search

EFForg / privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
https://privacybadger.org
Other
3.2k stars 388 forks source link

"Your organization blocked this file because it didn't meet a security policy" in Chrome #3004

Open likethesky opened 4 months ago

likethesky commented 4 months ago

I get "Your organization blocked this file because it didn't meet a security policy" when trying to download legitimate PDF forms from client.schwab.com ... After adding client.schwab.com to the excluded domains on Privacy Badger, the problem stopped.

ghostwords commented 4 months ago

Hello and thanks for opening an issue!

Is this in Chrome? To clarify, which domain is the PDF hosted on, and what is the domain of the site you are on when this happens?

ghostwords commented 4 months ago

This might be another Google's Manifest V3 bug where Declarative Net Request's definition of "thirdParty" is different from what extensions expect. Google's DNR defines the "thirdParty" filter with respect to the containing frame, while extensions like Privacy Badger expect the check to be made against the top-level document. This matters when a resource is loaded in a nested frame.

But I can't say for sure because I haven't yet been able to reproduce this issue.

ckuethe commented 2 months ago

I get the same error trying to download images from Google Voice conversations. Disabling PB on Google Voice allows me to save images.

PB 2024.07.17, Chrome 127 & 128 from Google DEB repo, Ubuntu 22.04LTS x86_64

ghostwords commented 1 week ago

We haven't gotten any "Your organization blocked this file because it didn't meet a security policy" reports in a while. We started getting reports after the Privacy Badger MV3 release to Chrome. The most recent report was from September 9th. Maybe this was (a DNR bug?) fixed in Chrome 129?

ckuethe commented 1 week ago

@ghostwords I can still reproduce this with Google Voice, PB 2024.7.17, Chrome 131.0.6778.85, Ubuntu 22.04LTS x86_64 - I just sent a broken site report, if that helps.

ghostwords commented 6 days ago

@ckuethe Are you able to reproduce this issue in a new Chrome profile with Privacy Badger?

ckuethe commented 6 days ago

No. For fun, I created a brand new user on my machine and ran chrome with only PB (default settings) installed. Google Voice attachments saved correctly.

I suppose I need to see if I can repro with my main PB settings copied to my test profile, and possibly seeing which other extension might be interacting.

ghostwords commented 5 days ago

That is very helpful, thank you!