Mapbox-gl-js: Ghostery request modification

Created on 23 Oct 2019  路  10Comments  路  Source: mapbox/mapbox-gl-js

Hi, the latest version of Ghostery appears to be modifying the request to mapbox and replacing the access token with ghostery.

I tried adding the content security policy as per the docs but this has no impact.

While I can disable ghostery on my browser, I can't ask the users of my site to do the same. Is there any way around this?

Replacing the access token results in a 401 and the map doesn't get displayed at all.

Thanks!

needs information
Source
picture peeves6
🎉1

Most helpful comment

We've added the Mapbox access_token to our anti-tracking whitelist. If you're still running into problems, please open an issue and let us know. ghostery/ghostery-extension

picture christophertino on 10 Apr 2020
4 👍2

All 10 comments

Hi @peeves6, I'm unable to replicate this with Chrome, the gl-js example pages and the latest version of Ghostery.

Could you provide more details, including the Ghostery settings you might be using

arindam1993 picture arindam1993 on 23 Oct 2019

Hi @arindam1993 ,

Please see https://indiamaoisttracker.com

This is an issue only with Ghostery on Firefox. On Chrome, with Ghostery, I have no issues. I'm using the default settings - I have attached the exported settings blob - but they are basically:
block_by_default":false,"
enable_ad_block":true,"
enable_anti_tracking":true,"
enable_smart_block":true,"

When I access the site, the Mapbox request is changed to:
https://api.mapbox.com/styles/v1/{user}/{styles}?access_token=ghostery

If I mark the site as trusted in ghostery, then all works fine.

I don't know how to get it to stop modifying the URL. I thought the CSP would address it but that doesn't seem to be the case.

Thanks

peeves6 picture peeves6 on 24 Oct 2019
👍2 😕1

Closing because there is nothing actionable in mapbox-gl-js for this issue. The access token is not tracking the user's behavior in any way, it is used to allow access to mapbox-hosted resources.
It would need to be resolved with Ghostery - either by white listing mapbox domain or changing it's configuration some other way.

asheemmamoowala picture asheemmamoowala on 24 Oct 2019

I am also having this problem in Firefox. While I understand it's not a mapbox issue per se, I think it would be cool if Mapbox could contact Ghostery and ask them to whitelist their service.

akmur picture akmur on 7 Nov 2019
👍4

I see the same issue with the Chrome Ghostery add-on. Already trusted the site, but this doesn't help. With Ghostery add-on disabled and in another browser all works well.

liefra picture liefra on 27 Dec 2019
👍2

Same problem in Chrome, but for me trusting the website does work. It's annoying though that users have to do this manually and first have to find about what's actually causing this problem.

DJAxel picture DJAxel on 1 Mar 2020

I'm having the same issue with ghostery replacing the mapbox access_token in the URL requests for static maps. I'm using Chrome and the ghostery Chrome extension.

lukeb picture lukeb on 18 Mar 2020

I've got this issue as well. The access_token gets replaced with Ghostery.
https://api.mapbox.com/styles/v1/mapbox/light-v10?access_token=ghostery

The weird thing is that it doesn't happen on jsfiddle mapbox examples for instance. Even though Ghostery is running there as well.

jeroenbraspenning picture jeroenbraspenning on 2 Apr 2020

We've added the Mapbox access_token to our anti-tracking whitelist. If you're still running into problems, please open an issue and let us know. ghostery/ghostery-extension

christophertino picture christophertino on 10 Apr 2020
4 👍2

Thank you for fixing this @christophertino!

asheemmamoowala picture asheemmamoowala on 10 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jfirebaugh picture jfirebaugh  路  3Comments
bgentry picture bgentry  路  3Comments
muesliq picture muesliq  路  3Comments
aendrew picture aendrew  路  3Comments
foundryspatial-duncan picture foundryspatial-duncan  路  3Comments