Privacy/Docs/How To Triage ETP-Strict Website Breakage: Difference between revisions
(→Putting diagnosis into bug: put about:url-classifier in code box) |
(highlight urlclassifier.trackingSkipURLs and make prefs selectable via one click) |
||
| Line 25: | Line 25: | ||
== <code>about:config</code>== | == <code>about:config</code>== | ||
Usually exceptions can be set via <code>urlclassifier.trackingSkipURLs</code>. However, sometimes the tracker is on other lists as well. Use <code>about:url-classifier</code> to see which exception list you need to put the tracking URL and enter the domain in one of these lists: | Usually exceptions can be set via <span style="user-select: all;"><code>urlclassifier.trackingSkipURLs</code></span>'''. However, sometimes the tracker is on other lists as well. Use <code>about:url-classifier</code> to see which exception list you need to put the tracking URL and enter the domain in one of these lists: | ||
* <code>urlclassifier.features.cryptomining.skipURLs</code> | * '''<span style="user-select: all;"><code>urlclassifier.trackingSkipURLs</code></span>''' | ||
* <code>urlclassifier.features.emailtracking.skipURLs</code> | * <span style="user-select: all;"><code>urlclassifier.features.cryptomining.skipURLs</code></span> | ||
* <code>urlclassifier.features.fingerprinting.skipURLs</code> | * <span style="user-select: all;"><code>urlclassifier.features.emailtracking.skipURLs</code></span> | ||
* <code>urlclassifier.features.socialtracking.skipURLs</code> | * <span style="user-select: all;"><code>urlclassifier.features.fingerprinting.skipURLs</code></span> | ||
* <span style="user-select: all;"><code>urlclassifier.features.socialtracking.skipURLs</code></span> | |||
The content of the config variable needs to be a list of domains including subdomains: Example: <code>*://*.example.com/*,*://example.com/*,*://sub.example.net/*</code> | The content of the config variable needs to be a list of domains including subdomains: Example: <code>*://*.example.com/*,*://example.com/*,*://sub.example.net/*</code> | ||
Revision as of 21:00, 13 October 2025
Steps on how to triage Web Compatibility :: Privacy: Site Reports bugs.
Triage tools:
Triage helper Addon: Site Issue Triage (on Github)
Triage Quick Links
- Review, triage and set owner for Top 100 Breakage Bugs
- Go to webcompat-priority dashboard
- Review Prioritized Core Bugs
- Enter privacy
- Review needs-diagnosis:privacy queue
- Triage incoming un-triaged bugs
Classification:
- Needs list of trackers blocked
- Needs allow list category (Assign categories following ETP Exception Classification Criteria)
- Ready to be added to RemoteSettings (Before adding to RS verify that unblocking the trackers actually fixes the issue)
about:config
Usually exceptions can be set via urlclassifier.trackingSkipURLs. However, sometimes the tracker is on other lists as well. Use about:url-classifier to see which exception list you need to put the tracking URL and enter the domain in one of these lists:
urlclassifier.trackingSkipURLsurlclassifier.features.cryptomining.skipURLsurlclassifier.features.emailtracking.skipURLsurlclassifier.features.fingerprinting.skipURLsurlclassifier.features.socialtracking.skipURLs
The content of the config variable needs to be a list of domains including subdomains: Example: *://*.example.com/*,*://example.com/*,*://sub.example.net/*
Identifying blocked URLs
Identifying the blocked URLs that cause the website to break. In ETP Strict and Private Browsing Mode, multiple third-party tracker resources may be blocked, as the URLClassifier classifies them. However, not every blocked domain could cause the website to break. We need to identify the exact blocked domains that are causing problems for the site.
First, we can use the following tools to know which domains are currently blocked.
- The network monitor panel in DevTools. Sort all network requests by transferred to see all blocked URLs.
- The protection panel, which can be opened by clicking the shield icon on the URL bar. Finding all blocked domains on the subpanel of the blocked tracking content.
Second, we use the skipURLs prefs to unblock and verify domains that cause the website to break.
Putting diagnosis into bug
After we identify the blocked URLs that cause the website to break, the diagnosis info needs to be updated in the bugs. Therefore, we can use this information to deploy Webcompat exceptions to resolve the issue. Following the steps to put the diagnosis into the bug.
- Add the whiteboard tag
[privacy-team:diagnosed]to make the bug as diagnosed. - Depending on the WebCompat Classification Criteria to add either
[exception-baseline]or[exception-convenience]to the whiteboard. - Add necessary URLs to unblock into the User Story as the format
trackers-blocked:xyz.com,*.abc.com. - Add classifier features into the User Story as the format
classifier-features:tracking-protection,emailtracking-protection,socialtracking-protection,fingerprinting-protectionto indicate which features to unblock. Seeabout:url-classifierfor available lists. Usually it isclassifier-features:tracking-protection
Test different cookie modes
- Check whether the bug is caused by TCP (Total Cookie Protection): By setting
network.cookie.cookieBehaviorto4 - Check whether it is caused by the soon-to-be-deprecated tracker-cookie-blocking:
network.cookie.cookieBehavior.trackerCookieBlockingtofalse.network.cookie.cookieBehaviorhas to be5
Shims breaking websites
Sometimes shims can cause breakage for websites. Go to the "Console" tab of devtools to see which shims are applied to a website. A yellow message such as Google Publisher Tags is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1713685 for details. gets displayed.
Go to `about:compat` and disable all applied shims to see whether that unbreaks the website. Look whether there is a bug blocking Bug 1944600 already open. Otherwise open one yourself with Bug 1944600 as blocking bug and set your breakage bug as depending.
Running clear profiles
Normal
./mach mozregression --launch $(date -d yesterday +%Y-%m-%d) --pref devtools.anti-tracking.enabled:true
With ETP-Strict:
./mach mozregression --launch $(date -d yesterday +%Y-%m-%d) --pref devtools.anti-tracking.enabled:true --pref browser.contentblocking.category:strict
Blocking the correct meta bug
Block the correct meta bug or Bug 1101005 when no meta bug for the breakage exist. There is no hard rule, but when there are 3+ bugs with the same cause it is worth considering opening a meta bug for it. All meta bugs should block bug 1960641 (tp-breakage-metas).
If the bug was caused by tracking protection, you should make sure the bug has the keyword webcompat:tracker-blocking.
List with rough size of meta available under Privacy/Triage/Tp-Breakage
Meta bugs for breakage due to tracking protection with resource blocking:
31 Total; 31 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Meta bugs for breakge of other causes:
| ID | Summary | Alias | Cc count |
|---|---|---|---|
| 1480137 | [meta] breakage bug for tracking cookie restrictions | etp-breakage | 15 |
| 1602922 | [meta] Breakage bugs of Dynamic First Party Isolation | dfpi-breakage | 15 |
| 1657930 | [meta] - Strict ETP Facebook login breakage (that our shimming should in theory fix) | No alias | 5 |
| 1669486 | [Meta] Web compatibility issues caused by ETP Level 2 | etp-level-2-webcompat | 4 |
| 1834329 | [meta] Breakage from Fingerprinting Protection | No alias | 2 |
| 1917788 | [meta] Third-party cookie deprecation breakage | 3pcd-breakage | 5 |
| 1957426 | [meta] Canvas Noise Breakage | canvas-noise-breakage | 2 |
| 1972297 | [meta] Website breakage due to sending Global Privacy Control Header "Sec-GPC: 1" | tp-breakage-gpc | No cc_count |
8 Total; 8 Open (100%); 0 Resolved (0%); 0 Verified (0%);