Keeps blocking CSP reports in Firefox even though i disabled it

[AGI-chandler]

Was having trouble loading content (quickstart videos) from https://mailtrap.io/home (free account if anyone wants to debug) and so I went thru the normal routine removing more and more restrictions of PB and uBO and tracking protection until I had PB disabled for the site.  Then I watched network connections in the DevTools and I noticed many messages in red "Blocked by Privacy Badger" still, here is one:

POST /api/37/security/?sentry_key=no undefined
Host: errors.rw.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Content-Type: application/csp-report
Content-Length: 951
Origin: https://mailtrap.io
DNT: 1
Sec-GPC: 1
Connection: keep-alive

I also checked thru my PB settings but didn't notice errors.rw.rw mentioned anywhere.  I had to disable the whole add-on/extension in order for PB to stop blocking resources.

Is this intended for some reason?  If so, I don't understand what "Disable for this site" button is really doing or used for?  Thanks

PB v2024.7.17
Firefox mozilla-deb release v133.0.3 (Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0)

[ghostwords]

Hello and thanks for opening an issue! These are CSP reports that we block unconditionally (#2892) to mitigate https://bugzilla.mozilla.org/show_bug.cgi?id=1267027 and https://bugzilla.mozilla.org/show_bug.cgi?id=1588957.

Blocking them shouldn't cause any issues.

[ghostwords]

Did you figure out the domain or domains responsible for breaking the quickstart videos?

[AGI-chandler]

Really?  If you block CSP unconditionally, then I don't need to enable the same option in uBO right?  I've also seen breakage when there's other privacy add-ons enabled.  For example, it's been a while, but there was a time when I was testing PB, uBO, Disconnect, and DuckDuckGo add-ons, in addition to Firefox's built in Enhanced Tracking Protection.  There were times, it seemed, when it didn't matter if i told them all to allow everything, site was still broken, especially around captchas and that sort of thing.  When Dis. and DDG were disabled, though, things started working as expected.  Seems like there was some sort of race condition or competition over which add-on does what and couldn't play nice together even if told to allow everything.  Just wondering if you know anything about that.

I tested further and it appears the real culprit was Firefox's Strict Enhanced Tracking Protection and fast.wistia.com/assets/external/E-v1.js.  With PB re-enabled on the site, when i switched to Standard Enhanced Tracking Protection, it allowed the request below and the videos loaded, sorry for the false report!

{
	"GET": {
		"scheme": "https",
		"host": "fast.wistia.com",
		"filename": "/assets/external/E-v1.js"
	}
}
{
	"Status": "200",
	"Version": "HTTP/2",
	"Transferred": "147.34 kB (874.64 kB size)",
	"Referrer Policy": "strict-origin-when-cross-origin",
	"DNS Resolution": "System",
	"Blocking": "Enhanced Tracking Protection",
	"": "This URL matches a known tracker and it would be blocked with Content Blocking enabled."
}