Closed bonanza123 closed 5 years ago
What kind of blocker do you use (so we can reproduce this)? The tracking has been there for longer, but I'll discuss with our developers what has changed recently.
@danielnaber thanks so much for your reply! I use the firefox addon umatrix
and it by default blocks cross-domain stuff (and therefore the request above)
I cannot reproduce this yet, umatrix with default settings doesn't break LT for me. How exactly are you testing and what add-on version do you use?
Thanks again for your reply.
Btw, I am not sure whether you need to adjust your privacy statement in the addon page which currently says:
Privacy
Your privacy is important to us: By default, this extension will check your text by sending it to https://languagetool.org over a securely encrypted connection. No account is needed to use this extension. We don't store your IP address. See our privacy policy for more details.
I doesn't mention anything about the analytics above. In context of GDPR that could be an issue (I am not an expert though) as we didn't give any consent about this sharing.
EDIT: Or please make it more explicit, I just saw it on the main website's privacy statement. For me it's not clear which of these statemetns apply to using the website or when using the addon with my own server.
I am using umatrix 1.3.16 and languagtool addon 2.1.9. The request above is blocked by umatrix in my case (it shows up in the logs as being blocked) and the addon reports
Sorry, something went wrong while checking your text. (400)
Unfortunately, I cannot see any further details as there is no error/reporting on the firefox console. Is it possible to make the addon verbose?
I still cannot reproduce, using the same version of LT and umatrix. Are you sure the problem is caused by umatrix? I.e. does it work if you turn it off?
You are right, disabling umatrix (and ublock) does not help. It still reports error 400. I checked the server and its working fine (I use the same server via TexStudio and its working), moreover, the curl test works
% curl --data "language=en-US&text=a simple test" https://myserver.com/v2/check
{"software":{"name":"LanguageTool","version":"4.4","buildDate":"2018-12-27 10:19","apiVersion":1,"premium":false,"premiumHint":"You might be missing errors only the Premium version can find. Contact us at support<at>languagetoolplus.com.","status":""},"warnings":{"incompleteResults":false},"language":{"name":"English (US)","code":"en-US","detectedLanguage":{"name":"French","code":"fr","confidence":0.815771}},"matches":[{"message":"This sentence does not start with an uppercase letter","shortMessage":"","replacements":[{"value":"A"}],"offset":0,"length":1,"context":{"text":"a simple test","offset":0,"length":1},"sentence":"a simple test","type":{"typeName":"Other"},"rule":{"id":"UPPERCASE_SENTENCE_START","description":"Checks that a sentence starts with an uppercase letter","issueType":"typographical","category":{"id":"CASING","name":"Capitalization"}},"ignoreForIncompleteSentence":false}]}%
Please try whether the problem also appears on https://languagetool.org/development/simple.html with the default text in the textarea.
It doesn't work there either. I enabled addon debugging for LT and see this:
Error: Missing host permission for the tab, and any iframes
undefined
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 65" data: no]
Promise resolved after context unloaded
storageController.js:2
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 65" data: no]
Promise resolved after context unloaded
storageController.js:2
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.addSheet]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 65" data: no]
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 65" data: no]
Promise resolved after context unloaded
storageController.js:2
Error: Missing host permission for the tab, and any iframes
undefined
Use of nsIFile in content process is deprecated. NetUtil.jsm:245:12
Stylesheets without CSSOM changes reparsed to check for errors. Refresh the page to also see errors from stylesheets changed from CSSOM and from style attributes.
Error: Missing host permission for the tab, and any iframes
is this possibly related?
Which version of Firefox do you use? Does it work if you turn off all other add-ons?
Disabling all addons except LT doesn't help. I am using 67.0 beta 10 (64-bit) on archlinux
as I employ my same languagetool server to have full freedom and privacy
If you get a response code of 400, it means the server returns that code. You should look in its log (STDOUT/STDERR):
Good point!
It says:
2019-04-14 10:53:56 +0000 An error has occurred: 'Seems like you're using an old version of our API that's not supported anymore. Please see https://languagetool.org/http-api/migration.php', sending HTTP code 400. Access from 172.17.0.1, HTTP user agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0, User agent param: webextension-firefox-ng, v: 2.1.9, Referrer: null, language: auto, h: 2, r: 136918, time: 0, text length: 1072, m: ALL_BUT_TEXTLEVEL_ONLY, iID: 27872:1555239212025, Stacktrace follows:java.lang.IllegalArgumentException: Seems like you're using an old version of our API that's not supported anymore. Please see https://languagetool.org/http-api/migration.php
at org.languagetool.server.LanguageToolHttpHandler.handle(LanguageToolHttpHandler.java:156)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:82)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:675)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:647)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
What have you specified as the server address? Probably not http://localhost:8081/v2
...
OMG, thanks
It looks like the newest version of this addon embedds analytics that cannot be disabled, cf. https://github.com/languagetool-org/languagetool-browser-addon/blob/60557b31a93ea53dbd04b2cbdf6c53a94e14a078/webextension/share/tools.js#L21.
Here an example of blocked request:
https://openthesaurus.stats.mysnip-hosting.de/piwik.php?idsite=12&_cvar=%7B%221%22%3A%5B%22version%22%2C%222.1.9%22%5D%2C%222%22%3A%5B%22autoCheck%22%2C%22true%22%5D%2C%223%22%3A%5B%22account%22%2C%22false%22%5D%2C%224%22%3A%5B%22subscription%22%2C%22false%22%5D%2C%225%22%3A%5B%22hiddenMatches%22%2C%22false%22%5D%7D&rec=1&url=https%3A%2F%2Ffake%2F&action_name=dialog%3Aopened&rand=1555230055235&apiv=1&res=1835x1032&_id=5abfadb776f19dfa&_idts=1549348877&_idvc=76&e_c=Action&e_a=dialog%3Aopened&e_n=FAILED&
this translates to
https://openthesaurus.stats.mysnip-hosting.de/piwik.php?idsite=12&_cvar={"1":["version","2.1.9"],"2":["autoCheck","true"],"3":["account","false"],"4":["subscription","false"],"5":["hiddenMatches","false"]}&rec=1&url=https://fake/&action_name=dialog:opened&rand=1555230055235&apiv=1&res=1835x1032&_id=5abfadb776f19dfa&_idts=1549348877&_idvc=76&e_c=Action&e_a=dialog:opened&e_n=FAILED&
Moreover, blocking these request breaks the complete addon. This is quite unfortunate as I employ my same languagetool server to have full freedom and privacy.
Please reconsider these analytics choices, IMHO the following would be great