#6058 ipsilon/fedora login page includes javascript from googletagmanager.com

Created 7 months ago by till
Modified 7 months ago

I just noticed in ublock origin and the privacy badger that the login page at
https://id.fedoraproject.org/
includes javascript code from https://www.googletagmanager.com/gtm.js?id=GTM-KHM7SWW

This is IMHO a bad idea, especially for the login page as this allows googletagmanager to get all Fedora FAS passwords if they want to.

I totally agree that this is a terrible idea.
However, I am unable to find where this is being used/called.

The only places with scripts are:
in the Fedora theme, in persona/provision and persona/signin_result, inclusions of the persona javascript.
In the upstream theme, the same persona scripts and local patternfly/jquery references in the index and admin master pages.

Also, when I force browsers to clear their cache and check all network requests, everything is to id.fedoraproject.org except for fedora-bootstrap-min.css, which comes from apps.fedoraproject.org, as expected.

Grepping the entire themes directories for "google" did not result in anything.

Could you please let me know which part of the HTML includes references to the Google tag manager or javascript?

7 months ago

Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
- Issue priority set to: High
- Issue tagged with: authentication

I am very sorry for the noise. Somehow I installed ublock adblock plus instead of ublock origin. Ublock adblock plus seems to add the googletagmanager code to the login page. Not sure why it does add this to (some) webpages.

7 months ago

Metadata Update from @till:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

Login to comment on this ticket.