Braintree analytics are not removed in no-track

powercord-org / powercord

A lightweight @discord client mod focused on simplicity and performance.

MIT License

1.21k stars 147 forks source link

Braintree analytics are not removed in no-track #417

Closed relative closed 2 years ago

relative commented 4 years ago

Describe the bug Braintree analytics are not removed in no-track

To Reproduce

Open devtools
Navigate to the network tab in devtools
Open a payment window (ex. nitro subscription)
Observe that the client makes calls to client-analytics.braintreegateway.com

Expected behavior The request should not be initiated.

Desktop (please complete the following information):

OS: Windows

Additional context

[x] I checked if Discord and/or Powercord are up to date
[x] I made sure this is not related to an external plugin or a theme

Blocking braintree analytics should not cause an issue (It is already blocked in easyprivacy list)

MulverineX commented 4 years ago

This should be fixed in Powercord Version 3 with CSP.

relative commented 4 years ago

This should be fixed in Powercord Version 3 with CSP.

client-analytics.braintree.com is in Discord's CSP

MulverineX commented 4 years ago

Powercord's CSP will be custom, its not going to copy Discord's verbatim

relative commented 4 years ago

Wouldn't that go against the whole preserving CSP thing then?

MulverineX commented 4 years ago

Preserving CSP meaning having it enabled at all, because at the moment it's disabled.

cyyynthia commented 4 years ago

Once again speculating and making something sound official when nothing official has been said about it..

This will not be filtered using csp since this will just cause errors to spit out, which is not something good. There are plenty of other methods, way cleaner and efficient to prevent Braintree' analytics from being sent, which is what will be used to prevent those.