Do Not Track API not working in Creators Edition

Confirmed Issue #12396402 • Assigned to Robin R.

Details

Author
Mike O.
Created
Jun 20, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
15.15063
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

As reported in Issue #11017039 the storeSiteSpecificTrackingException call is not working.

After making the call the DNT header value is now set to “0” for subsequent requests to the server for the document origin, fixing part of Issue #7834877 reported in May 2016, requests to other origins such as subresources of the document or XHRs sent to other origins in the context of the document origin still have DNT set to "1". This makes the API entirely useless for its purpose.

This works on IE and did work in Edge till May 2016.

We have a test page at https://baycloud.com/dntapi which shows this not working. Clicking on the First Party image then refreshing the page you can see that DNT is set to 0 for the First Party, but not the 2 Third Parties which display the value of DNT retuned in an XHR to a resource that echoes the DNT header in a JSON response.

Attachments

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Steven K.”

  • Hi Mike,

    I read a bit about the DNT API and the "Tracking Preferences Expression (DNT)" recommendation.  I have also reviewed the two other bug reports in the DNT area that you have submitted:

    1. Do Not Track JS API on Edge (XHRs not working <-- paraphrasing)
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/11017039/
    1. DNT Consent API not working in Edge
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7834877/

    However, I need a little help making sure I understand the current status as you see it and getting a simplified repro working.

    The current status is that there is an issue caused by making an XHR exemption request?  Specifically that

    after attempting to add an exemption via an XHR that the DNT header is set to “0” for subsequent document origin requests

    AND

    XHR requests for subresources will now have the DNT header set to "1"?

    Do the subsequent requests have to be XHR requests to see this erroneous behaviour?  Less important but curious if you noticed, whether it mattered if the exemption request URL was for the specific subresource that is later requested via an XHR?

    I am attaching screenshots for my testing using the link you provided in both chrome and Edge in a very recent developer build of Windows 10/Edge.  I did have the DNT set for Edge and chrome before starting the testing.  Perhaps this test can be simplified a little more?  Open to your suggestions.

    Appreciate the help with this and especially for something that could provide site owners help meeting GDPR requirements and improve privacy in general.

    Steve

  • Hi Steve,

    If you use https://baycloud.com/dntapi in IE ,(make sure DNT is sent), then clicking the big DNT button on the left then refreshing the page shows that DNT: 0 is sent to the top level page and all the third-parties, including the XHRs to domain1 and domain2.

    If you do it on Edge (again make sure DNT is being sent first), after clicking the big button the top level receives DNT:0 correctly, and some of the third-parties (see attached screenshots) but not the XHRs and some other of the third-parties. I cannot see the pattern about which third-party gets DNT:0, but they all should, as should any XHR sent from the page, and none do.

    As I said this used to work in Edge until May last year. It still works in IE.

    We implemented the API as we think it should be done as a Browser extension for Chrome and Firefox.

    You can download it to Chrome from https://baycloud.com/bouncerDownload

    We have an Edge one but its not released yet.

    You can exercises the API fully from https://baycloud.com/api/test

  • Hi Mike,

    I reviewed this again and in 17134.112, I only see the DNT=’1’ being sent, even if I click the images.  The is the same behavior in Chrome.  I also see some CSP errors in the console.  Is this still an issue?  If so, will you verify your repro URL is still working with the latest CSP requirements?

    Appreciate the help,

    Steve

  • Hi Steven,
    This is how to reproduce the issue on Edge

    1. in Advanced settings, make sure " Send Do Not Track requests" is “On”
    2. Close the browser and reopen it (this is important! Otherwise DNT API does not work at all)
    3. Load https://baycloud.com/dntapi
    4. Click the big DNT button
    5. Refresh the page (important! this is required by the Edge DNT API implementation)
    6. Only the big button shows DNT:0. This is because XHRs are still being sent with DNT:1, even though the API asked for embedded sub-resources to receive DNT:0.
      The IE implementation works though. To show it:
    7. in Internet Options, make sure " Send Do Not Track requests to sites you visit in Internet Explorer"" checkbox is checked.
    8. Close the browser and reopen it (this is important! Otherwise DNT API does not work at all)
    9. Load https://baycloud.com/dntapi
    10. Click the big DNT button
    11. Refresh the page (important! this is required by the implementation)
    12. All the buttons show DNT:0. This is because XHR are being sent with DNT:0, which is correct.

    Chrome does not support the DNT API at all. But you can get it working on Chrome if you load our Chrome Extension https://baycloud.com/bouncerDownload, which implements the full DNT API on Chrome.
    When you load https://baycloud.com/dntapi now the buttons work immediately, i.e. it does not require a refresh.

    I will upload some screenshots now showing the difference between Edge and IE.

  • I have uploaded the following screenshots.

    1. edgesettings.png - showing the DNT setting in Edge
    2. edgeafterrefresh.png - showing DNT:0 for first-party but DNT:1 for third-parties (XHR sent with wrong value for DNT header).
    3. iesettings.png - showing Internet Options DNT setting
    4. ieafterrefresh.png - showing (after clicking the button and refreshing the page) DNT:0 being sent to all parties.
  • I am glad I asked.  I was wondering if I had run the testing properly because my attempt to re-run the testing only showed the DNT=1 being sent.  However, I thought I had originally seen the images switch.

    I will test again and let you know.

  • Hi Mike,

    I was able to repro this in 17134.112.  I was not refreshing the browser after clicking the big DNT image.  Appreciate the help with this and apologize for the delay.

    Steve

  • Microsoft Edge Team

    Changed Assigned To to “Venkat K.”

    Changed Status to “Confirmed”

    Changed Assigned To from “Venkat K.” to “Scott W.”

    Changed Status from “Confirmed”

    Changed Status to “Confirmed”

    Changed Status from “Confirmed” to “In progress”

    Changed Assigned To from “Scott W.” to “Andrew L.”

    Changed Status from “In progress”

    Changed Assigned To from “Andrew L.” to “Robin R.”

    Changed Status to “Confirmed”

  • Is it possible to get an update on this, e.g. when it is likely to be fixed? We have customers who want to know.
    Thanks,

  • We have had to disable the DNT API for our customers’ site visitors with Edge, any idea when we could expect a fix? Thanks

You need to sign in to your Microsoft account to add a comment.

Sign in