Issue 7243 - Update adblockpluscore dependency to hg:e26e122e0702

lib/csp.js

Index: lib/csp.js
===================================================================
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -15,17 +15,18 @@
  * along with Adblock Plus.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 "use strict";
 
 const {defaultMatcher} = require("../adblockpluscore/lib/matcher");
 const {RegExpFilter, WhitelistFilter} =
   require("../adblockpluscore/lib/filterClasses");
-const {extractHostFromFrame, isThirdParty} = require("./url");
+const {isThirdParty} = require("../adblockpluscore/lib/domain");
+const {extractHostFromFrame} = require("./url");
 const {checkWhitelisted} = require("./whitelisting");
 const {filterNotifier} = require("filterNotifier");
 const {logRequest} = require("./hitLogger");
 
 const {typeMap} = RegExpFilter;
 
 browser.webRequest.onHeadersReceived.addListener(details =>
 {
@@ -53,28 +54,41 @@
     if (specificOnly && !(cspMatch instanceof WhitelistFilter))
     {
       cspMatch = defaultMatcher.matchesAny(details.url, typeMap.CSP, hostname,
                                            thirdParty, null, specificOnly);
       if (!cspMatch)
         return;
     }
 
-    logRequest([details.tabId], {
-      url: details.url, type: "CSP", docDomain: hostname,
-      thirdParty, specificOnly
-    }, cspMatch);
-    filterNotifier.emit("filter.hitCount", cspMatch, 0, 0, [details.tabId]);
+    if (cspMatch instanceof WhitelistFilter)

[Sebastian Noack, 2019/01/30 19:54:25]

Why not calling search() with "all" instead?

Or if it's faster, keep calling search() with "blocking" and only call
matchesAny() if we found any blocking filters. That should at least be faster
than calling both matchesAny() and search() in the common case (i.e. if there is
no whitelist filter).

Or keep calling matchesAny() first but bail as well if no filter is found.

[Manish Jethani, 2019/01/31 01:04:14]

That would look for all blocking and whitelist filters, unconditionally. We
definitely don't want that in general (maybe only for DevTools logging but
that's a separate issue).
This would have the disadvantage that for whitelisted URLs we would first look
for all the blocking filters only to find out that the URL is whitelisted later.
Maybe that's not so bad, but it disadvantages whitelisted URLs.
This is what we are doing now here in this patch:

 1.  Look for any filter using matchesAny()
 2.  If no filter found, bail
 3.  If filter is whitelist filter, log and bail
 4.  Look for all blocking filters using search(), log and inject headers

It's not the best but it keeps the changes to a minimum for now and since there
are only ~140 CSP filters  in EasyList it should be OK for now. We can
reconsider at a later point if it would be more optimal to do it differently.

[Sebastian Noack, 2019/01/31 01:12:24]

I don't think that the whitelisted scenario is one worth optimizing for, but no
filter matching at all is the common case here. I didn't expand the code above,
so I didn't see that we are already in a branch that is only executed if there
is any filter match in the first place. So never mind, that seems good enough.

+    {
+      logRequest([details.tabId], {
+        url: details.url, type: "CSP", docDomain: hostname,
+        thirdParty, specificOnly
+      }, cspMatch);
+      filterNotifier.emit("filter.hitCount", cspMatch, 0, 0, [details.tabId]);
+      return;
+    }
 
-    if (cspMatch instanceof WhitelistFilter)
-      return;
+    let {blocking} = defaultMatcher.search(details.url, typeMap.CSP, hostname,
+                                           thirdParty, null, specificOnly,
+                                           "blocking");
+    for (cspMatch of blocking)
+    {
+      logRequest([details.tabId], {
+        url: details.url, type: "CSP", docDomain: hostname,
+        thirdParty, specificOnly
+      }, cspMatch);
+      filterNotifier.emit("filter.hitCount", cspMatch, 0, 0, [details.tabId]);
 
-    details.responseHeaders.push({
-      name: "Content-Security-Policy",
-      value: cspMatch.csp
-    });
+      details.responseHeaders.push({
+        name: "Content-Security-Policy",
+        value: cspMatch.csp
+      });
+    }
 
     return {responseHeaders: details.responseHeaders};
   }
 }, {
   urls: ["http://*/*", "https://*/*"],
   types: ["main_frame", "sub_frame"]
 }, ["blocking", "responseHeaders"]);