I just noticed in ublock origin and the privacy badger that the login page at
This is IMHO a bad idea, especially for the login page as this allows googletagmanager to get all Fedora FAS passwords if they want to.
I totally agree that this is a terrible idea.
However, I am unable to find where this is being used/called.
The only places with scripts are:
In the upstream theme, the same persona scripts and local patternfly/jquery references in the index and admin master pages.
Also, when I force browsers to clear their cache and check all network requests, everything is to id.fedoraproject.org except for fedora-bootstrap-min.css, which comes from apps.fedoraproject.org, as expected.
Grepping the entire themes directories for "google" did not result in anything.
Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
- Issue priority set to: High
- Issue tagged with: authentication
I am very sorry for the noise. Somehow I installed ublock adblock plus instead of ublock origin. Ublock adblock plus seems to add the googletagmanager code to the login page. Not sure why it does add this to (some) webpages.
Metadata Update from @till:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)
to comment on this ticket.