Issue 6544 - Prevent requests sent by Chrome or Adblock Plus from being blocked

lib/requestBlocker.js

Index: lib/requestBlocker.js
===================================================================
--- a/lib/requestBlocker.js
+++ b/lib/requestBlocker.js
@@ -29,6 +29,8 @@
 const {port} = require("messaging");
 const devtools = require("devtools");
 
+const extensionProtocol = new URL(browser.extension.getURL("")).protocol;
+
 // Chrome can't distinguish between OBJECT_SUBREQUEST and OBJECT requests.
 if (!browser.webRequest.ResourceType ||
     !("OBJECT_SUBREQUEST" in browser.webRequest.ResourceType))
@@ -139,23 +141,18 @@
       url.protocol != "ws:" && url.protocol != "wss:")
     return;
 
-  let originUrl = null;

[kzar, 2018/04/03 12:06:45]

This diff doesn't seem right, I don't see this stuff that you've removed in
lib/requestBlocker.js so far in next or master. Seems it's rather in
ext/background.js. Am I missing something?

[kzar, 2018/04/03 12:45:50]

Oh I see, it's based on these changes
https://codereview.adblockplus.org/29739594/diff/29739595/lib/requestBlocker.js

-  if (details.originUrl)
-  {
-    originUrl = new URL(details.originUrl);
+  // Firefox provides us with the full origin URL, while Chromium (>=63)
+  // provides only the protocol + host of the (top-level) document which
+  // the request originates from through the "initiator" property.
+  let originUrl = details.originUrl ? new URL(details.originUrl) :
+                  details.initiator ? new URL(details.initiator) : null;
 
-    // Firefox (only) allows to intercept requests sent by the browser
-    // and other extensions. We don't want to block these.
-    if (originUrl.protocol == "chrome:" ||
-        originUrl.protocol == "moz-extension:")
-      return;
-  }
-  // Fallback to "initiator" on Chrome >=63. It doesn't include the
-  // path (unlike "originUrl" on Firefox), but is still good enough
-  // (in case the tab/frame is unknown) for the $domain filter option
-  // and most document exception rules which only match the domain part.
-  else if (details.initiator)
-    originUrl = new URL(details.initiator);
+  // Firefox allows to intercept requests sent by all extensions or
+  // the browser (i.e. chrome://), while Chromium only allows to interecept

[kzar, 2018/04/03 12:06:45]

Do you mean chrome:// for Firefox? Also how come there's a special case for
"chrome:" below when we already figured out the protocol the browser uses for
extension pages?
Nit: This reads a little funny, perhaps add "us" before "to intercept"?

[Sebastian Noack, 2018/04/03 23:36:28]

Yes, "chrome:" is the protocol for content that is part of the browser on
Firefox. The protocol used for parts of an extension (i.e. extensionProtocol) is
"chrome-extension:" and "moz-extension:", repsecively on Chrome and Firefox.
I rephrased this sentence.

[kzar, 2018/04/04 17:38:44]

Acknowledged.
Nit: Thanks, but it still reads a little bit funny and now there's a typo. How
about something like this?

// We don't want to block requests sent by extensions (e.g. "moz-extension://")
// or the browser (e.g. "chrome://").

[Sebastian Noack, 2018/04/05 00:23:24]

I changed the scope of this change, now also ignoring requests sent by Chrome
itself (just like we do on Firefox). As a result I completely rewrote the
comment here. I hope it is more clear (and free of typos) now.

+  // requests sent by this extension. We don't want to block any of these.
+  if (originUrl && (originUrl.protocol == extensionProtocol ||
+                    originUrl.protocol == "chrome:"))
+    return;
 
   let page = null;
   let frame = null;