-
-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Airbnb: The Map isn't loading #1411
Comments
i just ran into the same issue. i can confirm that allowing bat.bing.com makes the map (which is google maps, not bing maps, which may be confusing) work again. |
Should scripts returned via |
We should probably yellowlist |
We could also solve this by abusing the multi-domain third-parties (MDFPs) list and adding The advantage of this would be to minimize your exposure to Practically speaking, does yellowlisting protect against Are there downsides to redefining MDFPs to include site-specific exceptions, not just domains belonging to the same entity? The name would no longer be accurate for one ... Would allow |
@ghostwords While what your are suggesting would work, I think it would be better done outside of the MDFP system. Currently PB has no way to add sets rules for a third party tracker on a specific origin i.e. bat.bing.com on airbnb.com. I think there is a case to me made against developing such a system since it is done much better by things like uBlock origin. I'm looking into adding a surrogate for this case, however airbnb has a CSP that prevents script tags from using data URI's. uBlock Origin modify's pages' CSP to allow this. But we don't do this, nor do I think we should because this could open up some XSS issues. |
Yes, I noted the CSP conflict above. Which CSP directive are we violating exactly though? Is there a safe way to add our script(s) to the site's CSP? (Does uBlock do it in a safe way?) |
Actually, from what I can tell, uBlock doesn't modify the CSP to allow injecting the surrogate with data URI. It violates I'm looking into a few ways to do this properly. |
Things are not looking good on the chrome bug tracker https://bugs.chromium.org/p/chromium/issues/detail?id=749236#c5 I'm going to add a surrogate and put it in its own file, like they suggest. However this is a bad suggestion. |
blocking bat.bing.com/bat.js no longer breaks airbnb for me. Please reopen this issue if you find this to be incorrect. I'll make a separate issue for making a surrogate for bat.js |
When you look for rooms on Airbnb PB is blocking the overview on the right-Hand side.
I think the problem is, that bat.bing.com is blocked.
The text was updated successfully, but these errors were encountered: