Maps tiles of https://www.gouvernement.fr/info-coronavirus/carte-et-donnees are not displayed when uMatrix is enabled (even if matrix filtering is disabled)

[baptx]

Prerequisites

• I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
  • I also searched the existing issues at https://github.com/gorhill/uMatrix/issues
• This is not a support issue or a question
  • Support issues and questions are handled at /r/uMatrix
• I tried to reproduce the issue when...
  • uMatrix extension is wholly disabled or not installed
  • uMatrix is the only extension
  • uMatrix with default lists/settings
  • using a new, unmodified browser profile
• I am running the latest version of uMatrix
• I checked the documentation to understand that the issue I report is not a normal behavior
• I used the logger to rule out that the issue is caused by my ruleset

Description

Maps tiles of https://www.gouvernement.fr/info-coronavirus/carte-et-donnees are not displayed when uMatrix is enabled, even if matrix filtering is disabled.
When disabling uMatrix addon, it works.

A specific URL where the issue occurs

https://www.gouvernement.fr/info-coronavirus/carte-et-donnees

Steps to Reproduce

1. Visit https://www.gouvernement.fr/info-coronavirus/carte-et-donnees

Ruleset

uMatrix was the only addon installed on a clean (refreshed) Firefox profile. The default rules are used and the issue also happens if matrix filtering is disabled so it seems it cannot be a rule issue.

Supporting evidence

Here is what is displayed in the web console:

Navigated to https://www.gouvernement.fr/info-coronavirus/carte-et-donnees
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. carte-et-donnees
Some cookies are misusing the recommended “sameSite“ attribute 7
unreachable code after return statement
_Incapsula_Resource:1:38725
unreachable code after return statement
_Incapsula_Resource:1:41275
unreachable code after return statement
_Incapsula_Resource:1:41275
downloadable font: download failed (font-family: "Marianne" style:normal weight:400 stretch:100 src index:0): status=2147746065 source: https://dashboard.covid19.data.gouv.fr/%E2%80%99/fonts/Marianne-Regular.woff2%E2%80%99
Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI.
Content Security Policy: The page’s settings observed the loading of a resource at blob:https://dashboard.covid19.data.gouv.fr/9103fee9-476a-4432-868e-e4f4089dd0da (“worker-src”). A CSP report is being sent.
Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI.
Content Security Policy: The page’s settings observed the loading of a resource at blob:https://dashboard.covid19.data.gouv.fr/9103fee9-476a-4432-868e-e4f4089dd0da (“worker-src”). A CSP report is being sent.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/41/58.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/42/58.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/4/8/5.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/4/7/5.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/4/7/6.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/4/8/6.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/42/58.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/4/5/7.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/8/159/137.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/8/160/137.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/83/71.pbf. (Reason: CORS request did not succeed).

Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/6/21/29.pbf. (Reason: CORS request did not succeed).

Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI.
Content Security Policy: The page’s settings observed the loading of a resource at blob:https://www.gouvernement.fr/f19c37cd-9034-421f-ab98-599613027d8b (“worker-src”). A CSP report is being sent.
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
WebGL warning: texImage: Alpha-premult and y-flip are deprecated for non-DOM-Element uploads. 5 2c796e83.a8c7cc48515f8cc30ef5.js:1:306818
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/3/4/2.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/3/3/2.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/3/3/3.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/3/4/3.pbf. (Reason: CORS request did not succeed).

WebGL warning: texImage: Alpha-premult and y-flip are deprecated for non-DOM-Element uploads. 2c796e83.a8c7cc48515f8cc30ef5.js:1:306818
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/5/10/14.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/6/20/29.pbf. (Reason: CORS request did not succeed).

WebGL warning: texImage: Alpha-premult and y-flip are deprecated for non-DOM-Element uploads. 2 2c796e83.a8c7cc48515f8cc30ef5.js:1:306818
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/3/2/3.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/6/21/29.pbf. (Reason: CORS request did not succeed).

Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
WebGL warning: texImage: Alpha-premult and y-flip are deprecated for non-DOM-Element uploads. 3 2c796e83.a8c7cc48515f8cc30ef5.js:1:306818
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/6/41/35.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/80/68.pbf. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://etalab-tiles.fr/data/france-vector/7/79/68.pbf. (Reason: CORS request did not succeed).

Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }
index.js:1:82720
Object { message: "NetworkError when attempting to fetch resource.", stack: "" }

Your environment

• uMatrix version: 1.4.0
• Browser Name and version: Firefox 78.0.2
• Operating System and version: Linux Lubuntu 19.10 (64-bit)

[gwarser]

Allowing etalab-files.fr xhr in data.gouv.fr context from the logger works.

This is subrequest from iframe - why it's not visible in matrix?

---

Works correctly in 1.4.1b6 - request is visible in matrix, so it can be allowed, and also works after disabling filtering + referer spoofing.

[baptx]

@gwarser thanks, indeed opening directly the iframe source https://dashboard.covid19.data.gouv.fr/?iframe=1 in a new tab works with the matrix. I remember having used this workaround in the past with uMatrix. I would be interested to know why it failed and what was the fix.

[Kein]

Because you block web-workers by default.
In .b6 if you enable web-worker the matrix dahsboard displays needed request correctly. You will need a few refreshes but eventually you can make it work the usual way.

As usual with anything that relies on Google services - the latter heavily abuses sw to make tracking more easier and robust.

[baptx]

@Kein I checked again and by default the uMatrix option "Forbid web workers" is disabled so it looks like the issue does not come from here.

[Kein]

Update to b6

[baptx]

@Kein thanks, it works in version 1.4.1b6. If reloading the page with F5 or Ctrl+R is not enough, we need to use Ctrl+Shift+R to reload cache.