Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Your organization blocked this file because it didn't meet a security policy" in Chrome #3004

Open
likethesky opened this issue Jul 24, 2024 · 8 comments

Comments

@likethesky
Copy link

I get "Your organization blocked this file because it didn't meet a security policy" when trying to download legitimate PDF forms from client.schwab.com ... After adding client.schwab.com to the excluded domains on Privacy Badger, the problem stopped.

@ghostwords
Copy link
Member

Hello and thanks for opening an issue!

Is this in Chrome? To clarify, which domain is the PDF hosted on, and what is the domain of the site you are on when this happens?

@ghostwords ghostwords changed the title Blocking downloads of forms at Schwab.com (specifically client.schwab.com) "Your organization blocked this file because it didn't meet a security policy" in Chrome Jul 25, 2024
@ghostwords ghostwords added MV3 Manifest V3-specific issue unable to reproduce labels Aug 1, 2024
@ghostwords
Copy link
Member

ghostwords commented Aug 1, 2024

This might be another Google's Manifest V3 bug where Declarative Net Request's definition of "thirdParty" is different from what extensions expect. Google's DNR defines the "thirdParty" filter with respect to the containing frame, while extensions like Privacy Badger expect the check to be made against the top-level document. This matters when a resource is loaded in a nested frame.

But I can't say for sure because I haven't yet been able to reproduce this issue.

@ghostwords ghostwords pinned this issue Sep 4, 2024
@ckuethe
Copy link

ckuethe commented Sep 9, 2024

I get the same error trying to download images from Google Voice conversations. Disabling PB on Google Voice allows me to save images.

PB 2024.07.17, Chrome 127 & 128 from Google DEB repo, Ubuntu 22.04LTS x86_64

@ghostwords
Copy link
Member

ghostwords commented Nov 24, 2024

We haven't gotten any "Your organization blocked this file because it didn't meet a security policy" reports in a while. We started getting reports after the Privacy Badger MV3 release to Chrome. The most recent report was from September 9th. Maybe this was (a DNR bug?) fixed in Chrome 129?

@ghostwords ghostwords closed this as not planned Won't fix, can't repro, duplicate, stale Nov 26, 2024
@ckuethe
Copy link

ckuethe commented Nov 26, 2024

@ghostwords I can still reproduce this with Google Voice, PB 2024.7.17, Chrome 131.0.6778.85, Ubuntu 22.04LTS x86_64 - I just sent a broken site report, if that helps.

@ghostwords ghostwords reopened this Nov 26, 2024
@ghostwords
Copy link
Member

@ckuethe Are you able to reproduce this issue in a new Chrome profile with Privacy Badger?

@ckuethe
Copy link

ckuethe commented Nov 27, 2024

No. For fun, I created a brand new user on my machine and ran chrome with only PB (default settings) installed. Google Voice attachments saved correctly.

I suppose I need to see if I can repro with my main PB settings copied to my test profile, and possibly seeing which other extension might be interacting.

@ghostwords
Copy link
Member

That is very helpful, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants