search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
4.08k stars 763 forks source link

natera.com: breakage #23370

Closed githubtkm closed 5 months ago

githubtkm commented 5 months ago

Prerequisites

URL address of the web page

https://www.natera.com/company/contact-us/eloqua-test-contact-us/

Category

breakage

Description

Eloqua forms have an option for spam protection. For this to work, a request is submitted to the server to generate a token and then when the form is submitted, the token value is checked. I have found that the "uBlock filters - Unbreak" list is blocking the token from being created due to the last line in the following section in the file blocking an xhr request to https://s732349.t.eloqua.com/e/formsubmittoken?elqSiteID=732349.

! https://github.com/NanoMeow/QuickReports/issues/2466 @@||en25.com^$script,domain=oracle.com ||t.eloqua.com^$badfilter ||t.eloqua.com^$3p

Also, I wrote code to submit the Eloqua form via an xhr request to our Eloqua account at https://s732349.t.eloqua.com/e/f2 so that we can show the Thank You message on the same page. You can see this on 'https://www.natera.com/oncology/signatera-advanced-cancer-detection/clinicians/eloqua-test-form-stay-on-page/'

This is also broken by the same section in the "uBlock filters - Unbreak" list.

Please let me know if you have any questions. Thank you for your help.

Other extensions used

None. If I turn off uBlock Origin on the page, the form behaves as expected.

Screenshot(s)

Screenshot(s)

Configuration

```yaml uBlock Origin: 1.57.0 Chromium: 123 filterset (summary): network: 133904 cosmetic: 46195 scriptlet: 20508 html: 0 listset (total-discarded, last-updated): default: user-filters: 0-0, never easylist: 86127-554, 59m Δ easyprivacy: 50791-810, 59m Δ plowe-0: 3735-0, now ublock-badware: 8298-0, 59m Δ ublock-filters: 37562-302, 59m Δ ublock-privacy: 832-0, 59m Δ ublock-quick-fixes: 324-1, 59m Δ ublock-unbreak: 2252-2, 59m Δ urlhaus-1: 12505-0, now filterset (user): [empty] trustedset: added: [array of 13 redacted] userSettings: [none] hiddenSettings: [none] supportStats: allReadyAfter: 6200 ms maxAssetCacheWait: 3042 ms cacheBackend: indexedDB popupPanel: blocked: 3 network: eloqua.com: 1 googletagmanager.com: 1 transcend.io: 1 ```
githubtkm commented 5 months ago

Note to developers: if you test submitting the form, please use 00000 for the zip code. Thank you again for any help.

githubtkm commented 5 months ago

https://github.com/uBlockOrigin/uAssets/assets/167571492/3b8f1a18-3906-4823-962a-492b967fb9f8

I am attaching an image with screenshots of the uBlock Origin Log Details for these two urls that are blocked by the "uBlock filters - Unbreak" list.

stephenhawk8054 commented 5 months ago

How to reproduce it? I access to https://www.natera.com/company/contact-us/eloqua-test-contact-us/ directly but I don't see any eloqua.com connections and the page appears normally for me

https://github.com/uBlockOrigin/uAssets/assets/66517106/7c6d8ace-583f-48f4-83b6-45e55f0f5b6c

githubtkm commented 5 months ago

Thank you for looking into this, stephenhawk8054.

My apologies. Could you refresh and try again? (I needed to tweak our privacy banner settings to categorize this token script as essential. During my testing I had accepted all.)

Here is my screenshot with the logger and also dev tools network tab showing. I hope this helps. https://github.com/uBlockOrigin/uAssets/assets/167571492/000c1959-c393-4dbb-8746-e817459898ba

githubtkm commented 5 months ago

Also, if you view the page elements in dev tools, you can check the value of the hidden field with the id "elqFormSubmissionToken". With uBlock Origin enabled you will see it doesn't have a value, but with uBlock Origin disabled you can see a long value correctly added to this field.

https://github.com/uBlockOrigin/uAssets/assets/167571492/296a727b-6a8c-41be-9b4f-81130d322a76

https://github.com/uBlockOrigin/uAssets/assets/167571492/abf1a63a-7a98-4141-8050-afe1323841a4

githubtkm commented 5 months ago

Hi @mapx- I see you have fixed the first issue and it is working correctly for me. Thank you so much!

Are you also able to add a rule for the second issue, submitting the form via xhr to https://s732349.t.eloqua.com/e/f2 (that is on this test page instead: 'https://www.natera.com/oncology/signatera-advanced-cancer-detection/clinicians/eloqua-test-form-stay-on-page/')? I am happy to submit a separate issue if that makes more sense.

mapx- commented 5 months ago

does this work ?

githubtkm commented 5 months ago

@mapx- it looks like that will fix it, but for some reason my uBlock Origin is refusing to grab the newest version of the list. I see it here https://github.com/uBlockOrigin/uAssets/blob/master/filters/unbreak.txt, but when I click the little eye icon in uBlock Origin, I am still seeing the version with @@||t.eloqua.com/*/formsubmittoken$xhr,domain=natera.com instead of @@||t.eloqua.com^$xhr,domain=natera.com

I even tried a different profile in Chrome with a fresh install of uBlock Origin, but when I refreshed the unbreak list there, I also got the version with @@||t.eloqua.com/*/formsubmittoken$xhr,domain=natera.com. Maybe it takes some time to be available? I will test again in a while.

stephenhawk8054 commented 5 months ago

@githubtkm Wait about 5-6 hours, the filter lists will be auto-updated. You can use the above filter as custom filter in the meantime.

githubtkm commented 5 months ago

Thank you, @stephenhawk8054! That’s good to know.