search

EFForg / privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
https://privacybadger.org
Other
3.18k stars 386 forks source link

blocks api.nasa.gov and apod.nasa.gov when those APIs called from ObservableHQ #2251

Closed JustinGOSSES closed 5 years ago

JustinGOSSES commented 5 years ago

Privacy badger blocks api.nasa.gov and apod.nasa.gov when those APIs called from /beta.observablehq.com It does not block them when called directly.

Example: https://beta.observablehq.com/@justingosses/nasa-api-explorer

Any NASA API with nasa.gov ending seems to fail when called from ObservableHQ notebook using a browser on which PrivacyBadger is installed. The APIs do not fail if called via the URL being in the browswer address bar.

What is your browser and browser version? Version 70.0.3538.110 (Official Build) (64-bit)

What is broken and where? Privacy badger blocks api.nasa.gov and apod.nasa.gov when those APIs called from /beta.observablehq.com . It does not block them when called directly.

What is the domain that causes breakage when blocked? What is your debug output for this domain? Privacy badger does not block the urls api.nasa.gov when called directly.

Can you please find a way to whitelist any API call from Observable notebooks that has ending?

Thank you!

The debug output is below: ACTION_MAP for nasa.gov api.nasa.gov { "dnt": false, "heuristicAction": "", "nextUpdateTime": 1545684482806, "userAction": "user_allow" } auth.launchpad.nasa.gov { "dnt": false, "heuristicAction": "allow", "nextUpdateTime": 1545028287698, "userAction": "" } epic.gsfc.nasa.gov { "dnt": false, "heuristicAction": "", "nextUpdateTime": 1545169596526, "userAction": "" } esd.nasa.gov { "dnt": false, "heuristicAction": "block", "nextUpdateTime": 1536405793223, "userAction": "" } mod2.jsc.nasa.gov { "dnt": false, "heuristicAction": "", "nextUpdateTime": 1537693082358, "userAction": "" } nasa.gov { "dnt": false, "heuristicAction": "block", "nextUpdateTime": 0, "userAction": "" } www.grc.nasa.gov { "dnt": false, "heuristicAction": "", "nextUpdateTime": 1537120149229, "userAction": "" } www.hq.nasa.gov { "dnt": false, "heuristicAction": "", "nextUpdateTime": 1541287130844, "userAction": "" } apod.nasa.gov { "userAction": "", "dnt": false, "heuristicAction": "", "nextUpdateTime": 1545481597241 } SNITCH_MAP for nasa.gov nasa.gov [ "aistmce.net", "shi.com", "google.com" ]

ghostwords commented 5 years ago

Hello! I'm not sure what to do see API calls go out to nasa.gov domains from your Observable page.

I think what's happening is that you have some nasa.gov cookies from when you visited NASA pages directly, and those cookies are being sent along with NASA API requests on non-NASA websites. Privacy Badger sees this and thinks NASA is tracking you across the Web.

ghostwords commented 5 years ago

I'm going to close this for now. Let me know if you have more information.