Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "guildwars2.com" to yellowlist #2115

Merged
merged 1 commit into from
Jul 30, 2018
Merged

Add "guildwars2.com" to yellowlist #2115

merged 1 commit into from
Jul 30, 2018

Conversation

queicherius
Copy link
Contributor

@queicherius queicherius commented Jul 25, 2018
edited
Loading

Privacybadger is blocking access to api.guildwars2.com which is the official public API for the MMORPG Guild Wars 2. It can only be used to read personal data off an account if the user previously generated and provided a valid API key (see "Authentication" section at the bottom), which makes this opt-in.

(Probably?) since all sites making use of that API are hosted on different domains, and most of the sites access the API from the client side, Privacybadger blocks the access to this API, regularly causing questions like this or this.

@ghostwords
Copy link
Member

I think you want to add the domain to the yellowlist, not the multi-domain first-parties list.

@ghostwords
Copy link
Member

Could you provide the debugging information requested in https://github.com/EFForg/privacybadger/blob/1cac5ba752517802d0596645c464ffd55a60c9d0/.github/ISSUE_TEMPLATE/broken-site-report.md?

@ghostwords
Copy link
Member

We might want to add all of guildwars2.com ... See all these other subdomains below.

Error report counts by page domain and exact blocked "guildwars" subdomain:

+---------------------+------------------------+-------+
| fqdn                | blocked_fqdn           | count |
+---------------------+------------------------+-------+
| gw2efficiency.com   | api.guildwars2.com     |     8 |
| gw2efficiency.com   | render.guildwars2.com  |     6 |
| metabattle.com      | api.guildwars2.com     |     5 |
| help.guildwars2.com | guildwars2.zendesk.com |     4 |
| metabattle.com      | render.guildwars2.com  |     4 |
| qtfy.eu             | render.guildwars2.com  |     2 |
| deso.website        | api.guildwars2.com     |     1 |
| gw2crafts.net       | api.guildwars2.com     |     1 |
| gw2timer.com        | api.guildwars2.com     |     1 |
| qtfy.eu             | api.guildwars2.com     |     1 |
| snowcrows.com       | api.guildwars2.com     |     1 |
| gw2crafts.net       | render.guildwars2.com  |     1 |
| snowcrows.com       | render.guildwars2.com  |     1 |
| gw2timer.com        | tiles.guildwars2.com   |     1 |
| dps.report          | wiki.guildwars2.com    |     1 |
| dulfy.net           | wiki.guildwars2.com    |     1 |
| gw2efficiency.com   | wiki.guildwars2.com    |     1 |
| qtfy.eu             | wiki.guildwars2.com    |     1 |
| account.arena.net   | www.guildwars2.com     |     1 |
...

Error report counts by date and exact blocked "guildwars" subdomain:

+---------+------------------------+-------+
| ym      | blocked_fqdn           | count |
+---------+------------------------+-------+
| 2018-07 | api.guildwars2.com     |     3 |
| 2018-07 | render.guildwars2.com  |     3 |
| 2018-06 | api.guildwars2.com     |     1 |
| 2018-06 | render.guildwars2.com  |     1 |
| 2018-05 | api.guildwars2.com     |     2 |
| 2018-05 | render.guildwars2.com  |     2 |
| 2018-04 | api.guildwars2.com     |     1 |
| 2018-04 | tiles.guildwars2.com   |     1 |
| 2018-02 | guildwars2.zendesk.com |     1 |
| 2018-02 | render.guildwars2.com  |     1 |
| 2018-02 | wiki.guildwars2.com    |     1 |
...

@bcyphers
Copy link
Contributor

Possibly related to #1545?

@queicherius queicherius changed the title Add "api.guildwars2.com" to the MDFP list Add "guildwars2.com" to yellowlist Jul 25, 2018
@queicherius
Copy link
Contributor Author

I think you want to add the domain to the yellowlist, not the multi-domain first-parties list.

Ah, yes. I updated the PR to use the yellowlist instead.

Could you provide the debugging information requested in ...

Sadly not, I don't use PrivacyBadger, I just get reports of my page (gw2efficiency.com) not working fairly frequently, so I thought I'd fix the issue here. :)

We might want to add all of guildwars2.com ... See all these other subdomains below.

Ah, yes. I added the TLD. Here is what the specific domains do, in case that's interesting:

  • api.guildwars2.com is the URL of the public API endpoints
  • render.guildwars2.com is for item icons and some other sprites linked in the API (essentially a CDN)
  • tiles.guildwars2.com is for map tiles linked in the API (essentially a CDN)
  • wiki.guildwars2.com is the official wiki (not really part of the API, but is hotlinked from some pages)
  • guildwars2.zendesk.com and www.guildwars2.com have nothing to do with the API

ghostwords
ghostwords approved these changes Jul 25, 2018
View reviewed changes
Copy link
Member

@ghostwords ghostwords left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK thank you! We'll get this released next week, perhaps on Tuesday.

@bcyphers bcyphers merged commit d5a136c into EFForg:master Jul 30, 2018
@ghostwords ghostwords added the yellowlist Domains on this list are allowed but with restrictions: no referrer headers or cookies/localStorage label Jul 31, 2018
@krypt0x krypt0x mentioned this pull request Aug 1, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghostwords ghostwords ghostwords approved these changes

Assignees
No one assigned
Labels
yellowlist Domains on this list are allowed but with restrictions: no referrer headers or cookies/localStorage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@queicherius @ghostwords @bcyphers