HTTPS Upgrades Test Page #15
Conversation
There was a problem hiding this comment.
Hey @Charlie-belmer PTAL whenever you'll have a moment. There are few unrelated changes bundled here sorry for that.
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/fingerprinting/'>Fingerprinting</a></li> | ||
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/storage-blocking/'>Storage blocking</a></li> | ||
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/referrer-trimming/'>Referrer trimming</a></li> | ||
| <li><a href='http://privacy-test-pages.glitch.me/privacy-protections/https-upgrades/'>HTTPS upgrades</a></li> |
There was a problem hiding this comment.
Some of those pages don't really work on github pages, which might be confusing, so I hardcoded full glitch urls.
| <li>some data is duplicated, but it's retrieved using different methods.</li> | ||
| <li>depending on the brower some properties may change randomly on every page reload or test run,</li> | ||
| <li>some data is duplicated, but it's retrieved using different methods,</li> | ||
| <li>this page has to be loaded over https for all tests to work correctly (some APIs are not available over http).</li> |
There was a problem hiding this comment.
Since glitch is supporting both http and https I added a note that fingerprinting page should be loaded over https.
| window.parent.postMessage({url: document.location.href, type: msg.data.type}, '*'); | ||
| } | ||
| } | ||
| }; |
There was a problem hiding this comment.
this page returns current url to either parent url (iframe scenario) or opener (window.open scenario).
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/fingerprinting/'>Fingerprinting</a></li> | ||
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/storage-blocking/'>Storage blocking</a></li> | ||
| <li><a href='https://privacy-test-pages.glitch.me/privacy-protections/referrer-trimming/'>Referrer trimming</a></li> | ||
| <li><a href='http://privacy-test-pages.glitch.me/privacy-protections/https-upgrades/'>HTTPS upgrades</a></li> |
| @@ -22,7 +22,7 @@ function generateNavigationTest(url) { | |||
|
|
|||
| if (localStorage[key]) {// test already finished before | |||
| return JSON.parse(localStorage[key]); | |||
| } else if(currentURL.searchParams.get('js')) {// test finished now | |||
| } else if(currentURL.searchParams.get('js') !== null) {// test finished now | |||
There was a problem hiding this comment.
unrelated fix for referrer trimming - we have to test for null specifically because Brave, in certain scenarios trims referrer to an empty string.
| protocol: req.protocol, | ||
| host: req.get('host'), | ||
| pathname: req.originalUrl | ||
| }); |
There was a problem hiding this comment.
this returns full url that was requested (we need that to see if the protocol was http or https)
| @@ -108,9 +117,9 @@ app.get('/come-back', (req, res) => { | |||
| <body> | |||
| <script> | |||
| const jsReferrer = document.referrer; | |||
| document.body.innerHTML += '<p>header: <strong>${req.headers.referer}</strong></p><p>js: <strong>' + jsReferrer + '</strong></p>'; | |||
| document.body.innerHTML += '<p>header: <strong>${req.headers.referer || ''}</strong></p><p>js: <strong>' + jsReferrer + '</strong></p>'; | |||
There was a problem hiding this comment.
unrelated referrer clean up - for Brave referrer is sometimes undefined in which scenarios we want to return '' instead 'undefined'
Tech Design: https://app.asana.com/0/0/1198919147577402/f
Preview: http://privacy-test-pages.glitch.me/privacy-protections/https-upgrades/
Please note that preview page returns HTTP instead of HTTPS for now. This is until our extension will actually start upgrading good.trird-party.site to HTTPS.
As for the websocket - it fails, but this is a known glitch limitation that they are fixing.