Issue 6544 - Prevent requests sent by Chrome or Adblock Plus from being blocked

lib/requestBlocker.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-present eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ skipping 11 matching lines @@
 const {Filter, RegExpFilter, BlockingFilter} = require("filterClasses");
 const {Subscription} = require("subscriptionClasses");
 const {defaultMatcher} = require("matcher");
 const {FilterNotifier} = require("filterNotifier");
 const {Prefs} = require("prefs");
 const {checkWhitelisted, getKey} = require("whitelisting");
 const {stringifyURL, extractHostFromFrame, isThirdParty} = require("url");
 const {port} = require("messaging");
 const devtools = require("devtools");
 
+const extensionProtocol = new URL(browser.extension.getURL("")).protocol;
+
 // Chrome can't distinguish between OBJECT_SUBREQUEST and OBJECT requests.
 if (!browser.webRequest.ResourceType ||
     !("OBJECT_SUBREQUEST" in browser.webRequest.ResourceType))
 {
   RegExpFilter.typeMap.OBJECT_SUBREQUEST = RegExpFilter.typeMap.OBJECT;
 }
 
 // Map of content types reported by the browser to the respecitve content types
 // used by Adblock Plus. Other content types are simply mapped to OTHER.
 let resourceTypes = new Map(function*()
@@ skipping 90 matching lines @@
   // Filter out requests from non web protocols. Ideally, we'd explicitly
   // specify the protocols we are interested in (i.e. http://, https://,
   // ws:// and wss://) with the url patterns, given below, when adding this
   // listener. But unfortunately, Chrome <=57 doesn't support the WebSocket
   // protocol and is causing an error if it is given.
   let url = new URL(details.url);
   if (url.protocol != "http:" && url.protocol != "https:" &&
       url.protocol != "ws:" && url.protocol != "wss:")
     return;
 
-  let originUrl = null;

[kzar, 2018/04/03 12:06:45]

This diff doesn't seem right, I don't see this stuff that you've removed in
lib/requestBlocker.js so far in next or master. Seems it's rather in
ext/background.js. Am I missing something?

[kzar, 2018/04/03 12:45:50]

Oh I see, it's based on these changes
https://codereview.adblockplus.org/29739594/diff/29739595/lib/requestBlocker.js

-  if (details.originUrl)
-  {
-    originUrl = new URL(details.originUrl);
+  // Firefox provides us with the full origin URL, while Chromium (>=63)
+  // provides only the protocol + host of the (top-level) document which
+  // the request originates from through the "initiator" property.
+  let originUrl = details.originUrl ? new URL(details.originUrl) :
+                  details.initiator ? new URL(details.initiator) : null;
 
-    // Firefox (only) allows to intercept requests sent by the browser
-    // and other extensions. We don't want to block these.
-    if (originUrl.protocol == "chrome:" ||
-        originUrl.protocol == "moz-extension:")
-      return;
-  }
-  // Fallback to "initiator" on Chrome >=63. It doesn't include the
-  // path (unlike "originUrl" on Firefox), but is still good enough
-  // (in case the tab/frame is unknown) for the $domain filter option
-  // and most document exception rules which only match the domain part.
-  else if (details.initiator)
-    originUrl = new URL(details.initiator);
+  // Firefox allows to intercept requests sent by all extensions or
+  // the browser (i.e. chrome://), while Chromium only allows to interecept

[kzar, 2018/04/03 12:06:45]

Do you mean chrome:// for Firefox? Also how come there's a special case for
"chrome:" below when we already figured out the protocol the browser uses for
extension pages?
Nit: This reads a little funny, perhaps add "us" before "to intercept"?

[Sebastian Noack, 2018/04/03 23:36:28]

Yes, "chrome:" is the protocol for content that is part of the browser on
Firefox. The protocol used for parts of an extension (i.e. extensionProtocol) is
"chrome-extension:" and "moz-extension:", repsecively on Chrome and Firefox.
I rephrased this sentence.

[kzar, 2018/04/04 17:38:44]

Acknowledged.
Nit: Thanks, but it still reads a little bit funny and now there's a typo. How
about something like this?

// We don't want to block requests sent by extensions (e.g. "moz-extension://")
// or the browser (e.g. "chrome://").

[Sebastian Noack, 2018/04/05 00:23:24]

I changed the scope of this change, now also ignoring requests sent by Chrome
itself (just like we do on Firefox). As a result I completely rewrote the
comment here. I hope it is more clear (and free of typos) now.

+  // requests sent by this extension. We don't want to block any of these.
+  if (originUrl && (originUrl.protocol == extensionProtocol ||
+                    originUrl.protocol == "chrome:"))
+    return;
 
   let page = null;
   let frame = null;
   if (details.tabId != -1)
   {
     page = new ext.Page({id: details.tabId});
     frame = ext.getFrame(
       details.tabId,
       // We are looking for the frame that contains the element which
       // has triggered this request. For most requests (e.g. images) we
@@ skipping 106 matching lines @@
 
 port.on("request.blockedByRTCWrapper", (msg, sender) =>
 {
   return ext.webRequest.onBeforeRequest._dispatch(
      new URL(msg.url),
      "webrtc",
      sender.page,
      sender.frame
   ).includes(false);
 });