dawidi
commented
11 years ago Signed up to say I can confirm this on my machine. The actual request to ssl.google-analytics.com/ga.js is at the end of addons.cdn.mozilla.net/media/js/preload-min.js(...).
I have zero experience with addon programming; but I see in requestpolicyService.js that there are a couple of hard-coded "_compatibilityRules", obviously to make sure this addon doesn't accidentally prevent other addons from getting installed or updated, among other things. One of these rules whitelists all requests from "addons.mozilla.org", and thereby also allows Google Analytics through - and presumably because it is a hard-coded rule, it doesn't even show up in the "Allowed destinations" context menu. There are some more finely tuned origin-destination rules as well, but this one probably anticipates that the server structure at Mozilla might change.
Not sure how to solve this without potentially breaking addon updates altogether at some point in the future - looks like this behaviour is by design.
I've added a rule for Analytics in Adblock Edge for now, but I will admit I was quite scared to suddenly see a Certpatrol popup from an SSL request I know I would never whitelist in RequestPolicy.
On the Page https://addons.mozilla.org the console shows requests to https://ssl.google-analytics.com/ga.js but RequestPolicy does not show it in the Allowed or Blocked lists. On other pages (like github) google-analytics is blocked and in the displayed as blocked.