#6058 ipsilon/fedora login page includes javascript from googletagmanager.com
Closed: Invalid 6 years ago Opened 6 years ago by till.

I just noticed in ublock origin and the privacy badger that the login page at
https://id.fedoraproject.org/
includes javascript code from https://www.googletagmanager.com/gtm.js?id=GTM-KHM7SWW

This is IMHO a bad idea, especially for the login page as this allows googletagmanager to get all Fedora FAS passwords if they want to.


I totally agree that this is a terrible idea.
However, I am unable to find where this is being used/called.

The only places with scripts are:
in the Fedora theme, in persona/provision and persona/signin_result, inclusions of the persona javascript.
In the upstream theme, the same persona scripts and local patternfly/jquery references in the index and admin master pages.

Also, when I force browsers to clear their cache and check all network requests, everything is to id.fedoraproject.org except for fedora-bootstrap-min.css, which comes from apps.fedoraproject.org, as expected.

Grepping the entire themes directories for "google" did not result in anything.

Could you please let me know which part of the HTML includes references to the Google tag manager or javascript?

Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
- Issue priority set to: High
- Issue tagged with: authentication

6 years ago

I am very sorry for the noise. Somehow I installed ublock adblock plus instead of ublock origin. Ublock adblock plus seems to add the googletagmanager code to the login page. Not sure why it does add this to (some) webpages.

Metadata Update from @till:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

6 years ago

Login to comment on this ticket.

Metadata