Issue 6544 - Prevent requests sent by Chrome or Adblock Plus from being blocked

lib/requestBlocker.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-present eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ skipping 12 matching lines @@
   require("../adblockpluscore/lib/filterClasses");
 const {Subscription} = require("../adblockpluscore/lib/subscriptionClasses");
 const {defaultMatcher} = require("../adblockpluscore/lib/matcher");
 const {FilterNotifier} = require("../adblockpluscore/lib/filterNotifier");
 const {Prefs} = require("./prefs");
 const {checkWhitelisted, getKey} = require("./whitelisting");
 const {stringifyURL, extractHostFromFrame, isThirdParty} = require("./url");
 const {port} = require("./messaging");
 const devtools = require("./devtools");
 
+const extensionProtocol = new URL(browser.extension.getURL("")).protocol;
+
 // Chrome can't distinguish between OBJECT_SUBREQUEST and OBJECT requests.
 if (!browser.webRequest.ResourceType ||
     !("OBJECT_SUBREQUEST" in browser.webRequest.ResourceType))
 {
   RegExpFilter.typeMap.OBJECT_SUBREQUEST = RegExpFilter.typeMap.OBJECT;
 }
 
 // Map of content types reported by the browser to the respecitve content types
 // used by Adblock Plus. Other content types are simply mapped to OTHER.
 let resourceTypes = new Map(function*()
@@ skipping 79 matching lines @@
   // Filter out requests from non web protocols. Ideally, we'd explicitly
   // specify the protocols we are interested in (i.e. http://, https://,
   // ws:// and wss://) with the url patterns, given below, when adding this
   // listener. But unfortunately, Chrome <=57 doesn't support the WebSocket
   // protocol and is causing an error if it is given.
   let url = new URL(details.url);
   if (url.protocol != "http:" && url.protocol != "https:" &&
       url.protocol != "ws:" && url.protocol != "wss:")
     return;
 
-  let originUrl = null;
-  if (details.originUrl)
+  // Firefox provides us with the full origin URL, while Chromium (>=63)
+  // provides only the protocol + host of the (top-level) document which
+  // the request originates from through the "initiator" property.
+  let originUrl = details.originUrl ? new URL(details.originUrl) :
+                  details.initiator ? new URL(details.initiator) : null;
+
+  // Ignore requests sent by extensions or by the browser itself:
+  // * Firefox intercepts requests sent by any extensions, indicated with
+  //   an "originURL" starting with "moz-extension:".
+  // * Chromium intercepts requests sent by this extension only, indicated
+  //   on Chromium >=63 with an "initiator" starting with "chrome-extension:".
+  // * On Firefox, requests that don't relate to any document or extension are
+  //   indicated with an "originUrl" starting with "chrome:".
+  // * On Chromium >=63, requests that don't relate to any document or extension
+  //   have no "initiator". But since on older Chromium versions, no request
+  //   has an "initiator", we have to check for the tabId as well.
+  if (originUrl)
   {
-    originUrl = new URL(details.originUrl);
-
-    // Firefox (only) allows to intercept requests sent by the browser
-    // and other extensions. We don't want to block these.
-    if (originUrl.protocol == "chrome:" ||
-        originUrl.protocol == "moz-extension:")
+    if (originUrl.protocol == extensionProtocol ||
+        originUrl.protocol == "chrome:")
       return;
   }
-  // Fallback to "initiator" on Chrome >=63. It doesn't include the
-  // path (unlike "originUrl" on Firefox), but is still good enough
-  // (in case the tab/frame is unknown) for the $domain filter option
-  // and most document exception rules which only match the domain part.
-  else if (details.initiator)
-    originUrl = new URL(details.initiator);
+  else if (details.tabId == -1)
+    return;
 
   let page = null;
   let frame = null;
   if (details.tabId != -1)
   {
     page = new ext.Page({id: details.tabId});
     frame = ext.getFrame(
       details.tabId,
       // We are looking for the frame that contains the element which
       // has triggered this request. For most requests (e.g. images) we
@@ skipping 106 matching lines @@
 
 port.on("request.blockedByRTCWrapper", (msg, sender) =>
 {
   return ext.webRequest.onBeforeRequest._dispatch(
      new URL(msg.url),
      "webrtc",
      sender.page,
      sender.frame
   ).includes(false);
 });