-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Website tries to pull content from a parked domain #19
Comments
Hi @hyperlogos, Thanks so much for making me aware of the Salshdot thread. That's very much appreciated. I have also removed the link where you reference I have tried debugging the issue and can't seem to replicate. Would you be able to supply the browser and operating system you're using so I can try to replicate. A couple of screenshots could also be useful? I have filtered all local traffic by Thanks so much for your ongoing help and support. |
I failed to replicate the chrt.fm thing, I may have enabled scripts in a
different sequence or similar but I've tried several different orders and
it's not repeating. I did get the firefox popup about drm the second time
though -- it didn't appear to me the first time. (I usually have that
turned on; I'm not sure why I didn't this time, but that's clearly not lf's
fault.) Screenshot attached.
…On Sun, Jun 26, 2022 at 9:53 AM James McLeod ***@***.***> wrote:
Hi @hyperlogos <https://github.com/hyperlogos>,
Thanks so much for making me aware of the Salshdot thread. That's very
much appreciated. I have also removed the link where you reference
www.chrt.fm in the issue above to stop accidental followers clicking
through.
I have tried debugging the issue and can't seem to replicate. Would you be
able to supply the browser and operating system you're using so I can try
to replicate. A couple of screenshots could also be useful?
I have filtered all local traffic by chrt.fm but I don't seem to be led
to that domain. I'm also not being asked to enable DRM.
Thanks so much for your ongoing help and support.
@mcleo-d <https://github.com/mcleo-d>
—
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALBVQSMO7YLNRLB5AOYWEPDVRCDHHANCNFSM5Z4AW5MQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hi @hyperlogos, Thank you for verifying that you’re using Also, thank you for confirming you’re unable to replicate the original issue. That’s super helpful and allows me to prioritise my time. Let me work on this and I’ll be back in contact soon 👍🏻 |
James and Hyperlogos - The tracking link is coming from a third party integration. I have completely removed it from the platform we are using to serve the podcasts based upon your observations. There's no way I want that to be happening. Sincerely, thanks for the feedback. Let us know if you run across anything else. Regards -- Mark |
Thank you @SeniorStoryteller. I’ll allow @hyperlogos to retest before closing this issue as resolved. |
Hi @hyperlogos, This is to confirm that I've been able to replicate your issue and am working on providing a solution. |
Hi @hyperlogos 👋🏻 I hope you're well and apologies for the length of time getting back to you. In order to close this issue, I have been experimenting with ways to play podcasts from GitHub that use MP3s and open source React components alongside the Spotify player. Unfortunately, solving the Firefox warnings are outside my reach. I have raised the following experimental PR on my fork here ... mcleo-d#7 ... which can be seen rendered in the following preview URL ... https://deploy-preview-7--tranquil-unicorn-09671c.netlify.app/docs/podcasts/openssf-project It would be great to get your feedback on this approach on my fork mcleo-d#7 so I can close this issue and move forward with you in a development capacity with @SeniorStoryteller. Thanks so much for your input and help. James. |
I heard from someone on Slashdot that when they visited your page they were told that they had to enable DRM to play your podcast, because you chose to store it on Spotify. So I went to the page to see what would happen if I tried to play the content. As it turns out, it simply begins to demand more content from other sites, among them
chrt.fm
. I went towww.chrt.fm
to see what it was and it turns out that it is a parked domain. Your page is trying to load content from a parked domain when people try to play the audio. And then it turns out that the content won't play if you don't enable scripts from sentry.io, what is that? Turns out it's a tracker. So in summary, in order to play this Linux podcast, you have to enable DRM, you have to be tracked by a third party, and you have to risk your browser being compromised by scripts pulled in from a foreign domain that could be purchased by a malicious attacker.Do you even Linux?
The text was updated successfully, but these errors were encountered: