Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Website tries to pull content from a parked domain #19

Closed
hyperlogos opened this issue Jun 26, 2022 · 7 comments
Closed

Website tries to pull content from a parked domain #19

hyperlogos opened this issue Jun 26, 2022 · 7 comments
Assignees
Labels
bug Something isn't working

Comments

@hyperlogos
Copy link

hyperlogos commented Jun 26, 2022

I heard from someone on Slashdot that when they visited your page they were told that they had to enable DRM to play your podcast, because you chose to store it on Spotify. So I went to the page to see what would happen if I tried to play the content. As it turns out, it simply begins to demand more content from other sites, among them chrt.fm. I went to www.chrt.fm to see what it was and it turns out that it is a parked domain. Your page is trying to load content from a parked domain when people try to play the audio. And then it turns out that the content won't play if you don't enable scripts from sentry.io, what is that? Turns out it's a tracker. So in summary, in order to play this Linux podcast, you have to enable DRM, you have to be tracked by a third party, and you have to risk your browser being compromised by scripts pulled in from a foreign domain that could be purchased by a malicious attacker.

Do you even Linux?

@mcleo-d mcleo-d self-assigned this Jun 26, 2022
@mcleo-d
Copy link

mcleo-d commented Jun 26, 2022

Hi @hyperlogos,

Thanks so much for making me aware of the Salshdot thread. That's very much appreciated. I have also removed the link where you reference www.chrt.fm in the issue above to stop accidental followers clicking through.

I have tried debugging the issue and can't seem to replicate. Would you be able to supply the browser and operating system you're using so I can try to replicate. A couple of screenshots could also be useful?

I have filtered all local traffic by chrt.fm but I don't seem to be led to that domain. I'm also not being asked to enable DRM.

Thanks so much for your ongoing help and support.

@mcleo-d

@mcleo-d mcleo-d added bug Something isn't working in-progress Work item in progress labels Jun 26, 2022
@hyperlogos
Copy link
Author

hyperlogos commented Jun 26, 2022 via email

@mcleo-d
Copy link

mcleo-d commented Jun 26, 2022

Hi @hyperlogos,

Thank you for verifying that you’re using Firefox. I will try and replicate the DRM request shortly.

Also, thank you for confirming you’re unable to replicate the original issue. That’s super helpful and allows me to prioritise my time.

Let me work on this and I’ll be back in contact soon 👍🏻

@mcleo-d.

@SeniorStoryteller
Copy link
Contributor

James and Hyperlogos - The tracking link is coming from a third party integration. I have completely removed it from the platform we are using to serve the podcasts based upon your observations. There's no way I want that to be happening. Sincerely, thanks for the feedback. Let us know if you run across anything else. Regards -- Mark

@mcleo-d
Copy link

mcleo-d commented Jun 26, 2022

Thank you @SeniorStoryteller. I’ll allow @hyperlogos to retest before closing this issue as resolved.

@mcleo-d
Copy link

mcleo-d commented Jun 27, 2022

Hi @hyperlogos,

This is to confirm that I've been able to replicate your issue and am working on providing a solution.

cc @SeniorStoryteller

Screenshot 2022-06-27 at 09 12 29

@mcleo-d
Copy link

mcleo-d commented Aug 8, 2022

Hi @hyperlogos 👋🏻

I hope you're well and apologies for the length of time getting back to you.

In order to close this issue, I have been experimenting with ways to play podcasts from GitHub that use MP3s and open source React components alongside the Spotify player. Unfortunately, solving the Firefox warnings are outside my reach.

I have raised the following experimental PR on my fork here ... mcleo-d#7 ... which can be seen rendered in the following preview URL ... https://deploy-preview-7--tranquil-unicorn-09671c.netlify.app/docs/podcasts/openssf-project

It would be great to get your feedback on this approach on my fork mcleo-d#7 so I can close this issue and move forward with you in a development capacity with @SeniorStoryteller.

Thanks so much for your input and help.

James.

@mcleo-d mcleo-d closed this as completed Aug 8, 2022
@mcleo-d mcleo-d removed the in-progress Work item in progress label Aug 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants