Do Not Track API not working in Creators Edition

Issue #12396402 • Assigned to Steven K.

Details

Author
Mike O.
Created
Jun 20, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
15.15063
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

As reported in Issue #11017039 the storeSiteSpecificTrackingException call is not working.

After making the call the DNT header value is now set to “0” for subsequent requests to the server for the document origin, fixing part of Issue #7834877 reported in May 2016, requests to other origins such as subresources of the document or XHRs sent to other origins in the context of the document origin still have DNT set to "1". This makes the API entirely useless for its purpose.

This works on IE and did work in Edge till May 2016.

We have a test page at https://baycloud.com/dntapi which shows this not working. Clicking on the First Party image then refreshing the page you can see that DNT is set to 0 for the First Party, but not the 2 Third Parties which display the value of DNT retuned in an XHR to a resource that echoes the DNT header in a JSON response.

Attachments

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Steven K.”

  • Hi Mike,

    I read a bit about the DNT API and the "Tracking Preferences Expression (DNT)" recommendation.  I have also reviewed the two other bug reports in the DNT area that you have submitted:

    1. Do Not Track JS API on Edge (XHRs not working <-- paraphrasing)
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/11017039/
    1. DNT Consent API not working in Edge
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7834877/

    However, I need a little help making sure I understand the current status as you see it and getting a simplified repro working.

    The current status is that there is an issue caused by making an XHR exemption request?  Specifically that

    after attempting to add an exemption via an XHR that the DNT header is set to “0” for subsequent document origin requests

    AND

    XHR requests for subresources will now have the DNT header set to "1"?

    Do the subsequent requests have to be XHR requests to see this erroneous behaviour?  Less important but curious if you noticed, whether it mattered if the exemption request URL was for the specific subresource that is later requested via an XHR?

    I am attaching screenshots for my testing using the link you provided in both chrome and Edge in a very recent developer build of Windows 10/Edge.  I did have the DNT set for Edge and chrome before starting the testing.  Perhaps this test can be simplified a little more?  Open to your suggestions.

    Appreciate the help with this and especially for something that could provide site owners help meeting GDPR requirements and improve privacy in general.

    Steve

  • Hi Steve,

    If you use https://baycloud.com/dntapi in IE ,(make sure DNT is sent), then clicking the big DNT button on the left then refreshing the page shows that DNT: 0 is sent to the top level page and all the third-parties, including the XHRs to domain1 and domain2.

    If you do it on Edge (again make sure DNT is being sent first), after clicking the big button the top level receives DNT:0 correctly, and some of the third-parties (see attached screenshots) but not the XHRs and some other of the third-parties. I cannot see the pattern about which third-party gets DNT:0, but they all should, as should any XHR sent from the page, and none do.

    As I said this used to work in Edge until May last year. It still works in IE.

    We implemented the API as we think it should be done as a Browser extension for Chrome and Firefox.

    You can download it to Chrome from https://baycloud.com/bouncerDownload

    We have an Edge one but its not released yet.

    You can exercises the API fully from https://baycloud.com/api/test

You need to sign in to your Microsoft account to add a comment.

Sign in