decentraleyes issueshttps://git.synz.io/Synzvato/decentraleyes/-/issues2021-03-27T19:01:07Zhttps://git.synz.io/Synzvato/decentraleyes/-/issues/393Slowdowns occur when Dark Reader is enabled2021-03-27T19:01:07ZGhost UserSlowdowns occur when Dark Reader is enabledThere are massive slowdowns when activated both add-ons. Issue is like the one with speed Dial.
I am just a user, so I can't tell much why this is happening, but I would love a fix. But I think it's because Decentraleyes is checking some...There are massive slowdowns when activated both add-ons. Issue is like the one with speed Dial.
I am just a user, so I can't tell much why this is happening, but I would love a fix. But I think it's because Decentraleyes is checking something in here, or tries to Emulate. Anyway keep up the good work guys (:v2.0.15https://git.synz.io/Synzvato/decentraleyes/-/issues/336Decentraleyes breaks on first new tab load2022-06-15T13:26:44ZJad ChaarDecentraleyes breaks on first new tab loadHi, I am really liking Decentraleyes but I found 1 little kink in the testing utility: for some reason, when click the `decentraleyes.org/test` link from within the extension itself (in the toolbar), the testing utility says that Decentr...Hi, I am really liking Decentraleyes but I found 1 little kink in the testing utility: for some reason, when click the `decentraleyes.org/test` link from within the extension itself (in the toolbar), the testing utility says that Decentraleyes is not working. But when I refresh that same page, it says the tool is operational.
Also, when I manually go to `decentraleyes.org/test` by entering it in the toolbar, the page says fully operational.
Just a small kink I found that was kind of odd.
The tool does indeed seem to be working as expected as the counter in the extension (local CDNs served) is incrementing after some browsing.v2.0.15https://git.synz.io/Synzvato/decentraleyes/-/issues/332Decentraleyes still beaks a Path of Exile fansite2019-01-15T13:58:01ZGhost UserDecentraleyes still beaks a Path of Exile fansitehttp://poedb.tw/us/ brokenhttp://poedb.tw/us/ brokenv2.0.9https://git.synz.io/Synzvato/decentraleyes/-/issues/323Recent versions of Firefox frequently freeze up2022-06-15T11:25:26ZhaarpRecent versions of Firefox frequently freeze upI've happily been using Decentraleyes for a good while now. Thanks for making it!
After updating Firefox from v62 to v63, I'm experiencing frequent and complete freezes of the entire browser window. It's triggered by actions such as swi...I've happily been using Decentraleyes for a good while now. Thanks for making it!
After updating Firefox from v62 to v63, I'm experiencing frequent and complete freezes of the entire browser window. It's triggered by actions such as switching tabs, focusing input fields or scrolling (especially large pictures) and lead the main Firefox process to consume 100% CPU. The browser thaws after a few seconds, but switching to another tab and back usually triggers another freeze.
Disabling Decentraleyes instantly resolves these problems. They return after re-enabling it. This is weird, I don't think an extension should, or could, cause such issues. I suspect this to be a Firefox bug merely triggered by Decentraleyes. My intuition points at memory allocation problems, but I really don't know.
Firefox 63 on Linux, compiled from source
Decentraleyes 2.0.8v2.0.15https://git.synz.io/Synzvato/decentraleyes/-/issues/313Decentraleyes doesn't work on Firefox Beta and Nightly2018-09-19T22:58:24ZDamien CassouDecentraleyes doesn't work on Firefox Beta and NightlyIt used to work, but I now get the following result. uBlock origins is configured with default values and reports 0 blocked elements.
![2018-09-05-092923_962x555_scrot](/uploads/a9ea27e8ee4c65ec37488f53e4aaed5e/2018-09-05-092923_962x555...It used to work, but I now get the following result. uBlock origins is configured with default values and reports 0 blocked elements.
![2018-09-05-092923_962x555_scrot](/uploads/a9ea27e8ee4c65ec37488f53e4aaed5e/2018-09-05-092923_962x555_scrot.png)
![2018-09-05-092846_918x430_scrot](/uploads/e0470b55732985756b19a022d360e157/2018-09-05-092846_918x430_scrot.png)v2.0.8https://git.synz.io/Synzvato/decentraleyes/-/issues/283XHR requests fail due to missing headers2018-06-16T00:17:14ZRonan JouchetXHR requests fail due to missing headersTested on Firefox Nightly 62.0a1 (2018-05-26) with a new profile and only Decentraleyes 2.0.3
### Scenario
Open https://www.airtransat.com/ (will add location-based query parameters)
### Expected
Site is functional and looks like thi...Tested on Firefox Nightly 62.0a1 (2018-05-26) with a new profile and only Decentraleyes 2.0.3
### Scenario
Open https://www.airtransat.com/ (will add location-based query parameters)
### Expected
Site is functional and looks like this:
![airtransat-1-nodecentraleyes](/uploads/b559337841e5ab3517b80324c42fe28e/40578613-d2802f94-60e4-11e8-854f-e6af3397932d.png)
### Actual
Site is broken:
- Buttons, hamburger menu don't work
- Some content fails to load:
![airtransat-2-decentraleyes](/uploads/473a723c0d43747ec40c514889bb8321/40578618-f7195e02-60e4-11e8-8b88-82af53ee82bb.png)
### Injected resources (copied from Decentraleyes panel)
- airtransat.com
- 3CDNJS (Cloudflare)
- jQuery UI v1.11.2
- jQuery v1.11.1
- Modernizr v2.8.2
### Browser console logs for Decentraleyes and airtransat.com
```
unreachable code after return statement _Incapsula_Resource:1:33406
unreachable code after return statement _Incapsula_Resource:1:38669
unreachable code after return statement _Incapsula_Resource:1:38669
unreachable code after return statement _Incapsula_Resource:1:32568
unreachable code after return statement _Incapsula_Resource:1:37240
unreachable code after return statement _Incapsula_Resource:1:37240
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.2/modernizr.min.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js. (Reason: CORS request did not succeed).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js. (Reason: CORS request did not succeed).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.2/modernizr.min.js. (Reason: CORS request did not succeed).
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
The resource at “https://www.googletagservices.com/tag/js/gpt.js” was blocked because tracking protection is enabled.[Learn More] www.airtransat.com
The resource at “https://www.googletagmanager.com/gtm.js?id=GTM-TRRZL6” was blocked because tracking protection is enabled.[Learn More] www.airtransat.com
Loading failed for the <script> with source “https://www.googletagmanager.com/gtm.js?id=GTM-TRRZL6”. www.airtransat.com:1
The resource at “https://www.googletagservices.com/tag/js/gpt.js” was blocked because tracking protection is enabled.[Learn More] www.airtransat.com
Loading failed for the <script> with source “https://www.googletagservices.com/tag/js/gpt.js”. www.airtransat.com:101
unreachable code after return statement _Incapsula_Resource:1:36991
unreachable code after return statement _Incapsula_Resource:1:35966
unreachable code after return statement _Incapsula_Resource:1:38064
unreachable code after return statement _Incapsula_Resource:1:38064
```v2.0.4https://git.synz.io/Synzvato/decentraleyes/-/issues/253Injection badge re-appears on add-on reload2018-06-07T13:20:49ZGhost UserInjection badge re-appears on add-on reload*Created by: 10bass*
This very well may be a strange Vivaldi issue (webextension settings load issue that uBlock/ScriptSafe/Tampermonkey don't run into) so of course feel free to close, but it's worth asking about.
Browser: Vivaldi 1...*Created by: 10bass*
This very well may be a strange Vivaldi issue (webextension settings load issue that uBlock/ScriptSafe/Tampermonkey don't run into) so of course feel free to close, but it's worth asking about.
Browser: Vivaldi 1.14.1077.50 (current stable, Chromium 64.0.3282.170 base)
Issue: Injection count is still displayed when "Display injection counts on icon" is unchecked in options.
Expected behavior: no icon
Current behavior: counter is displayed unless I go into the options, and check then un-check the option. Behaves as expected until the browser is re-launched. Occurs on multiple PCs, with multiple (past) stable versions of Vivaldi.v2.0.3https://git.synz.io/Synzvato/decentraleyes/-/issues/227Metadata stripping re-activates on add-on reload2018-06-07T13:20:49ZGhost UserMetadata stripping re-activates on add-on reload*Created by: wiredrunner*
I have everything unchecked (Chrome) but 'Display Injection Counts on Icon' on 2.0 and still get
"Warning:
This extension failed to modify the request header "Referer" of a network request because the modi...*Created by: wiredrunner*
I have everything unchecked (Chrome) but 'Display Injection Counts on Icon' on 2.0 and still get
"Warning:
This extension failed to modify the request header "Referer" of a network request because the modification conflicted with another extension (uMatrix)."
Sometimes the error shows on the UMatrix extension. If Decentraleyes hid the referrer on all requests as opposed to just cdn requests I'd just disable the option on UMatrix. I'm going to try a couple of referrer extensions and see if the error continues.v2.0.1https://git.synz.io/Synzvato/decentraleyes/-/issues/214Options button broken in private browsing mode2018-06-15T00:26:18ZGhost UserOptions button broken in private browsing mode*Created by: hfr-hfr*
When in Firefox's "private mode", toolbar widget is clickable and opens its info window, but:
- "Options" not clickable
- Doesn't show the emulated CDN, although counter indicates action
![31767915-4f294c52-b4cd-1...*Created by: hfr-hfr*
When in Firefox's "private mode", toolbar widget is clickable and opens its info window, but:
- "Options" not clickable
- Doesn't show the emulated CDN, although counter indicates action
![31767915-4f294c52-b4cd-11e7-93a6-f2053c8bc170](/uploads/f5ab70235df5989eb77ba88ec72f6815/31767915-4f294c52-b4cd-11e7-93a6-f2053c8bc170.png)
When in Firefox's "normal mode", the above works as intended. v2.0.1https://git.synz.io/Synzvato/decentraleyes/-/issues/202Popup panel exceeds maximum container width2018-06-15T00:32:55ZGhost UserPopup panel exceeds maximum container width*Created by: jomo*
I'm not sure if this is a bug in Firefox or in Decentraleyes. When the extension icon is moved into the "More tools…" menu in Firefox 57, the popup is cut off at the side, see screenshot:
![30941686-fbac4792-a3e6-11e...*Created by: jomo*
I'm not sure if this is a bug in Firefox or in Decentraleyes. When the extension icon is moved into the "More tools…" menu in Firefox 57, the popup is cut off at the side, see screenshot:
![30941686-fbac4792-a3e6-11e7-8fb7-4ce934ea174a](/uploads/6f11cc7e09ccd70cb320d54b0b8cee5b/30941686-fbac4792-a3e6-11e7-8fb7-4ce934ea174a.png)
This is happening because the menu opens with a certain width and doesn't resize when it switches its content to that of the extension popup.
Is Firefox supposed to resize the popup, is the extension supposed to do that on its own, or is the extension supposed to support the smaller width?https://git.synz.io/Synzvato/decentraleyes/-/issues/192Shorthand URL notations cause page freezes2018-06-07T13:20:49Zjingyu9575Shorthand URL notations cause page freezesDecentraleyes 2.0.0beta1 WebExtension on Firefox Nightly 2017-08-29.
If the CDN resource does not have explicit URL scheme (e.g. `<script src="//code.jquery.com/jquery.min.js"></script>`), the page freezes.
Example: https://jsfiddle.ne...Decentraleyes 2.0.0beta1 WebExtension on Firefox Nightly 2017-08-29.
If the CDN resource does not have explicit URL scheme (e.g. `<script src="//code.jquery.com/jquery.min.js"></script>`), the page freezes.
Example: https://jsfiddle.net/xm1tza0d/3/ and https://xuhaiyang1234.gitlab.io/AAK-Cont/
v2.0.0beta2https://git.synz.io/Synzvato/decentraleyes/-/issues/189Legacy extension breaks the Zomato website2018-06-16T00:16:46ZGhost UserLegacy extension breaks the Zomato website*Created by: savyajha*
Decentraleyes being enabled breaks the loading of certain images on zomato.com
**How it should be:**
![screenshot-2017-8-27 restaurants - chandigarh restaurants restaurants in chandigarh zomato india 1](/uploads...*Created by: savyajha*
Decentraleyes being enabled breaks the loading of certain images on zomato.com
**How it should be:**
![screenshot-2017-8-27 restaurants - chandigarh restaurants restaurants in chandigarh zomato india 1](/uploads/41e5c34dfbf895716758bd4fb1bf4204/29753198-9115193e-8b5b-11e7-8918-45cb6637a51b.png)
**How it actually is:**
![screenshot-2017-8-27 restaurants - chandigarh restaurants restaurants in chandigarh zomato india](/uploads/29502d1f615da223dd48d242c7e57230/29753211-ae630b04-8b5b-11e7-9a4f-d382043a674e.png)
I've tested this with a fresh profile with nothing but decentraleyes installed. Disabling it causes the images to load, as in the first screenshot, and enabling it causes the images to not load, as in the second one. Seeing that the site is all about finding and reviewing restaurants, the lack of images is quite a blow to usability.https://git.synz.io/Synzvato/decentraleyes/-/issues/188Network prediction features cause request leakage2018-06-15T00:20:07ZThomas RientjesNetwork prediction features cause request leakageFirst off, many thanks to @Bisaloo for testing ```beta1``` of the ```WebExtension``` under uncommon conditions, and for finding and reporting this issue. It's great to see that the beta is being thoroughly tested!
#### Currently affec...First off, many thanks to @Bisaloo for testing ```beta1``` of the ```WebExtension``` under uncommon conditions, and for finding and reporting this issue. It's great to see that the beta is being thoroughly tested!
#### Currently affected users
This issue affects _early adopters_ of the _beta_ for Firefox who have network prediction set to enabled, and are _not_ using content blockers _(e.g. uBlock Origin)_ that automatically disable this feature by default.
#### General problem description
Despite the fact that Decentraleyes properly redirects requests away from large CDNs, some settings cause browsers to attempt to predict your network traffic, and send requests out before noticing that the request is not supposed to occur. This feature can cause unnecessary request leakage.
#### Resolving the issue
You can fix the issue by rebuilding, and reinstalling Decentraleyes from the very latest commit inside of the ```master``` branch (7d21a1ed924517c3041925da2a82d90a078983fc). The upcoming, packaged, release of ```beta1``` will ship with the fix.https://git.synz.io/Synzvato/decentraleyes/-/issues/187Tainting mechanism is unable to retrieve host2018-07-09T11:01:23ZGhost UserTainting mechanism is unable to retrieve host*Created by: beerisgood*
When i visit https://www.virustotal.com and have HTML5 storage disabled i get that in error console:
`Fehler: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host]
Quel...*Created by: beerisgood*
When i visit https://www.virustotal.com and have HTML5 storage disabled i get that in error console:
`Fehler: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host]
Quelldatei: resource://gre/modules/commonjs/toolkit/loader.js -> resource://jid1-bofifl9vbdl2zq-at-jetpa ... watcher.js
Zeile: 108`
I use Decentraleyes 1.3.7-palemoon with Pale Moon 27.4.2 x64v1.4.1https://git.synz.io/Synzvato/decentraleyes/-/issues/155Experimental web platform features break cdnjs.com2018-06-12T17:08:32ZGhost UserExperimental web platform features break cdnjs.com*Created by: publicarray*
**Edit:** I'm using chrome canary (59.0.3053.3) It seems the problem is not in latest stable so it could be a bug in chrome...
The search is broken and it is impossible to copy the code snippets from say https...*Created by: publicarray*
**Edit:** I'm using chrome canary (59.0.3053.3) It seems the problem is not in latest stable so it could be a bug in chrome...
The search is broken and it is impossible to copy the code snippets from say https://cdnjs.com/libraries/jquery. usually there is a button on hover.
I think it has to do with the CSP blocking jquery.
![js console](/uploads/09a241dde30ff9e3d20758a66894ca56/3480df1e-13b5-11e7-81d8-38afc61379c0.png)
I tried adding `cdnjs.com` to the whitelist but it did not help.
![settings](/uploads/d75de26e7cc0ecbb7e2c6e68cf104f0d/77dde5cc-13b5-11e7-83a0-23b1d8c1c2dc.png)https://git.synz.io/Synzvato/decentraleyes/-/issues/152The cog icon is missing on some machines2018-06-07T13:20:52ZGhost UserThe cog icon is missing on some machines*Created by: war59312*
Hi,
Chrome Version 58.0.3029.13 dev (64-bit), the Popup shows Options button as:
``
Whoops!
Thanks,
Will*Created by: war59312*
Hi,
Chrome Version 58.0.3029.13 dev (64-bit), the Popup shows Options button as:
``
Whoops!
Thanks,
Willhttps://git.synz.io/Synzvato/decentraleyes/-/issues/130Decentraleyes facilitates specific CSP bypasses2018-06-07T13:20:51ZGhost UserDecentraleyes facilitates specific CSP bypasses*Created by: Rob--W*
The Decentraleyes add-on bundles old and known-vulnerable versions of JavaScript libraries, which can be loaded even if the page has blocked external resource loads through the CSP. As a result, the CSP becomes less...*Created by: Rob--W*
The Decentraleyes add-on bundles old and known-vulnerable versions of JavaScript libraries, which can be loaded even if the page has blocked external resource loads through the CSP. As a result, the CSP becomes less effective as a defense to XSS.
Proof of concept:
1. Install Decentraleyes from AMO (version 1.3.5) (tested with Firefox 49 and Firefox 52).
2. Visit https://robwu.nl/s/csp-decentraleyes.html
The page has `Content-Security-Policy: default-src 'none'; script-src 'nonce-inline-script-for-self-contained-poc'`, which is the strongest possible form of CSP: except from scripts that are marked with the given nonce, no other resource should load.
3. The page attempts to load a script from the Decentraleyes add-on (e.g. jQuery) and then attempts to verify that the script load succeeded by calling appending "Failed" to the document. If the library failed to load, "Maybe no fail" is appended.
Expected:
- "Maybe no fail" - indicating that the CSP is not bypassed (or the add-on is not installed).
Actual:
- "Failed" - indicating that the presence of the add-on allowed the web page to bypass the CSP.v1.3.6https://git.synz.io/Synzvato/decentraleyes/-/issues/16Specific script element attributes prevent injections2023-08-01T19:37:06ZGhost UserSpecific script element attributes prevent injections*Created by: coloco21*
I have found that this extension broke the Google Play Store (http://play.google.com/) for me. It doesn't show the menu on the left, the search bar doesn't work, and clicking on install on an app's page doesn't wo...*Created by: coloco21*
I have found that this extension broke the Google Play Store (http://play.google.com/) for me. It doesn't show the menu on the left, the search bar doesn't work, and clicking on install on an app's page doesn't work either. Seems like a JS script is broken, but I don't have time to figure out which one.
Deactivating the extension fixes the problem as expected.
https://git.synz.io/Synzvato/decentraleyes/-/issues/9Shorthand resource notations break some websites2018-06-07T13:20:54ZThomas RientjesShorthand resource notations break some websitesSome expressions for shorthand notations of resource paths like (e.g. "/jquery.min.js" on jQuery CDN that points to v1.11.1) are not strict enough. This, in rare cases, causes Decentraleyes to inject the wrong resource into a page and th...Some expressions for shorthand notations of resource paths like (e.g. "/jquery.min.js" on jQuery CDN that points to v1.11.1) are not strict enough. This, in rare cases, causes Decentraleyes to inject the wrong resource into a page and this can lead to page breakage.
Oracle Java Magazine refuses to load after Decentraleyes injects jQuery v1.11.1 into a response that should contain jQuery Migrate v1.2.1. Causing the page below to break:
http://oraclejavamagazine-digital.com/javamagazine/november_december_2015
v1.2.0