Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FTX widget causing requests to ftx.com at startup without user opt-in #20501

Closed
fmarier opened this issue Jan 14, 2022 · 1 comment · Fixed by brave/brave-core#11847
Closed

FTX widget causing requests to ftx.com at startup without user opt-in #20501

fmarier opened this issue Jan 14, 2022 · 1 comment · Fixed by brave/brave-core#11847
Labels
bug feature/widgets network/startup requests OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes regression release/blocking release-notes/include
Milestone
1.34.x - Release #2

Comments

@fmarier
Copy link
Member

fmarier commented Jan 14, 2022
edited
Loading

Steps to Reproduce

  1. Run browser through a proxy such as mitmproxy:
mitmproxy --mode socks5 --listen-port 9000
brave-browser-stable --user-data-dir=/home/francois/brave-temp-profile --proxy-server="socks5://localhost:9000"
  1. Create a new browser profile.
  2. Start the browser.
  3. Wait until the NTP has been shown.

Actual result:

Screenshot from 2022-01-13 17-21-26

Expected result:

No requests to ftx.com should occur unless the user has interacted / signed into the FTX widget.

Reproduces how often:

Always

Brave version (brave://version info)

Brave | 1.34.80 Chromium: 97.0.4692.71 (Official Build) (64-bit)
Revision | adefa7837d02a07a604c1e6eff0b3a09422ab88d-refs/branch-heads/4692@{#1247}
OS | Linux

Version/Channel Information:

  • Can you reproduce this issue with the current release? YES
  • Can you reproduce this issue with the beta channel? YES
  • Can you reproduce this issue with the nightly channel? YES
@fmarier fmarier changed the title FTX causing requests to ftx.com at startup without user opt-in FTX widget causing requests to ftx.com at startup without user opt-in Jan 14, 2022
@kjozwiak kjozwiak added this to the 1.34.x - Release #2 milestone Jan 14, 2022
@kjozwiak kjozwiak mentioned this issue Jan 14, 2022
Closed
@petemill petemill mentioned this issue Jan 14, 2022
Merged
25 tasks
@mariospr mariospr mentioned this issue Jan 14, 2022
Closed
mariospr added a commit to brave/brave-core that referenced this issue Jan 14, 2022
@mariospr
[network-audit] Add test coverage for the New Tab Page
87144bb 
As reported in brave/brave-browser#20501,
the NTP was making outbound requests to ftx.com at startup without
user opt-in, and the network-audit didn't catch that case because
it was NOT loading a NTP as part of the different checks it does
at BraveNetworkAuditTest.BasicTests.

This patch adds explicit test coverage for that case by loading
brave://newtab and waiting 5 minutes, like with the other checks.

Resolves brave/brave-browser#20504
@mariospr mariospr mentioned this issue Jan 14, 2022
Merged
25 tasks
This was referenced Jan 15, 2022
Merged
Merged
@stephendonner
Copy link

stephendonner commented Jan 20, 2022
edited by btlechowski
Loading

Verified PASSED using

Brave 1.34.81 Chromium: 97.0.4692.99 (Official Build) (x86_64)
Revision d740da257583289dbebd2eb37e8668928fac5ead-refs/branch-heads/4692@{#1461}
OS macOS Version 11.6.1 (Build 20G224)

Clean Install Cases

Verified the STR/Cases outlined via brave/brave-browser#20501 (comment) and ensured that there wasn't any outbound network connections when opening the NTP on a new profile. Example:

Screen Shot 2022-01-20 at 2 29 57 PM

Also ensured that none of the crypto widgets were visible on a new profile but were available via the following:

Customize dashboard -> Cards

Upgrade Case

Upgraded from 1.34.80 -> 1.34.81

  • added all crypto widgets in 1.34.80, upgraded, and ensured they were present and in the same order, in 1.34.81
1.34.80 1.34.81
Screen Shot 2022-01-20 at 2 35 27 PM Screen Shot 2022-01-20 at 2 38 13 PM
  • hid widgets and confirmed they were not re-enabled by default when upgrading, but were available also via Customize dashboard -> Cards

Verification PASSED on Win 11 x64 using the following build:

Brave | 1.34.81 Chromium: 97.0.4692.99 (Official Build) (64-bit)
-- | --
Revision | d740da257583289dbebd2eb37e8668928fac5ead-refs/branch-heads/4692@{#1461}
OS | Windows 11 Version 21H2 (Build 22000.434)

Clean Install Cases

Verified the STR/Cases outlined via #20501 (comment) and ensured that there wasn't any outbound network connections when opening the NTP on a new profile. Also ensured that there was no third party outbound connections that are not being proxies when launching Brave for the first time. Example:

First Launch Opening NTP
startupCalls ntp

Also ensured that none of the crypto widgets were visible on a new profile but were available via the following:

  • Customise dashboard -> Cards

Upgrade Cases

For the following cases, upgrade from 1.34.80 Chromium: 97.0.4692.71 --> 1.34.81 Chromium: 97.0.4692.99

  • ensured that crypto widgets are being displayed in the widget stack if a user has already enabled them
    • checked using Binance, FTX & Gemini
  • ensured that users stay authenticated after upgrading when the widget is active/visible under the widget stack
  • ensured that users stay authenticated after upgrading when the authenticated widget isn't active/visible in the widget stack
  • ensured that the correct order/active widget is maintained after upgrading
  • ensured that crypto widgets are not being removed from the widget stack and into Customise dashboard -> Cards when they've been enabled

Clean Install Cases

Verified the STR/Cases outlined via #20501 (comment) and ensured that there wasn't any outbound network connections when opening the NTP on a new profile. Also ensured that there was no third party outbound connections that are not being proxies when launching Brave for the first time. Example:

image

Also ensured that none of the crypto widgets were visible on a new profile but were available via the following:

  • Customise dashboard -> Cards

Upgrade Cases

For the following cases, upgrade from 1.34.80 Chromium: 97.0.4692.71 --> 1.34.81 Chromium: 97.0.4692.99

  • ensured that crypto widgets are being displayed in the widget stack if a user has already enabled them
    • checked using Binance, FTX
  • ensured that the correct order/active widget is maintained after upgrading
  • ensured that crypto widgets are not being removed from the widget stack and into Customise dashboard -> Cards when they've been enabled

@LaurenWags LaurenWags mentioned this issue Jan 21, 2022
Closed
@kjozwiak kjozwiak mentioned this issue Jan 27, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feature/widgets network/startup requests OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes regression release/blocking release-notes/include
Projects
None yet
Milestone
1.34.x - Release #2
Development

Successfully merging a pull request may close this issue.

New Tab Page WebUI - remove widget visibility migration brave/brave-core
7 participants
@fmarier @stephendonner @kjozwiak @rebron @srirambv @LaurenWags @btlechowski