Closed ghostwords closed 2 months ago
I tested the Embedly link and the links in https://github.com/EFForg/privacybadger/issues/2989. The fix worked for everything except the YouTube player on https://www.vox.com/22362894/which-covid-vaccine-is-better-moderna-vs-pfizer-video
Also, while testing non-lazy-loaded widget pages, I noticed we might need to yellowlist sf16-website-login.neutral.ttwstatic.com
to get TikTok widget replacements working on certain pages. Ex: https://goatagency.com/blog/influencer-marketing/super-bowl-ads/
I tested the Embedly link and the links in #2989. The fix worked for everything except the YouTube player on https://www.vox.com/22362894/which-covid-vaccine-is-better-moderna-vs-pfizer-video
OK, it's not a lazy load situation, but a YouTube API widget nested inside an iframe. The following patch fixes it but it would be better if we could instead allow surrogate API messages from all first party (according to our MDFP definitions) frames:
diff --git a/src/js/contentscripts/utils.js b/src/js/contentscripts/utils.js
index 8607f71a..0cc96e11 100644
--- a/src/js/contentscripts/utils.js
+++ b/src/js/contentscripts/utils.js
@@ -66,7 +66,8 @@ window.FRAME_URL = getFrameUrl();
// investigate implications of third-party scripts in nested frames
// generating pbSurrogateMessage events
if (window.top != window) {
- if (!window.FRAME_URL.startsWith('https://cdn.embedly.com/')) {
+ if (!window.FRAME_URL.startsWith('https://cdn.embedly.com/') &&
+ !window.FRAME_URL.startsWith('https://volume.vox-cdn.com/')) {
return;
}
}
I tested the Embedly link and the links in #2989. The fix worked for everything except the YouTube player on https://www.vox.com/22362894/which-covid-vaccine-is-better-moderna-vs-pfizer-video
OK, it's not a lazy load situation, but a YouTube API widget nested inside an iframe. The following patch fixes it but it would be better if we could instead allow surrogate API messages from all first party (according to our MDFP definitions) frames:
...
Makes sense! Do we have already have an issue opened for this?
Fixes #2989. Follows up on #2852.
Also fixes replacing Embedly frame loaded (nested) surrogate JS API-powered widgets:
Lazy loaded example that still doesn't work:
Surrogate JS API-powered example that no longer works (unrelated to this PR; a "loading" overlay hides our placeholder):