Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy - Query Page and Dom.storage #1119

Closed
3 tasks done
ghost opened this issue Dec 29, 2019 · 5 comments · Fixed by #2026
Closed
3 tasks done

Privacy - Query Page and Dom.storage #1119

ghost opened this issue Dec 29, 2019 · 5 comments · Fixed by #2026
Labels
Enhancement Fixed In Next Release

Comments

@ghost
Copy link

ghost commented Dec 29, 2019
edited by ghost
Loading

In raising this issue, I confirm the following:

How familiar are you with the the source code relevant to this issue?:

{5}

Expected behaviour:

{The query page should work with dom.storage disabled. Dom.storage can be used in many manipulative ways to track users cross-site and across devices. Users who have dom.storage disabled should also have a way to view the query page. }

Actual behaviour:

{The part of the code where the issue stems from can be trivially located using the Developer Console. Users who disable dom.storage are unable to see anything on the query page. This is how it looks like if you disable dom.storage in Firefox: }
Imgur

Steps to reproduce:

{This applies only to Firefox: 1) Go to: about:config. 2) Set: dom.storage.enabled to false. 3) Go to the query page of your pi.hole}

Troubleshooting undertaken, and/or other relevant information:
I know that this isn't technically an issue, but rather an improvement. If it can changed by the pi.hole team without extensive effort, then I'm sure a small subset of users would welcome it. Right now one is forced to either be blind in the query log or have dom.enabled (former is an inconvenience (except when you want to figure out why some website isn't working), later is a huge privacy risk).

Thank you for all the work so far.
@XhmikosR
Copy link
Contributor

XhmikosR commented Jan 2, 2020

It seems the root cause is that localStorage is null in the case of dom.storage.enabled set to false.

I think we should have a common function to check for locarStorage availability and guard the code. Otherwise, monkey patching it with localStorage && localStorage.getItem("foo") might work but I think the other solution is cleaner if we want to check all localStorage instances. If we only care about the queries page, I guess we can go with the second solution.

@chrismiceli chrismiceli mentioned this issue Dec 25, 2021
Merged
9 tasks
@github-actions
Copy link
Contributor

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

@yubiuser
Copy link
Member

Removing "Submitter Attention Required" because we have an open PR linked.

@rdwebdesign rdwebdesign linked a pull request Jan 11, 2022 that will close this issue
1119 Privacy - Query Page and Dom.storage #2026
Merged
9 tasks
@github-actions
Copy link
Contributor

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

@github-actions github-actions bot added the stale label Feb 10, 2022
@yubiuser
Copy link
Member

Fixed in https://discourse.pi-hole.net/t/pi-hole-ftl-v5-14-web-v5-11-and-core-v5-9-released/53529

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Fixed In Next Release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

1119 Privacy - Query Page and Dom.storage chrismiceli/AdminLTE
2 participants
@XhmikosR @yubiuser