Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only make requests to *.rewards.brave.com endpoints after Rewards opt-in #14277

Closed
1 of 4 tasks
Miyayes opened this issue Feb 21, 2021 · 12 comments · Fixed by brave/brave-core#15146
Closed
1 of 4 tasks

Only make requests to *.rewards.brave.com endpoints after Rewards opt-in #14277

Miyayes opened this issue Feb 21, 2021 · 12 comments · Fixed by brave/brave-core#15146
Assignees
@mkarolin
Labels
feature/rewards OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy QA Pass - Android ARM QA Pass - Android Tab QA Pass-macOS QA/Yes release-notes/exclude
Milestone
1.46.x - Release

Comments

@Miyayes
Copy link
Collaborator

Miyayes commented Feb 21, 2021
edited
Loading

Description

Browser sometimes makes calls out to *.rewards.brave.com endpoints before user fully opts into Brave Rewards. For example, see brave/brave-site-specific-scripts#41. Any *.rewards.brave.com requests should only occur if the user has pressed "Start using Brave Rewards" and generated a wallet. These calls can happen as a result of Greaselion or by clicking the BAT icon.

Requests are made to the following domains, for example:

  • api.rewards.brave.com
  • rewards.brave.com
  • grant.rewards.brave.com

Steps to Reproduce

Greaselion

  1. Fresh profile
  2. Go to reddit.com or another site with site-specific Greaselion scripts
  3. Check for calls to *.rewards.brave.com

Another way:

BAT icon

  1. Fresh profile
  2. Click on BAT icon
  3. Although Brave Rewards is still disabled (i.e., "Start using Brave Rewards" has not yet been pressed), check for calls to *.rewards.brave.com

Calls should be deferred until after the user has pressed "Start using Brave Rewards".

Expected result:

No requests needed until after opt-in.

Task list

  • Content scripts/Greaselion case
  • Clicking on Brave Rewards panel/BAT icon in the URL bar
  • Clicking on in-line tipping button
  • Navigating to brave://rewards settings page
@Miyayes Miyayes added OS/Android Fixes related to Android browser functionality OS/Desktop labels Feb 21, 2021
@Miyayes Miyayes added priority/P1 A very extremely bad problem. We might push a hotfix for it. feature/rewards labels Feb 21, 2021
@Miyayes Miyayes mentioned this issue Feb 21, 2021
Open
@zenparsing zenparsing mentioned this issue Feb 23, 2021
Closed
@bsclifton
Copy link
Member

bsclifton commented Mar 1, 2021
edited
Loading

There should only be a few more remaining cases (that we know of) for this:

  1. Clicking tip icon (on GitHub/Reddit/Twitter). Used to get the verification status for entity being tipped
  2. Clicking rewards icon in omnibox (on GitHub/Reddit/Twitter/Twitch/Vimeo/YouTube). Used to get the verification status for entity visited

The verification check can be deferred until user is opted in

Status TBD on Android (@deeppandya can you help verify?). All other cases have been closed (ex: with brave/brave-core#8036). Nice work @zenparsing @emerick 😄

@deeppandya deeppandya mentioned this issue Mar 8, 2021
Closed
@bsclifton
Copy link
Member

Given above - going to reprioritize this issue based on the remaining two cases

@bsclifton bsclifton added priority/P4 Planned work. We expect to get to it "soon". and removed priority/P1 A very extremely bad problem. We might push a hotfix for it. labels Apr 1, 2021
@holow29
Copy link

holow29 commented Aug 16, 2021

Is there a way to reset Brave Rewards status? I enabled it once but have since tried to disable it as much as possible - including turning off ads, hiding the rewards button, and resetting the wallet. However, I can't get back to the state where it says, "Start using Brave Rewards" without creating a new profile. Using my old profile, I still get calls to *.rewards.brave.com endpoints.

@bsclifton
Copy link
Member

bsclifton commented Aug 17, 2021
edited
Loading

@holow29 I gave this a shot on a profile which had rewards enabled and here's what I found:

  1. Clicked the gear on the top right of brave://rewards/
    image
  2. Picked Reset and clicked the orange Reset button
    image
  3. Closed browser, re-opened
  4. Visit brave://rewards/
  5. The opt-in isn't showing again ☹️ This should be showing, right @Miyayes?
  6. As long as Ads and Auto-contribute are off, the Ledger service should be OFF. I verified Ads/AC are off on brave://rewards/. You can verify service status under hamburger menu => More tools => Task Manager
  7. Looks like Ledger service is still running (it shouldn't be) 😭
    image

I don't know if we've ever characterized a way to "reset" this once opt-in is done. Will need to investigate more

cc: @brave/rewards-client

@holow29
Copy link

holow29 commented Aug 17, 2021

Potentially some more info: I restarted the browser and Utility: Bat Ledger Service was not running, and I didn't see any calls to *.rewards.brave.com endpoints. However, when I went to brave://rewards to ensure everything was off, the ledger service started again and remained running.
It seems like the ledger service should not start when simply visiting brave://rewards if ads/ac are off. Perhaps there needs to be a way to reset to the pre-opt-in state and maybe that will prevent the ledger service from starting automatically.

@bsclifton
Copy link
Member

Thanks for testing! I raised issue today to @Miyayes - we can figure out next steps 😄 But as long as you quit the browser and re-open (as long as no brave://rewards windows are open), it won't be running Ledger

There is a possibility Ads service might run, if you enable Brave News. That's something to keep in mind. Even if you turn off Brave news, it'll still be running (that bug is captured by #17491)

@bsclifton bsclifton mentioned this issue Aug 17, 2021
Closed
@Miyayes Miyayes mentioned this issue Sep 11, 2022
Closed
@Miyayes Miyayes added the needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. label Sep 11, 2022
@Miyayes
Copy link
Collaborator Author

Miyayes commented Sep 11, 2022
edited
Loading

From latest look into this, it looks like Rewards endpoints and URLs are hit when a not opted-in user:

  1. Clicks the BAT icon in the URL bar
  2. Clicks on an in-line tipping button on a website like Twitter or Reddit
  3. Navigates to brave://rewards (Rewards settings page)

@diracdeltas In your view, is this acceptable, or should Rewards endpoints only ever be hit once the user opts in to Brave Rewards (as in, goes to generate a Brave Rewards wallet)? cc: @evq

@diracdeltas
Copy link
Member

@Miyayes thanks for the info! i will mostly defer this to @PrivacyMatters but i think we shouldn't be adding more of these. for instance it seems this has slightly regressed since #14277 (comment) (now navigating to brave://rewards triggers a request)

@Miyayes Miyayes mentioned this issue Sep 11, 2022
Closed
@Miyayes Miyayes added priority/P2 A bad problem. We might uplift this to the next planned release. and removed priority/P4 Planned work. We expect to get to it "soon". labels Sep 12, 2022
@Miyayes Miyayes assigned mkarolin and unassigned bsclifton, emerick and Miyayes Sep 12, 2022
@Miyayes Miyayes added privacy and removed needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. labels Sep 12, 2022
@mkarolin mkarolin mentioned this issue Sep 20, 2022
Merged
25 tasks
@mkarolin mkarolin added this to the 1.46.x - Nightly milestone Oct 5, 2022
@LaurenWags LaurenWags added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Oct 18, 2022
@LaurenWags
Copy link
Member

LaurenWags commented Oct 18, 2022
edited
Loading

Verified with

Brave | 1.46.66 Chromium: 107.0.5304.36 (Official Build) nightly (x86_64)
-- | --
Revision | 2f9c7a5a1fe357d87e9bc07c65cca9136b3651c5-refs/branch-heads/5304@{#671}
OS | macOS Version 12.6 (Build 21G115)
Reproduced the issue using 1.44.112
  1. Launched a clean profile using staging env
  2. Relaunched to get griffin seed
  3. Clicked on the BAT logo in URL bar, saw rewards endpoints being contacted without opting in to Rewards
Logs 
[23344:259:1018/100219.166426:VERBOSE1:rewards_service_impl.cc(459)] Starting ledger process
[23344:259:1018/100219.225117:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 1
[23344:259:1018/100219.225159:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 2
[23344:259:1018/100219.225184:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 3
[23344:259:1018/100219.225204:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 4
[23344:259:1018/100219.225226:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 5
[23344:259:1018/100219.225246:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 6
[23344:259:1018/100219.225266:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 7
[23344:259:1018/100219.225287:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 8
[23344:259:1018/100219.225308:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 9
[23344:259:1018/100219.225336:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 10
[23344:259:1018/100219.225381:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 11
[23344:259:1018/100219.225406:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 12
[23344:259:1018/100219.225426:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 13
[23344:259:1018/100219.225446:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 14
[23344:259:1018/100219.225503:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 15
[23344:259:1018/100219.225530:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 16
[23344:259:1018/100219.225552:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 17
[23344:259:1018/100219.225572:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 18
[23344:259:1018/100219.225606:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 19
[23344:259:1018/100219.225632:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 20
[23344:259:1018/100219.225653:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 21
[23344:259:1018/100219.225673:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 22
[23344:259:1018/100219.225694:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 23
[23344:259:1018/100219.225714:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 24
[23344:259:1018/100219.225735:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 25
[23344:259:1018/100219.225754:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 26
[23344:259:1018/100219.225775:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 27
[23344:259:1018/100219.225795:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 28
[23344:259:1018/100219.225815:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 29
[23344:259:1018/100219.225835:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 30
[23344:259:1018/100219.225855:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 31
[23344:259:1018/100219.225875:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 32
[23344:259:1018/100219.225895:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 33
[23344:259:1018/100219.225914:VERBOSE1:database_migration.cc(141)] DB: Migrated to version 34
[23344:259:1018/100219.266181:VERBOSE1:state_migration_v1.cc(38)] No publisher state
[23344:259:1018/100219.266660:VERBOSE1:state_migration.cc(142)] State: Migrated to version 1
[23344:259:1018/100219.266820:VERBOSE1:state_migration.cc(46)] Fresh install, state version set to 11
[23344:259:1018/100219.267685:VERBOSE1:publisher_prefix_list_updater.cc(58)] Scheduling publisher prefix list update in 0 seconds
[23344:259:1018/100219.267966:VERBOSE1:contribution.cc(232)] Last reconcile timer set for 2.592e+06 s
[23344:259:1018/100219.268383:VERBOSE1:contribution.cc(115)] Queue timer set for 6 s
[23344:259:1018/100219.268528:VERBOSE1:promotion.cc(92)] Migrating corrupted promotions
[23344:259:1018/100219.268662:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://api.rewards.bravesoftware.com/v1/parameters
> Method: GET
[23344:259:1018/100219.269030:VERBOSE1:recovery.cc(22)] Running empty balance check...
[23344:259:1018/100219.269138:VERBOSE1:publisher_prefix_list_updater.cc(65)] Fetching publisher prefix list
[23344:259:1018/100219.269160:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://rewards-stg.bravesoftware.com/publishers/prefix-list
> Method: GET
[23344:259:1018/100219.269571:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Method: GET
[23344:259:1018/100219.271203:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Method: GET
[23344:259:1018/100219.271483:VERBOSE1:wallet_balance.cc(34)] Wallet is not created
[23344:259:1018/100219.273041:VERBOSE1:ledger_impl.cc(519)] Rewards parameters not set - fetching from server
[23344:259:1018/100219.273083:VERBOSE1:api_parameters.cc(33)] API parameters fetch in progress
[23344:259:1018/100219.275002:VERBOSE1:promotion.cc(572)] Promotion is empty
[23344:259:1018/100219.276181:VERBOSE1:recovery_empty_balance.cc(110)] Creds batch list is emtpy
[23344:259:1018/100219.425039:VERBOSE7:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://rewards-stg.bravesoftware.com/publishers/prefix-list
> Result: Success
> HTTP Code: 200
> Body:???"??C????
[23344:259:1018/100219.425097:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://rewards-stg.bravesoftware.com/publishers/prefix-list
[23344:259:1018/100219.447601:VERBOSE1:publisher_prefix_list_updater.cc(102)] Resetting publisher prefix list table
[23344:259:1018/100219.447661:VERBOSE1:database_publisher_prefix_list.cc(120)] Clearing publisher prefixes table
[23344:259:1018/100219.462223:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100219.612252:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://api.rewards.bravesoftware.com/v1/parameters
> Result: Success
> HTTP Code: 200
> Body: {"payoutStatus":{"unverified":"complete","uphold":"complete","gemini":"complete","bitflyer":"complete"},"custodianRegions":{"uphold":{"allow":["AU","AT","BE","CO","DK","FI","HK","IE","IT","NL","NO","PT","SG","ES","SE","GB","US","IN"],"block":[]},"gemini":{"allow":["AU","AT","BE","CO","DK","FI","HK","IE","IT","NL","NO","PT","SG","ES","SE","GB","US"],"block":[]},"bitflyer":{"allow":["JP"],"block":[]}},"batRate":0.286939,"autocontribute":{"choices":[1,2,3,5,7,10,20],"defaultChoice":1},"tips":{"defaultTipChoices":[1.25,5,10.5],"defaultMonthlyChoices":[1.25,5,10.5]}}

[23344:259:1018/100219.612307:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://api.rewards.bravesoftware.com/v1/parameters
[23344:259:1018/100219.613643:VERBOSE1:api_parameters.cc(90)] Params timer set for 10887 s
[23344:259:1018/100219.637255:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Result: Success
> HTTP Code: 200
> Body: {"promotions":[{"id":"f05568e6-f4a1-4438-8e81-cc0490fd14f7","createdAt":"2022-09-22T14:39:18.189457Z","expiresAt":"2023-01-22T14:39:18.189457Z","version":5,"suggestionsPerGrant":120,"approximateValue":"30","type":"ugp","available":true,"platform":"desktop","publicKeys":["6AphTvx13IgxVRG1nljV2ql1Y7yGUol6yrVMhEP85wI="],"legacyClaimed":false,"claimableUntil":"2022-12-22T14:39:18.189457Z"}]}

[23344:259:1018/100219.637318:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
[23344:259:1018/100219.651804:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Result: Success
> HTTP Code: 200
> Body: {"promotions":[{"id":"f05568e6-f4a1-4438-8e81-cc0490fd14f7","createdAt":"2022-09-22T14:39:18.189457Z","expiresAt":"2023-01-22T14:39:18.189457Z","version":5,"suggestionsPerGrant":120,"approximateValue":"30","type":"ugp","available":true,"platform":"desktop","publicKeys":["6AphTvx13IgxVRG1nljV2ql1Y7yGUol6yrVMhEP85wI="],"legacyClaimed":false,"claimableUntil":"2022-12-22T14:39:18.189457Z"}]}

[23344:259:1018/100219.651852:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
[23344:259:1018/100219.677439:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100219.880588:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100220.089943:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100220.283125:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100220.482387:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100220.687722:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100220.886875:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100221.078165:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100221.280345:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 100000 records into publisher prefix table
[23344:259:1018/100221.454196:VERBOSE1:database_publisher_prefix_list.cc(130)] Inserting 159 records into publisher prefix table
[23344:259:1018/100221.456523:VERBOSE1:publisher_prefix_list_updater.cc(58)] Scheduling publisher prefix list update in 259199 seconds
[23344:259:1018/100221.456568:VERBOSE1:unverified.cc(31)] Pending tips processing starting
[23344:259:1018/100221.456962:VERBOSE1:wallet_balance.cc(34)] Wallet is not created
[23344:259:1018/100221.457226:VERBOSE1:unverified.cc(77)] List is empty
[23344:259:1018/100221.457267:VERBOSE1:unverified.cc(249)] Pending tips processing completed
  1. Then visited a Twitter greaselion page, twitter.com/emerick, and saw rewards endpoints being contacted
Logs 
[23344:259:1018/102121.323107:INFO:CONSOLE(1)] "Greaselion script loaded: twitterBase.ts", source: chrome-extension://gajhkmnhhoadjcfchafgbekhgigglnkp/twitterBase.bundle.js (1)
[23344:259:1018/102121.324177:INFO:CONSOLE(1)] "Greaselion script loaded: twitterInlineTipping.ts", source: chrome-extension://glcghbidhfocejckcfmfpdhmkjfmkiei/twitterInlineTipping.bundle.js (1)
[23344:259:1018/102121.327676:INFO:CONSOLE(1)] "Failed to fetch user details for emerick: Missing auth headers", source: chrome-extension://gajhkmnhhoadjcfchafgbekhgigglnkp/twitterBase.bundle.js (1)
[23344:259:1018/102121.417398:INFO:CONSOLE(1)] "Failed to fetch user details for emerick: Missing auth headers", source: chrome-extension://gajhkmnhhoadjcfchafgbekhgigglnkp/twitterBase.bundle.js (1)
[23344:259:1018/102121.724958:VERBOSE1:database_server_publisher_banner.cc(140)] Server publisher banner not found
[23344:259:1018/102121.726295:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://pcdn.bravesoftware.com/publishers/prefixes/7782
> Method: GET
[23351:18435:1018/102122.087355:WARNING:spdy_session.cc(3502)] Received HEADERS for invalid stream 1
[23344:259:1018/102122.311057:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/7782
> Result: Success
> HTTP Code: 200
> Body: 
[23344:259:1018/102122.311138:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/7782
[23344:259:1018/102122.314593:INFO:publisher.cc(782)] Publisher info not found
[23344:259:1018/102122.321634:VERBOSE1:publisher.cc(529)] Publisher list is empty
[23344:259:1018/102122.700137:VERBOSE1:publisher.cc(529)] Publisher list is empty
  1. Visited a GitHub greaselion page, github.com/miyayes, and saw rewards endpoints being contacted
Logs 
[23344:259:1018/103009.321162:INFO:CONSOLE(1)] "Greaselion script loaded: githubBase.ts", source: chrome-extension://eoceebklhjepohnakemchinmkdpbolgh/githubBase.bundle.js (1)
[23344:259:1018/103009.322353:INFO:CONSOLE(1)] "Greaselion script loaded: githubInlineTipping.ts", source: chrome-extension://galpopeppgfimpgpdbbkhemhcjgghmhl/githubInlineTipping.bundle.js (1)
[23344:259:1018/103009.411775:VERBOSE1:database_server_publisher_banner.cc(140)] Server publisher banner not found
[23344:259:1018/103009.412129:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://pcdn.bravesoftware.com/publishers/prefixes/192e
> Method: GET
[23344:259:1018/103009.412301:VERBOSE1:database_server_publisher_banner.cc(140)] Server publisher banner not found
[23344:259:1018/103009.412484:VERBOSE1:server_publisher_fetcher.cc(58)] Fetch already in progress
[23344:259:1018/103009.837200:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/192e
> Result: Success
> HTTP Code: 200
> Body: 
[23344:259:1018/103009.837278:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/192e
[23344:259:1018/103009.840769:INFO:publisher.cc(782)] Publisher info not found
[23344:259:1018/103009.841393:INFO:publisher.cc(782)] Publisher info not found
[23344:259:1018/103009.843867:VERBOSE1:rewards_service_impl.cc(1768)] Already fetching favicon
[23344:259:1018/103009.845912:VERBOSE1:publisher.cc(529)] Publisher list is empty
[23344:259:1018/103009.846063:VERBOSE1:publisher.cc(529)] Publisher list is empty
  1. Visited a Reddit greaselion page, reddit.com/u/cryptojennie, and saw rewards endpoints being contacted
Logs 
[23344:259:1018/104141.051760:INFO:CONSOLE(1)] "Greaselion script loaded: redditBase.ts", source: chrome-extension://bpkoijdaibakhfgahdfknbdcankhidoa/redditBase.bundle.js (1)
[23344:259:1018/104141.052882:INFO:CONSOLE(1)] "Greaselion script loaded: redditInlineTipping.ts", source: chrome-extension://ficffphkednpmhjngkiljamkalhjmclj/redditInlineTipping.bundle.js (1)
...............
[23344:259:1018/104143.602607:VERBOSE1:database_server_publisher_banner.cc(140)] Server publisher banner not found
[23344:259:1018/104143.602807:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://pcdn.bravesoftware.com/publishers/prefixes/0bb5
> Method: GET
[23344:259:1018/104144.022467:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/0bb5
> Result: Success
> HTTP Code: 200
> Body: 
[23344:259:1018/104144.022526:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://pcdn.bravesoftware.com/publishers/prefixes/0bb5

[23344:259:1018/104144.022552:VERBOSE1:database_server_publisher_banner.cc(43)] Empty publisher banner data, skipping insert
[23344:259:1018/104144.024512:INFO:publisher.cc(782)] Publisher info not found
[23344:259:1018/104144.026841:VERBOSE1:publisher.cc(529)] Publisher list is empty
  1. Opened NTP and saw rewards endpoints being contacted
Logs 
[23344:259:1018/104338.488250:VERBOSE1:wallet_balance.cc(34)] Wallet is not created
[23344:259:1018/104338.489502:VERBOSE5:ledger_impl.cc(117)] 
[ REQUEST ]
> URL: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Method: GET
[23344:259:1018/104338.498193:VERBOSE6:logging_util.cc(137)] 
[ RESPONSE - OnRequest ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
> Result: Success
> HTTP Code: 200
> Body: {"promotions":[{"id":"f05568e6-f4a1-4438-8e81-cc0490fd14f7","createdAt":"2022-09-22T14:39:18.189457Z","expiresAt":"2023-01-22T14:39:18.189457Z","version":5,"suggestionsPerGrant":120,"approximateValue":"30","type":"ugp","available":true,"platform":"desktop","publicKeys":["6AphTvx13IgxVRG1nljV2ql1Y7yGUol6yrVMhEP85wI="],"legacyClaimed":false,"claimableUntil":"2022-12-22T14:39:18.189457Z"}]}

[23344:259:1018/104338.498280:VERBOSE9:logging_util.cc(138)] 
[ RESPONSE HEADERS ]
> Url: https://grant.rewards.bravesoftware.com/v1/promotions?migrate=true&platform=osx
  1. Opened browser Task Manager and saw Ledger service running
Screen Shot 2022-10-18 at 10 44 46 AM

Verified test cases from #14277 (comment).

Case 1 - Greaselion - PASSED
  1. Fresh profile, close and relaunch to pull griffin seed
  2. Go to reddit.com/u/cryptojennie
  3. Check for calls to *.rewards.brave.com
  4. Confirm no calls to *.rewards.brave.com
  5. Go to twitter.com/emerick
  6. Check for calls to *.rewards.brave.com
  7. Confirm no calls to *.rewards.brave.com
  8. Go to github.com/miyayes
  9. Check for calls to *.rewards.brave.com
  10. Confirm no calls to *.rewards.brave.com
  11. Open browser Task Manager and confirm Ledger service is not running
  • Confirmed no calls to *.rewards.brave.com when visiting the above greaselion pages in logs or when using Charles Proxy to monitor traffic.
  • Confirmed browser Task Manager does not show Ledger service running
Example Example
Screen Shot 2022-10-18 at 3 01 25 PM Screen Shot 2022-10-18 at 3 27 32 PM
Case 2 - BAT icon - PASSED
  1. Fresh profile, relaunch to pull griffin seed
  2. Click on BAT icon
  3. Although Brave Rewards is still disabled (i.e., "Start using Brave Rewards" has not yet been pressed), check for calls to *.rewards.brave.com
  4. Confirm no calls to *.rewards.brave.com
  5. Go to twitter.com/emerick
  6. Check for calls to *.rewards.brave.com
  7. Confirm no calls to *.rewards.brave.com
  8. Go to github.com/miyayes
  9. Check for calls to *.rewards.brave.com
  10. Confirm no calls to *.rewards.brave.com
  11. Go to reddit.com/u/cryptojennie
  12. Check for calls to *.rewards.brave.com
  13. Confirm no calls to *.rewards.brave.com
  14. Open NTP
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  17. Open browser Task Manager and confirm Ledger service is not running
  • Confirmed no calls to *.rewards.brave.com after clicking the BAT icon, but not opting into Rewards
  • Confirmed browser Task Manager does not show Ledger service running
Example Example
1 2
Case 3 - brave://rewards page - PASSED
  1. Fresh profile, relaunch to pull griffin seed
  2. Visit brave://rewards
  3. Although Brave Rewards is still disabled (i.e., "Start using Brave Rewards" has not yet been pressed), check for calls to *.rewards.brave.com
  4. Confirm no calls to *.rewards.brave.com
  5. Go to twitter.com/emerick
  6. Check for calls to *.rewards.brave.com
  7. Confirm no calls to *.rewards.brave.com
  8. Go to github.com/miyayes
  9. Check for calls to *.rewards.brave.com
  10. Confirm no calls to *.rewards.brave.com
  11. Go to reddit.com/u/cryptojennie
  12. Check for calls to *.rewards.brave.com
  13. Confirm no calls to *.rewards.brave.com
  14. Open NTP
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  17. Open browser Task Manager and confirm Ledger service is not running
  • Confirmed no calls to *.rewards.brave.com after visiting brave://rewards, but not opting into Rewards
  • Confirmed browser Task Manager does not show Ledger service running
Example Example
Screen Shot 2022-10-18 at 4 24 15 PM Screen Shot 2022-10-18 at 4 25 01 PM
Case 4 - In-line tip button - FAILED, follow up issue logged
  1. Fresh profile, relaunch to pull griffin seed
  2. Go to twitter.com/emerick
  3. Click on an in-line tip button
    ---> nothing happens, panel does not open but it should. Remainder of test case cannot be executed until follow up issue is resolved.
  4. Panel is displayed, but do not opt in to rewards. Close panel.
  5. Check for calls to *.rewards.brave.com
  6. Confirm no calls to *.rewards.brave.com
  7. Go to github.com/miyayes
  8. Click on an in-line tip button
    ---> nothing happens, panel does not open but it should. Remainder of test case cannot be executed until follow up issue is resolved.
  9. Panel is displayed, but do not opt in to rewards. Close panel.
  10. Check for calls to *.rewards.brave.com
  11. Confirm no calls to *.rewards.brave.com
  12. Go to reddit.com/u/cryptojennie
  13. Click on an in-line tip button
    ---> nothing happens, panel does not open but it should. Remainder of test case cannot be executed until follow up issue is resolved.
  14. Panel is displayed, but do not opt in to rewards. Close panel.
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  17. Open NTP
  18. Check for calls to *.rewards.brave.com
  19. Confirm no calls to *.rewards.brave.com
  20. Open browser Task Manager and confirm Ledger service is not running

Logged #26109 for case 4.

@LaurenWags LaurenWags mentioned this issue Oct 18, 2022
Closed
@LaurenWags LaurenWags added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Oct 18, 2022
@LaurenWags LaurenWags mentioned this issue Oct 25, 2022
Merged
25 tasks
@Uni-verse
Copy link
Contributor

Uni-verse commented Nov 18, 2022
edited
Loading

Verified on Samsung Galaxy S21 & Samsung Galaxy Tab S7 using the following build(s):

Brave	1.46.110 Chromium: 107.0.5304.110 (Official Build) beta (64-bit) 
Revision	2a558545ab7e6fb8177002bf44d4fc1717cb2998-refs/branch-heads/5304@{#1202}
OS	Android 12; Build/SP1A.210812.016

Test Plan #14277 (comment).

Case: BAT icon - PASSED
  1. Fresh profile, relaunch to pull griffin seed
  2. Click on BAT icon
  3. Although Brave Rewards is still disabled (i.e., "Start using Brave Rewards" has not yet been pressed), check for calls to *.rewards.brave.com
  4. Confirm no calls to *.rewards.brave.com
  5. Go to twitter.com/emerick
  6. Check for calls to *.rewards.brave.com
  7. Confirm no calls to *.rewards.brave.com
  8. Go to github.com/miyayes
  9. Check for calls to *.rewards.brave.com
  10. Confirm no calls to *.rewards.brave.com
  11. Go to reddit.com/u/cryptojennie
  12. Check for calls to *.rewards.brave.com
  13. Confirm no calls to *.rewards.brave.com
  14. Open NTP
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  • Confirmed no calls to *.rewards.brave.com after clicking the BAT icon, but not opting into Rewards
Case: brave://rewards page - PASSED
  1. Fresh profile, relaunch to pull griffin seed
  2. Visit brave://rewards
  3. Although Brave Rewards is still disabled (i.e., "Start using Brave Rewards" has not yet been pressed), check for calls to *.rewards.brave.com
  4. Confirm no calls to *.rewards.brave.com
  5. Go to twitter.com/emerick
  6. Check for calls to *.rewards.brave.com
  7. Confirm no calls to *.rewards.brave.com
  8. Go to github.com/miyayes
  9. Check for calls to *.rewards.brave.com
  10. Confirm no calls to *.rewards.brave.com
  11. Go to reddit.com/u/cryptojennie
  12. Check for calls to *.rewards.brave.com
  13. Confirm no calls to *.rewards.brave.com
  14. Open NTP
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  • Confirmed no calls to *.rewards.brave.com after visiting brave://rewards, but not opting into Rewards
Case: In-line tip button - PASSED
  1. Fresh profile, relaunch to pull griffin seed
  2. Go to twitter.com/emerick
  3. Click on an in-line tip button
  4. Panel is displayed, but do not opt in to rewards. Close panel.
  5. Check for calls to *.rewards.brave.com
  6. Confirm no calls to *.rewards.brave.com
  7. Go to github.com/miyayes
  8. Click on an in-line tip button
  9. Panel is displayed, but do not opt in to rewards. Close panel.
  10. Check for calls to *.rewards.brave.com
  11. Confirm no calls to *.rewards.brave.com
  12. Go to reddit.com/u/cryptojennie
  13. Click on an in-line tip button
  14. Panel is displayed, but do not opt in to rewards. Close panel.
  15. Check for calls to *.rewards.brave.com
  16. Confirm no calls to *.rewards.brave.com
  17. Open NTP
  18. Check for calls to *.rewards.brave.com
  19. Confirm no calls to *.rewards.brave.com

0

@PrivacyMatters
Copy link

@Miyayes apologies for the delay. re #14277 (comment) yes, it is acceptable

@Miyayes
Copy link
Collaborator Author

Miyayes commented Dec 1, 2022

Thanks. @PrivacyMatters In any case, we actually went for the stronger route, and we make no calls to rewards-related endpoints until the user explicitly opts in/enables Brave Rewards :).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkarolin mkarolin

Labels
feature/rewards OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy QA Pass - Android ARM QA Pass - Android Tab QA Pass-macOS QA/Yes release-notes/exclude
Projects
None yet
Milestone
1.46.x - Release
Development

Successfully merging a pull request may close this issue.

[Rewards] Do not start utility process until user opts in. brave/brave-core
9 participants
@diracdeltas @bsclifton @emerick @Miyayes @Uni-verse @LaurenWags @PrivacyMatters @mkarolin @holow29