Apple Wallet functionality broken in Pro++ but not Normal

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!

GNU General Public License v3.0

5.1k stars 174 forks source link

Apple Wallet functionality broken in Pro++ but not Normal #2010

Closed dikrek closed 6 months ago

dikrek commented 6 months ago

Which AdBlocker/DNS cloud service do you use?

ControlD

Other

No response

NextDNS users only

[ ] I have disabled the block page in NextDNS and confirm that the problem still occurs!

Which blocklist(s) do you use?

Multi NORMAL, Multi PRO++

Which domain(s) should be unblocked?

Not sure. Tried to add different kinds of tickets to my Apple Wallet and I get an error with Pro++. Switching to Normal and it worked.

That’s fairly substantial breakage.

Why should the domain(s) be unblocked?

Breaks fundamental Apple device functionality

hagezi commented 6 months ago

You'll have to give me a few more details, don't you have access to the log?

dikrek commented 6 months ago

I use the free version of ControlD - no logs. But I understand your challenge.

hagezi commented 6 months ago

Ok, write me an email to hagezi@protonmail.com and I will send you a mobileconfig for a test DNS where I can see the log.

hagezi commented 6 months ago

@dikrek I have sent you the mobileconfig via email.

Instructions:

Download the configuration profile.
Open the Settings app.
Tap Profile Downloaded.
Tap Install in the upper-right corner, and follow the onscreen instructions.

hagezi commented 6 months ago

@dikrek I have also tested it, at least as far as I could. I deleted my bank cards from the wallet and added them again. It worked perfectly. It doesn't seem to be an Apple domain causing the problem. Which app did you use to add the tickets to the wallet?

hagezi commented 6 months ago

@dikrek Another test: I found a ticket in an email which I was able to add to the wallet without any problems.

dikrek commented 6 months ago

It seems to be

https://wallet-api.asnapieu.com/v1/pass/adaptive/jIdVET4j8HI

hagezi commented 6 months ago

@dikrek Thanks, has been removed, wait for the update in ControlD and then please test again.

dikrek commented 6 months ago

Awesomely fast response as always! But I worry about the underlying heuristics. Why would that be blocked in the first place? What list did it come from and what is their reasoning?

dikrek commented 6 months ago

Because part of that URL seems dynamically generated so it won’t all be the same

hagezi commented 6 months ago

*.asnapieu.com has been completely blocked in the aggressive lists. Source is 1Hosts Pro and QuidsUp Notrack, the domain is from the tracking category and was therefore taken over.

The domain is not generic, the parameters of the URL are, but we only block domains in DNS, not URLs.

hagezi commented 6 months ago

@dikrek By the way, if you don't have access to the logs, I recommend you downgrade to Pro. The aggressive lists contain some popular trackers, such as googletagmanager.com, which lead to restrictions on some sites and belong on your personal allowlist if needed.

hagezi commented 6 months ago

Fixed in ControlD