Privacy/Docs/How To Triage ETP-Strict Website Breakage

From MozillaWiki
< Privacy‎ | Docs
Revision as of 16:37, 16 July 2025 by Manuel Bucher (talk | contribs) (Remove section about service workers due to them being supported since Fx140 (current stable release))
Jump to navigation Jump to search

Steps on how to triage Web Compatibility :: Privacy: Site Reports bugs.

Triage tools:

Triage helper Addon: Site Issue Triage (on Github)

about:config

Usually exceptions can be set via urlclassifier.trackingSkipURLs. However, sometimes the tracker is on other lists as well. Use about:url-classifier to see which exception list you need to put the tracking URL and enter the domain in one of these lists:

  • urlclassifier.features.cryptomining.skipURLs
  • urlclassifier.features.emailtracking.datacollection.skipURLs
  • urlclassifier.features.emailtracking.skipURLs
  • urlclassifier.features.fingerprinting.skipURLs
  • urlclassifier.features.socialtracking.skipURLs
  • urlclassifier.trackingSkipURLs

The content of the config variable needs to be a list of domains including subdomains: Example: *://*.example.com/*,*://example.com/*,*://sub.example.net/*

Identifying blocked URLs

Go to networking tab in devtools and sort by transferred to see all blocked URLs. In theory setting MOZ_LOG=nsChannelClassifier:5 also outputs information about classified URLs.

Putting diagnosis into bug

Marking a bug as diagnosed: [privacy-team:diagnosed] in whiteboard (when identified the root cause, usually meaning list of necessary urls to unblock identified and put into the User story as trackers-blocked:xyz.com,*.abc.com). Also, you should add either [exception-baseline] or [exception-convenience] to the whiteboard, depending on if it is critical for the site to function.

Test different cookie modes

  • Check whether the bug is caused by TCP (Total Cookie Protection): By setting network.cookie.cookieBehavior to 4
  • Check whether it is caused by the soon-to-be-deprecated tracker-cookie-blocking: network.cookie.cookieBehavior.trackerCookieBlocking to false. network.cookie.cookieBehavior has to be 5

Shims breaking websites

Sometimes shims can cause breakage for websites. Go to the "Console" tab of devtools to see which shims are applied to a website. A yellow message such as Google Publisher Tags is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1713685 for details. gets displayed.

Go to `about:compat` and disable all applied shims to see whether that unbreaks the website. Look whether there is a bug blocking Bug 1944600 already open. Otherwise open one yourself with Bug 1944600 as blocking bug and set your breakage bug as depending.

Running clear profiles

Normal 

./mach mozregression --launch $(date -d yesterday +%Y-%m-%d) --pref urlclassifier.trackingSkipURLs:

With ETP-Strict: 

./mach mozregression --launch $(date -d yesterday +%Y-%m-%d) --pref browser.contentblocking.category:strict --pref urlclassifier.trackingSkipURLs:

Blocking the correct meta bug

Block the correct meta bug or Bug 1101005 when no meta bug for the breakage exist. There is no hard rule, but when there are 3+ bugs with the same cause it is worth considering opening a meta bug for it. All meta bugs should block bug 1960641 (tp-breakage-metas).

If the bug was caused by tracking protection, you should make sure the bug has the keyword webcompat:tracker-blocking.

List with rough size of meta available under Privacy/Triage/Tp-Breakage

Meta bugs for breakage due to tracking protection with resource blocking:

Full Query
ID Summary Alias Cc count
1101005 [meta] ETP Strict mode or Private Browsing mode tracking protection breakage tp-breakage 30
1400025 [meta] Tracking Protection breaks embedded videos tp-breakage-video 9
1470298 [meta] Tracking Protection breaks login tplogin 11
1470301 [meta] Tracking Protection breaks images tpimages 6
1527013 [meta] Fingerprinting blocking breakage bugs fp-blocking-breakage 10
1627322 [meta] Tracking Protection breaks sites relying on Facebook resources tp-facebook 6
1628148 [meta] Tracking Protection breaks storefronts using Digital River tp-digital-river 2
1628154 [meta] Tracking Protection breakage related to Google ad services tp-googleads 2
1628157 [meta] Tracking Protection breakage related to blocked Reddit resources tp-reddit 2
1628161 [meta] Tracking Protection breaks sites relying on Mailchimp resources tp-mailchimp 4
1628170 [meta] Tracking Protection breakage related to Google Analytics tp-googleanalytics 3
1628176 [meta] Tracking Protection breaks sites relying on Twitter resources tp-twitter 6
1631091 [meta] Tracking Protection breaks sites relying on Instagram resources tp-instagram 4
1707917 [meta] Issues with Amazon web services in Strict ETP/Private Browsing tp-amazon 2
1707939 [meta] Resources hosted on userapi.com are blocked by ETP strict/private browsing. tp-userapi 3
1731356 [meta] Sites relying on resources hosted on io.vtex.com.br are broken in strict/private mode tp-io.vtex.com.br 10
1773110 [meta] Private browsing mode breakage which seems to be due to missing web APIs tp-pbm-missing-api-breakage 7
1773111 [meta] Breakage which seems related to iOS/ITP antitracking tp-ios 3
1797458 [meta] Email Tracking Breakage email-tp-breakage 5
1859553 [meta] Breakages of blocking content trackers tp-breakage-content 7
1862274 [meta] Tracking geetest.com fingerprinting blocking breakages geetest.com-fp-protection-breakage 5
1874647 [meta] ETP breakage for webpages part of the "Sinclair Broadcast Group" tp-breakage-sinclair 3
1875061 [meta] ETP breakage for webpages that have Disqus comment section tp-breakage-disqus 12
1899334 [meta] Breakage bugs for cookie management providers due to tracking protection tp-breakage-cmp 4
1909492 [meta] Firefox in private mode blocks scripts from *.ondemand.com (ETP) No alias 4
1931743 [meta] Facebook games breakage bugs tp-breakage-fb-games 1
1934762 [meta] Captcha breakage tp-breakage-captcha 1
1935385 [meta] ETP-Strict breakage with root cause of blocking OneTrust cookie library tp-breakage-onetrust 2
1944600 [meta] Tracking Protection shims break websites tp-breakage-shim No cc_count
1959711 [meta] Login via Google broken in ETP-Strict for some sites or ETP Standard in private browsing tp-breakage-login-via-google 1
1985994 [meta] SmartBlock Opt-in listings breakage tp-smartblock-breakage No cc_count

31 Total; 31 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Meta bugs for breakge of other causes:

Full Query
ID Summary Alias Cc count
1480137 [meta] breakage bug for tracking cookie restrictions etp-breakage 15
1602922 [meta] Breakage bugs of Dynamic First Party Isolation dfpi-breakage 15
1657930 [meta] - Strict ETP Facebook login breakage (that our shimming should in theory fix) No alias 5
1669486 [Meta] Web compatibility issues caused by ETP Level 2 etp-level-2-webcompat 4
1834329 [meta] Breakage from Fingerprinting Protection No alias 2
1917788 [meta] Third-party cookie deprecation breakage 3pcd-breakage 5
1957426 [meta] Canvas Noise Breakage canvas-noise-breakage 2
1972297 [meta] Website breakage due to sending Global Privacy Control Header "Sec-GPC: 1" tp-breakage-gpc No cc_count

8 Total; 8 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Docs

Retrieved from "https://wiki.mozilla.org/index.php?title=Privacy/Docs/How_To_Triage_ETP-Strict_Website_Breakage&oldid=1254602"