt": false,
"heuristicAction": "",
"nextUpdateTime": 0,
"userAction": "user_allow"
}
VM130:5 www.blogger.com {
"dnt": false,
"heuristicAction": "cookieblock",
"nextUpdateTime": 1547901093413,
"userAction": ""
}
Thank you!
Hello, thank you for the report, and apologies for not replying earlier!
Cookie-blocking blogger.com resources on blogspot.com domains seems to break functionality such as logging in and commenting.
What makes this tricky is that blogspot.com (and the various country code domains) is on the public suffix list as it is a hosting provider. This means we can't (and shouldn't?) tell Privacy Badger to treat all of blogspot.com as first party to blogger.com, not without changing our core logic anyway.
Edit: Although Firefox/Disconnect did exactly that: https://github.com/disconnectme/disconnect-tracking-protection/commit/e363db5b78752e7a2861bf5d9a931ef539f018f6
This appears to be a scenario where (similarly to #137) we need a new approach as no existing workarounds apply.
