2014-06-24 00:42:43 +02:00
|
|
|
/*******************************************************************************
|
|
|
|
|
|
2016-03-22 15:19:41 +01:00
|
|
|
uBlock Origin - a browser extension to block requests.
|
2017-01-18 00:18:28 +01:00
|
|
|
Copyright (C) 2014-2017 Raymond Hill
|
2014-06-24 00:42:43 +02:00
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program. If not, see {http://www.gnu.org/licenses/}.
|
|
|
|
|
|
|
|
|
|
Home: https://github.com/gorhill/uBlock
|
|
|
|
|
*/
|
|
|
|
|
|
2016-07-01 04:03:29 +02:00
|
|
|
'use strict';
|
2014-06-24 00:42:43 +02:00
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
|
|
|
|
// Start isolation from global scope
|
|
|
|
|
|
|
|
|
|
µBlock.webRequest = (function() {
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2015-03-26 00:28:22 +01:00
|
|
|
var exports = {};
|
|
|
|
|
|
2015-03-13 14:48:10 +01:00
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2016-11-04 04:42:03 +01:00
|
|
|
// https://github.com/gorhill/uBlock/issues/2067
|
|
|
|
|
// Experimental: Suspend tabs until uBO is fully ready.
|
|
|
|
|
|
|
|
|
|
vAPI.net.onReady = function() {
|
|
|
|
|
if ( µBlock.hiddenSettings.suspendTabsUntilReady !== true ) {
|
|
|
|
|
vAPI.onLoadAllCompleted();
|
|
|
|
|
}
|
|
|
|
|
var fn = onBeforeReady;
|
|
|
|
|
onBeforeReady = null;
|
|
|
|
|
if ( fn !== null ) {
|
|
|
|
|
fn('ready');
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
var onBeforeReady = (function() {
|
|
|
|
|
var suspendedTabs = new Set();
|
|
|
|
|
|
|
|
|
|
var forceReloadSuspendedTabs = function() {
|
|
|
|
|
var iter = suspendedTabs.values(),
|
|
|
|
|
entry;
|
|
|
|
|
for (;;) {
|
|
|
|
|
entry = iter.next();
|
|
|
|
|
if ( entry.done ) { break; }
|
|
|
|
|
vAPI.tabs.reload(entry.value);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return function(tabId) {
|
|
|
|
|
if (
|
|
|
|
|
vAPI.isBehindTheSceneTabId(tabId) ||
|
|
|
|
|
µBlock.hiddenSettings.suspendTabsUntilReady !== true
|
|
|
|
|
) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if ( tabId === 'ready' ) {
|
|
|
|
|
forceReloadSuspendedTabs();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
suspendedTabs.add(tabId);
|
|
|
|
|
return true;
|
|
|
|
|
};
|
|
|
|
|
})();
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2014-07-26 15:55:12 +02:00
|
|
|
// Intercept and filter web requests.
|
2014-07-14 17:24:59 +02:00
|
|
|
|
2014-07-26 01:29:51 +02:00
|
|
|
var onBeforeRequest = function(details) {
|
2016-11-04 04:42:03 +01:00
|
|
|
var tabId = details.tabId;
|
|
|
|
|
if ( onBeforeReady !== null && onBeforeReady(tabId) ) {
|
|
|
|
|
return { cancel: true };
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-26 01:29:51 +02:00
|
|
|
// Special handling for root document.
|
2015-04-07 03:26:05 +02:00
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1001
|
2015-03-13 14:48:10 +01:00
|
|
|
// This must be executed regardless of whether the request is
|
|
|
|
|
// behind-the-scene
|
2015-03-21 21:52:35 +01:00
|
|
|
var requestType = details.type;
|
2015-03-13 15:20:33 +01:00
|
|
|
if ( requestType === 'main_frame' ) {
|
2015-03-21 21:52:35 +01:00
|
|
|
return onBeforeRootFrameRequest(details);
|
2014-07-14 17:24:59 +02:00
|
|
|
}
|
|
|
|
|
|
2015-03-13 14:48:10 +01:00
|
|
|
// Special treatment: behind-the-scene requests
|
2015-04-05 18:03:14 +02:00
|
|
|
if ( vAPI.isBehindTheSceneTabId(tabId) ) {
|
2015-03-13 14:48:10 +01:00
|
|
|
return onBeforeBehindTheSceneRequest(details);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-26 01:29:51 +02:00
|
|
|
// Lookup the page store associated with this tab id.
|
2016-10-14 16:06:34 +02:00
|
|
|
var µb = µBlock,
|
|
|
|
|
pageStore = µb.pageStoreFromTabId(tabId);
|
2014-07-26 01:29:51 +02:00
|
|
|
if ( !pageStore ) {
|
2015-12-02 06:59:51 +01:00
|
|
|
var tabContext = µb.tabContextManager.mustLookup(tabId);
|
2015-04-09 00:46:08 +02:00
|
|
|
if ( vAPI.isBehindTheSceneTabId(tabContext.tabId) ) {
|
2015-03-22 01:30:00 +01:00
|
|
|
return onBeforeBehindTheSceneRequest(details);
|
2015-03-13 14:48:10 +01:00
|
|
|
}
|
2015-04-09 00:46:08 +02:00
|
|
|
vAPI.tabs.onNavigation({ tabId: tabId, frameId: 0, url: tabContext.rawURL });
|
|
|
|
|
pageStore = µb.pageStoreFromTabId(tabId);
|
2014-07-14 20:40:40 +02:00
|
|
|
}
|
2014-07-15 13:38:34 +02:00
|
|
|
|
2015-04-07 03:26:05 +02:00
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/886
|
2015-02-25 20:15:36 +01:00
|
|
|
// For requests of type `sub_frame`, the parent frame id must be used
|
|
|
|
|
// to lookup the proper context:
|
|
|
|
|
// > If the document of a (sub-)frame is loaded (type is main_frame or
|
|
|
|
|
// > sub_frame), frameId indicates the ID of this frame, not the ID of
|
|
|
|
|
// > the outer frame.
|
|
|
|
|
// > (ref: https://developer.chrome.com/extensions/webRequest)
|
2015-03-21 21:52:35 +01:00
|
|
|
var isFrame = requestType === 'sub_frame';
|
2015-04-09 00:46:08 +02:00
|
|
|
|
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/114
|
2016-08-16 04:50:24 +02:00
|
|
|
var requestContext = pageStore.createContextFromFrameId(isFrame ? details.parentFrameId : details.frameId);
|
2014-07-30 07:05:35 +02:00
|
|
|
|
2014-12-28 16:07:43 +01:00
|
|
|
// Setup context and evaluate
|
2015-03-21 21:52:35 +01:00
|
|
|
var requestURL = details.url;
|
2014-12-28 16:07:43 +01:00
|
|
|
requestContext.requestURL = requestURL;
|
2016-01-22 17:13:29 +01:00
|
|
|
requestContext.requestHostname = µb.URI.hostnameFromURI(requestURL);
|
2014-12-28 16:07:43 +01:00
|
|
|
requestContext.requestType = requestType;
|
|
|
|
|
|
|
|
|
|
var result = pageStore.filterRequest(requestContext);
|
2014-07-14 17:24:59 +02:00
|
|
|
|
2016-10-08 16:15:31 +02:00
|
|
|
pageStore.journalAddRequest(requestContext.requestHostname, result);
|
2015-06-05 01:27:03 +02:00
|
|
|
|
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
|
|
|
|
result,
|
|
|
|
|
requestType,
|
|
|
|
|
requestURL,
|
|
|
|
|
requestContext.rootHostname,
|
|
|
|
|
requestContext.pageHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
2015-04-09 00:46:08 +02:00
|
|
|
|
2014-09-14 22:20:40 +02:00
|
|
|
// Not blocked
|
2015-01-16 18:15:12 +01:00
|
|
|
if ( µb.isAllowResult(result) ) {
|
2015-04-07 03:26:05 +02:00
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/114
|
2016-08-16 04:50:24 +02:00
|
|
|
if ( details.parentFrameId !== -1 && isFrame ) {
|
|
|
|
|
pageStore.setFrame(details.frameId, requestURL);
|
2014-08-06 01:35:32 +02:00
|
|
|
}
|
2016-07-01 04:03:29 +02:00
|
|
|
requestContext.dispose();
|
2014-07-14 17:24:59 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-26 01:29:51 +02:00
|
|
|
// Blocked
|
2014-12-23 00:38:18 +01:00
|
|
|
|
2015-11-23 13:52:50 +01:00
|
|
|
// https://github.com/gorhill/uBlock/issues/949
|
|
|
|
|
// Redirect blocked request?
|
2016-11-03 16:20:47 +01:00
|
|
|
if ( µb.hiddenSettings.ignoreRedirectFilters !== true ) {
|
|
|
|
|
var url = µb.redirectEngine.toURL(requestContext);
|
|
|
|
|
if ( url !== undefined ) {
|
|
|
|
|
pageStore.internalRedirectionCount += 1;
|
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'redirect',
|
|
|
|
|
'rr:' + µb.redirectEngine.resourceNameRegister,
|
|
|
|
|
requestType,
|
|
|
|
|
requestURL,
|
|
|
|
|
requestContext.rootHostname,
|
|
|
|
|
requestContext.pageHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
requestContext.dispose();
|
|
|
|
|
return { redirectUrl: url };
|
2016-01-07 23:30:56 +01:00
|
|
|
}
|
2015-11-23 13:52:50 +01:00
|
|
|
}
|
2014-07-14 17:24:59 +02:00
|
|
|
|
2016-07-01 04:03:29 +02:00
|
|
|
requestContext.dispose();
|
2015-03-26 00:28:22 +01:00
|
|
|
return { cancel: true };
|
2014-07-14 17:24:59 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2015-03-21 21:52:35 +01:00
|
|
|
var onBeforeRootFrameRequest = function(details) {
|
2016-11-03 16:20:47 +01:00
|
|
|
var tabId = details.tabId,
|
|
|
|
|
requestURL = details.url,
|
|
|
|
|
µb = µBlock;
|
2015-03-31 15:07:14 +02:00
|
|
|
|
2015-04-09 00:46:08 +02:00
|
|
|
µb.tabContextManager.push(tabId, requestURL);
|
2015-03-26 00:28:22 +01:00
|
|
|
|
2015-03-21 21:52:35 +01:00
|
|
|
// Special handling for root document.
|
2015-04-07 03:26:05 +02:00
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1001
|
2015-03-21 21:52:35 +01:00
|
|
|
// This must be executed regardless of whether the request is
|
|
|
|
|
// behind-the-scene
|
2016-11-03 16:20:47 +01:00
|
|
|
var µburi = µb.URI,
|
|
|
|
|
requestHostname = µburi.hostnameFromURI(requestURL),
|
|
|
|
|
requestDomain = µburi.domainFromHostname(requestHostname) || requestHostname,
|
|
|
|
|
result = '';
|
2015-03-26 00:28:22 +01:00
|
|
|
var context = {
|
|
|
|
|
rootHostname: requestHostname,
|
|
|
|
|
rootDomain: requestDomain,
|
|
|
|
|
pageHostname: requestHostname,
|
|
|
|
|
pageDomain: requestDomain,
|
|
|
|
|
requestURL: requestURL,
|
|
|
|
|
requestHostname: requestHostname,
|
2016-08-31 11:19:16 +02:00
|
|
|
requestType: 'main_frame'
|
2015-03-26 00:28:22 +01:00
|
|
|
};
|
|
|
|
|
|
2015-04-09 18:20:24 +02:00
|
|
|
// If the site is whitelisted, disregard strict blocking
|
|
|
|
|
if ( µb.getNetFilteringSwitch(requestURL) === false ) {
|
|
|
|
|
result = 'ua:whitelisted';
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-27 18:00:55 +01:00
|
|
|
// Permanently unrestricted?
|
2015-04-09 17:19:31 +02:00
|
|
|
if ( result === '' && µb.hnSwitches.evaluateZ('no-strict-blocking', requestHostname) ) {
|
2015-04-25 06:28:30 +02:00
|
|
|
result = 'ua:no-strict-blocking: ' + µb.hnSwitches.z + ' true';
|
2015-03-27 18:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
2015-03-26 00:28:22 +01:00
|
|
|
// Temporarily whitelisted?
|
2015-04-09 18:20:24 +02:00
|
|
|
if ( result === '' ) {
|
|
|
|
|
result = isTemporarilyWhitelisted(result, requestHostname);
|
|
|
|
|
if ( result.charAt(1) === 'a' ) {
|
2015-07-11 23:40:42 +02:00
|
|
|
result = 'ua:no-strict-blocking true (temporary)';
|
2015-04-09 18:20:24 +02:00
|
|
|
}
|
2015-03-21 21:52:35 +01:00
|
|
|
}
|
2015-03-26 00:28:22 +01:00
|
|
|
|
2015-07-13 14:49:58 +02:00
|
|
|
// Static filtering: We always need the long-form result here.
|
2015-07-11 23:40:42 +02:00
|
|
|
var snfe = µb.staticNetFilteringEngine;
|
2015-07-13 14:49:58 +02:00
|
|
|
|
|
|
|
|
// Check for specific block
|
2016-08-31 11:19:16 +02:00
|
|
|
if (
|
|
|
|
|
result === '' &&
|
|
|
|
|
snfe.matchStringExactType(context, requestURL, 'main_frame') !== undefined
|
|
|
|
|
) {
|
2015-07-13 14:49:58 +02:00
|
|
|
result = snfe.toResultString(true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for generic block
|
2016-08-31 11:19:16 +02:00
|
|
|
if (
|
|
|
|
|
result === '' &&
|
|
|
|
|
snfe.matchStringExactType(context, requestURL, 'no_type') !== undefined
|
|
|
|
|
) {
|
2015-07-11 23:40:42 +02:00
|
|
|
result = snfe.toResultString(true);
|
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1128
|
|
|
|
|
// Do not block if the match begins after the hostname, except when
|
|
|
|
|
// the filter is specifically of type `other`.
|
2015-07-13 13:41:02 +02:00
|
|
|
// https://github.com/gorhill/uBlock/issues/490
|
|
|
|
|
// Removing this for the time being, will need a new, dedicated type.
|
|
|
|
|
if ( result.charAt(1) === 'b' ) {
|
2015-07-11 23:40:42 +02:00
|
|
|
result = toBlockDocResult(requestURL, requestHostname, result);
|
2015-03-30 23:42:12 +02:00
|
|
|
}
|
2015-03-26 00:28:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Log
|
2015-04-09 00:46:08 +02:00
|
|
|
var pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
|
2015-03-26 00:28:22 +01:00
|
|
|
if ( pageStore ) {
|
2016-10-08 16:15:31 +02:00
|
|
|
pageStore.journalAddRootFrame('uncommitted', requestURL);
|
|
|
|
|
pageStore.journalAddRequest(requestHostname, result);
|
2015-03-26 00:28:22 +01:00
|
|
|
}
|
2015-06-05 01:27:03 +02:00
|
|
|
|
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
|
|
|
|
result,
|
|
|
|
|
'main_frame',
|
|
|
|
|
requestURL,
|
|
|
|
|
requestHostname,
|
|
|
|
|
requestHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
2015-03-26 00:28:22 +01:00
|
|
|
|
|
|
|
|
// Not blocked
|
|
|
|
|
if ( µb.isAllowResult(result) ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-12 01:33:30 +02:00
|
|
|
var compiled = result.slice(3);
|
|
|
|
|
|
2015-03-26 00:28:22 +01:00
|
|
|
// Blocked
|
|
|
|
|
var query = btoa(JSON.stringify({
|
|
|
|
|
url: requestURL,
|
2015-03-30 19:10:29 +02:00
|
|
|
hn: requestHostname,
|
2015-04-06 16:26:32 +02:00
|
|
|
dn: requestDomain,
|
2015-06-12 01:33:30 +02:00
|
|
|
fc: compiled,
|
2015-07-11 23:40:42 +02:00
|
|
|
fs: snfe.filterStringFromCompiled(compiled)
|
2015-03-26 00:28:22 +01:00
|
|
|
}));
|
2015-03-27 18:00:55 +01:00
|
|
|
|
2015-04-09 00:46:08 +02:00
|
|
|
vAPI.tabs.replace(tabId, vAPI.getURL('document-blocked.html?details=') + query);
|
2015-03-27 18:00:55 +01:00
|
|
|
|
|
|
|
|
return { cancel: true };
|
2015-03-21 21:52:35 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2015-03-30 23:42:12 +02:00
|
|
|
var toBlockDocResult = function(url, hostname, result) {
|
|
|
|
|
// Make a regex out of the result
|
2015-06-09 16:27:08 +02:00
|
|
|
var re = µBlock.staticNetFilteringEngine
|
|
|
|
|
.filterRegexFromCompiled(result.slice(3), 'gi');
|
|
|
|
|
if ( re === null ) {
|
|
|
|
|
return '';
|
2015-03-30 23:42:12 +02:00
|
|
|
}
|
|
|
|
|
var matches = re.exec(url);
|
|
|
|
|
if ( matches === null ) {
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-08 13:04:29 +02:00
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1128
|
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1212
|
|
|
|
|
// Relax the rule: verify that the match is completely before the path part
|
|
|
|
|
if ( re.lastIndex <= url.indexOf(hostname) + hostname.length + 1 ) {
|
2015-03-30 23:42:12 +02:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return '';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2016-10-14 16:06:34 +02:00
|
|
|
// Intercept and filter behind-the-scene requests.
|
|
|
|
|
|
2016-03-22 15:19:41 +01:00
|
|
|
// https://github.com/gorhill/uBlock/issues/870
|
|
|
|
|
// Finally, Chromium 49+ gained the ability to report network request of type
|
|
|
|
|
// `beacon`, so now we can block them according to the state of the
|
|
|
|
|
// "Disable hyperlink auditing/beacon" setting.
|
|
|
|
|
|
2015-01-24 18:06:22 +01:00
|
|
|
var onBeforeBehindTheSceneRequest = function(details) {
|
2016-10-14 16:06:34 +02:00
|
|
|
var µb = µBlock,
|
|
|
|
|
pageStore = µb.pageStoreFromTabId(vAPI.noTabId);
|
|
|
|
|
if ( !pageStore ) { return; }
|
|
|
|
|
|
|
|
|
|
var result = '',
|
|
|
|
|
context = pageStore.createContextFromPage(),
|
|
|
|
|
requestType = details.type,
|
|
|
|
|
requestURL = details.url;
|
2015-01-24 18:06:22 +01:00
|
|
|
|
2016-01-22 17:13:29 +01:00
|
|
|
context.requestURL = requestURL;
|
|
|
|
|
context.requestHostname = µb.URI.hostnameFromURI(requestURL);
|
2016-10-14 16:06:34 +02:00
|
|
|
context.requestType = requestType;
|
|
|
|
|
|
2016-10-17 15:37:59 +02:00
|
|
|
// https://bugs.chromium.org/p/chromium/issues/detail?id=637577#c15
|
|
|
|
|
// Do not filter behind-the-scene network request of type `beacon`: there
|
|
|
|
|
// is no point. In any case, this will become a non-issue once
|
|
|
|
|
// <https://bugs.chromium.org/p/chromium/issues/detail?id=522129> is
|
|
|
|
|
// fixed.
|
2015-01-24 18:06:22 +01:00
|
|
|
|
|
|
|
|
// Blocking behind-the-scene requests can break a lot of stuff: prevent
|
|
|
|
|
// browser updates, prevent extension updates, prevent extensions from
|
|
|
|
|
// working properly, etc.
|
|
|
|
|
// So we filter if and only if the "advanced user" mode is selected
|
2016-10-17 15:37:59 +02:00
|
|
|
if ( µb.userSettings.advancedUserEnabled ) {
|
2015-04-09 00:46:08 +02:00
|
|
|
result = pageStore.filterRequestNoCache(context);
|
2015-01-24 18:06:22 +01:00
|
|
|
}
|
|
|
|
|
|
2016-10-08 16:15:31 +02:00
|
|
|
pageStore.journalAddRequest(context.requestHostname, result);
|
2015-06-05 01:27:03 +02:00
|
|
|
|
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
vAPI.noTabId,
|
|
|
|
|
'net',
|
|
|
|
|
result,
|
2016-10-14 16:06:34 +02:00
|
|
|
requestType,
|
2016-01-22 17:13:29 +01:00
|
|
|
requestURL,
|
2015-06-05 01:27:03 +02:00
|
|
|
context.rootHostname,
|
|
|
|
|
context.rootHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
2015-01-24 18:06:22 +01:00
|
|
|
|
2016-07-01 04:03:29 +02:00
|
|
|
context.dispose();
|
|
|
|
|
|
2015-01-24 18:06:22 +01:00
|
|
|
// Not blocked
|
|
|
|
|
if ( µb.isAllowResult(result) ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Blocked
|
|
|
|
|
return { 'cancel': true };
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2016-01-17 19:30:43 +01:00
|
|
|
// To handle:
|
|
|
|
|
// - inline script tags
|
2017-01-18 00:18:28 +01:00
|
|
|
// - websockets
|
2016-01-17 19:30:43 +01:00
|
|
|
// - media elements larger than n kB
|
2014-09-24 23:38:22 +02:00
|
|
|
|
|
|
|
|
var onHeadersReceived = function(details) {
|
|
|
|
|
// Do not interfere with behind-the-scene requests.
|
|
|
|
|
var tabId = details.tabId;
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( vAPI.isBehindTheSceneTabId(tabId) ) { return; }
|
2014-09-24 23:38:22 +02:00
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
var µb = µBlock,
|
|
|
|
|
requestType = details.type;
|
2015-11-09 23:59:19 +01:00
|
|
|
|
|
|
|
|
if ( requestType === 'main_frame' ) {
|
2017-01-18 00:18:28 +01:00
|
|
|
µb.tabContextManager.push(tabId, details.url);
|
2015-06-11 21:11:01 +02:00
|
|
|
}
|
2016-01-17 19:30:43 +01:00
|
|
|
|
2014-09-24 23:38:22 +02:00
|
|
|
var pageStore = µb.pageStoreFromTabId(tabId);
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( pageStore === null ) {
|
|
|
|
|
if ( requestType !== 'main_frame' ) { return; }
|
2015-11-09 23:59:19 +01:00
|
|
|
pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
|
2014-09-24 23:38:22 +02:00
|
|
|
}
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( pageStore.getNetFilteringSwitch() === false ) { return; }
|
2015-04-09 00:46:08 +02:00
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( requestType === 'image' || requestType === 'media' ) {
|
|
|
|
|
return foilLargeMediaElement(pageStore, details);
|
2015-04-09 00:46:08 +02:00
|
|
|
}
|
|
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
// https://github.com/gorhill/uBO-Extra/issues/19
|
|
|
|
|
// Turns out scripts must also be considered as potential embedded
|
|
|
|
|
// contexts (as workers) and as such we may need to inject content
|
|
|
|
|
// security policy directives.
|
|
|
|
|
if ( requestType === 'script' || requestType === 'main_frame' || requestType === 'sub_frame' ) {
|
|
|
|
|
return processCSP(pageStore, details);
|
|
|
|
|
}
|
2016-08-27 17:08:56 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
var processCSP = function(pageStore, details) {
|
2016-08-27 17:08:56 +02:00
|
|
|
var µb = µBlock,
|
|
|
|
|
tabId = details.tabId,
|
|
|
|
|
requestURL = details.url,
|
|
|
|
|
loggerEnabled = µb.logger.isEnabled();
|
|
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
var context = pageStore.createContextFromPage();
|
2016-01-22 17:13:29 +01:00
|
|
|
context.requestHostname = µb.URI.hostnameFromURI(requestURL);
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( details.type !== 'main_frame' ) {
|
|
|
|
|
context.pageHostname = context.pageDomain = context.requestHostname;
|
|
|
|
|
}
|
2015-01-24 18:06:22 +01:00
|
|
|
|
2017-02-07 14:05:39 +01:00
|
|
|
var inlineScriptResult, blockInlineScript,
|
|
|
|
|
workerResult, blockWorker;
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( details.type !== 'script' ) {
|
|
|
|
|
context.requestType = 'inline-script';
|
2017-02-07 14:05:39 +01:00
|
|
|
context.requestURL = requestURL;
|
2017-01-18 00:18:28 +01:00
|
|
|
inlineScriptResult = pageStore.filterRequestNoCache(context);
|
2016-08-27 17:08:56 +02:00
|
|
|
blockInlineScript = µb.isBlockResult(inlineScriptResult);
|
2017-02-07 14:05:39 +01:00
|
|
|
// https://github.com/gorhill/uBlock/issues/2360
|
|
|
|
|
context.requestType = 'script';
|
|
|
|
|
context.requestURL = 'blob:';
|
|
|
|
|
workerResult = pageStore.filterRequestNoCache(context);
|
|
|
|
|
blockWorker = µb.isBlockResult(workerResult);
|
2017-01-18 00:18:28 +01:00
|
|
|
}
|
2016-08-27 17:08:56 +02:00
|
|
|
|
2016-08-29 14:10:18 +02:00
|
|
|
µb.staticNetFilteringEngine.matchStringExactType(context, requestURL, 'websocket');
|
|
|
|
|
var websocketResult = µb.staticNetFilteringEngine.toResultString(loggerEnabled),
|
2016-08-27 17:08:56 +02:00
|
|
|
blockWebsocket = µb.isBlockResult(websocketResult);
|
|
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
var headersChanged;
|
2017-02-06 21:34:31 +01:00
|
|
|
if ( blockInlineScript || blockWebsocket || blockWorker ) {
|
2016-08-27 17:08:56 +02:00
|
|
|
headersChanged = foilWithCSP(
|
|
|
|
|
details.responseHeaders,
|
|
|
|
|
blockInlineScript,
|
2017-02-06 21:34:31 +01:00
|
|
|
blockWebsocket,
|
|
|
|
|
blockWorker
|
2016-08-27 17:08:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
2015-06-05 01:27:03 +02:00
|
|
|
|
2017-01-25 15:21:16 +01:00
|
|
|
if ( loggerEnabled && details.type !== 'script' ) {
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( blockInlineScript !== undefined ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
|
|
|
|
inlineScriptResult,
|
|
|
|
|
'inline-script',
|
|
|
|
|
requestURL,
|
|
|
|
|
context.rootHostname,
|
|
|
|
|
context.pageHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if ( websocketResult !== '' ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
|
|
|
|
websocketResult,
|
|
|
|
|
'websocket',
|
|
|
|
|
requestURL,
|
|
|
|
|
context.rootHostname,
|
|
|
|
|
context.pageHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
2017-02-06 21:34:31 +01:00
|
|
|
if ( workerResult !== '' ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
|
|
|
|
workerResult,
|
|
|
|
|
'worker',
|
|
|
|
|
requestURL,
|
|
|
|
|
context.rootHostname,
|
|
|
|
|
context.pageHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-08-27 17:08:56 +02:00
|
|
|
}
|
|
|
|
|
|
2016-07-01 04:03:29 +02:00
|
|
|
context.dispose();
|
|
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
if ( headersChanged !== true ) { return; }
|
2014-09-24 23:38:22 +02:00
|
|
|
|
|
|
|
|
µb.updateBadgeAsync(tabId);
|
|
|
|
|
|
2016-08-27 17:08:56 +02:00
|
|
|
return { 'responseHeaders': details.responseHeaders };
|
2015-08-13 22:03:37 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2016-01-17 19:30:43 +01:00
|
|
|
// https://github.com/gorhill/uBlock/issues/1163
|
2016-11-08 21:53:08 +01:00
|
|
|
// "Block elements by size"
|
2016-01-17 19:30:43 +01:00
|
|
|
|
2017-01-18 00:18:28 +01:00
|
|
|
var foilLargeMediaElement = function(pageStore, details) {
|
2016-01-17 19:30:43 +01:00
|
|
|
var µb = µBlock;
|
2016-11-08 21:53:08 +01:00
|
|
|
|
2016-01-18 06:26:29 +01:00
|
|
|
var i = headerIndexFromName('content-length', details.responseHeaders);
|
2016-11-08 21:53:08 +01:00
|
|
|
if ( i === -1 ) { return; }
|
|
|
|
|
|
|
|
|
|
var tabId = details.tabId,
|
2017-01-18 00:18:28 +01:00
|
|
|
size = parseInt(details.responseHeaders[i].value, 10) || 0,
|
2016-11-08 21:53:08 +01:00
|
|
|
result = pageStore.filterLargeMediaElement(size);
|
|
|
|
|
if ( result === undefined ) { return; }
|
2016-01-17 19:30:43 +01:00
|
|
|
|
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
|
|
|
µb.logger.writeOne(
|
|
|
|
|
tabId,
|
|
|
|
|
'net',
|
2016-11-08 21:53:08 +01:00
|
|
|
result,
|
2016-01-17 19:30:43 +01:00
|
|
|
details.type,
|
|
|
|
|
details.url,
|
|
|
|
|
pageStore.tabHostname,
|
|
|
|
|
pageStore.tabHostname
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return { cancel: true };
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2017-02-06 21:34:31 +01:00
|
|
|
var foilWithCSP = function(headers, noInlineScript, noWebsocket, noWorker) {
|
|
|
|
|
var me = foilWithCSP,
|
|
|
|
|
i = headerIndexFromName('content-security-policy', headers),
|
2016-08-27 17:08:56 +02:00
|
|
|
before = i === -1 ? '' : headers[i].value.trim(),
|
|
|
|
|
after = before;
|
|
|
|
|
|
|
|
|
|
if ( noInlineScript ) {
|
|
|
|
|
after = foilWithCSPDirective(
|
|
|
|
|
after,
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reScriptSrc,
|
2016-08-27 17:08:56 +02:00
|
|
|
"script-src 'unsafe-eval' *",
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reScriptSrcRemove
|
2016-08-27 17:08:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( noWebsocket ) {
|
|
|
|
|
after = foilWithCSPDirective(
|
|
|
|
|
after,
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reConnectSrc,
|
2016-08-27 17:08:56 +02:00
|
|
|
'connect-src http:',
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reConnectSrcRemove
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// https://www.w3.org/TR/CSP2/#directive-child-src
|
|
|
|
|
// https://www.w3.org/TR/CSP3/#directive-worker-src
|
|
|
|
|
if ( noWorker ) {
|
|
|
|
|
after = foilWithCSPDirective(
|
|
|
|
|
after,
|
|
|
|
|
me.reWorkerSrc,
|
|
|
|
|
'child-src http:',
|
|
|
|
|
me.reWorkerSrcRemove
|
2016-08-27 17:08:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// https://bugs.chromium.org/p/chromium/issues/detail?id=513860
|
|
|
|
|
// Bad Chromium bug: web pages can work around CSP directives by
|
|
|
|
|
// creating data:- or blob:-based URI. So if we must restrict using CSP,
|
|
|
|
|
// we have no choice but to also prevent the creation of nested browsing
|
|
|
|
|
// contexts based on data:- or blob:-based URIs.
|
|
|
|
|
if ( vAPI.chrome && (noInlineScript || noWebsocket) ) {
|
|
|
|
|
// https://w3c.github.io/webappsec-csp/#directive-frame-src
|
|
|
|
|
after = foilWithCSPDirective(
|
|
|
|
|
after,
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reFrameSrc,
|
2016-08-27 17:08:56 +02:00
|
|
|
'frame-src http:',
|
2017-02-06 21:34:31 +01:00
|
|
|
me.reFrameSrcRemove
|
2016-08-27 17:08:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var changed = after !== before;
|
|
|
|
|
if ( changed ) {
|
|
|
|
|
if ( i !== -1 ) {
|
|
|
|
|
headers.splice(i, 1);
|
|
|
|
|
}
|
|
|
|
|
headers.push({ name: 'Content-Security-Policy', value: after });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return changed;
|
|
|
|
|
};
|
|
|
|
|
|
2017-02-06 21:34:31 +01:00
|
|
|
(function() {
|
|
|
|
|
var fn = foilWithCSP;
|
|
|
|
|
fn.reScriptSrc = /script-src[^;]*;?\s*/;
|
|
|
|
|
fn.reScriptSrcRemove = /'unsafe-inline'\s*|'nonce-[^']+'\s*/g;
|
|
|
|
|
fn.reConnectSrc = /connect-src[^;]*;?\s*/;
|
|
|
|
|
fn.reConnectSrcRemove = /wss?:[^\s]*\s*/g;
|
|
|
|
|
fn.reWorkerSrc = /child-src[^;]*;?\s*/;
|
|
|
|
|
fn.reWorkerSrcRemove = /blob:[^\s]*\s*/g;
|
|
|
|
|
fn.reFrameSrc = /frame-src[^;]*;?\s*/;
|
|
|
|
|
fn.reFrameSrcRemove = /data:[^\s]*\s*|blob:[^\s]*\s*/g;
|
|
|
|
|
})();
|
|
|
|
|
|
2016-08-27 17:08:56 +02:00
|
|
|
/******************************************************************************/
|
|
|
|
|
|
|
|
|
|
// Past issues to keep in mind:
|
|
|
|
|
// - https://github.com/gorhill/uMatrix/issues/129
|
|
|
|
|
// - https://github.com/gorhill/uMatrix/issues/320
|
|
|
|
|
// - https://github.com/gorhill/uBlock/issues/1909
|
|
|
|
|
|
|
|
|
|
var foilWithCSPDirective = function(csp, toExtract, toAdd, toRemove) {
|
|
|
|
|
// Set
|
|
|
|
|
if ( csp === '' ) {
|
|
|
|
|
return toAdd;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var matches = toExtract.exec(csp);
|
|
|
|
|
|
|
|
|
|
// Add
|
2015-08-13 22:03:37 +02:00
|
|
|
if ( matches === null ) {
|
2016-08-27 17:08:56 +02:00
|
|
|
if ( csp.slice(-1) !== ';' ) {
|
|
|
|
|
csp += ';';
|
|
|
|
|
}
|
|
|
|
|
csp += ' ' + toAdd;
|
|
|
|
|
return csp.replace(reReportDirective, '');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var directive = matches[0];
|
|
|
|
|
|
|
|
|
|
// No change
|
|
|
|
|
if ( toRemove.test(directive) === false ) {
|
|
|
|
|
return csp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove
|
|
|
|
|
csp = csp.replace(toExtract, '').trim();
|
|
|
|
|
if ( csp.slice(-1) !== ';' ) {
|
|
|
|
|
csp += ';';
|
|
|
|
|
}
|
|
|
|
|
directive = directive.replace(toRemove, '').trim();
|
|
|
|
|
|
|
|
|
|
// Check for empty directive after removal
|
|
|
|
|
matches = reEmptyDirective.exec(directive);
|
|
|
|
|
if ( matches ) {
|
|
|
|
|
directive = matches[1] + " 'none';";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
csp += ' ' + directive;
|
|
|
|
|
return csp.replace(reReportDirective, '');
|
2015-08-13 22:03:37 +02:00
|
|
|
};
|
|
|
|
|
|
2016-08-27 17:08:56 +02:00
|
|
|
// https://w3c.github.io/webappsec-csp/#directives-reporting
|
|
|
|
|
var reReportDirective = /report-(?:to|uri)[^;]*;?\s*/;
|
|
|
|
|
var reEmptyDirective = /^([a-z-]+)\s*;/;
|
2014-09-24 23:38:22 +02:00
|
|
|
|
2015-08-13 22:03:37 +02:00
|
|
|
/******************************************************************************/
|
|
|
|
|
|
|
|
|
|
// Caller must ensure headerName is normalized to lower case.
|
|
|
|
|
|
|
|
|
|
var headerIndexFromName = function(headerName, headers) {
|
|
|
|
|
var i = headers.length;
|
|
|
|
|
while ( i-- ) {
|
|
|
|
|
if ( headers[i].name.toLowerCase() === headerName ) {
|
|
|
|
|
return i;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
2014-09-24 23:38:22 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2014-10-17 21:44:19 +02:00
|
|
|
vAPI.net.onBeforeRequest = {
|
|
|
|
|
urls: [
|
|
|
|
|
'http://*/*',
|
|
|
|
|
'https://*/*'
|
|
|
|
|
],
|
|
|
|
|
extra: [ 'blocking' ],
|
|
|
|
|
callback: onBeforeRequest
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vAPI.net.onHeadersReceived = {
|
|
|
|
|
urls: [
|
|
|
|
|
'http://*/*',
|
|
|
|
|
'https://*/*'
|
|
|
|
|
],
|
|
|
|
|
types: [
|
2016-01-17 19:30:43 +01:00
|
|
|
'main_frame',
|
|
|
|
|
'sub_frame',
|
|
|
|
|
'image',
|
2017-01-18 00:18:28 +01:00
|
|
|
'media',
|
|
|
|
|
'script'
|
2014-10-17 21:44:19 +02:00
|
|
|
],
|
|
|
|
|
extra: [ 'blocking', 'responseHeaders' ],
|
|
|
|
|
callback: onHeadersReceived
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vAPI.net.registerListeners();
|
2014-09-24 23:38:22 +02:00
|
|
|
|
2015-01-24 18:06:22 +01:00
|
|
|
//console.log('traffic.js > Beginning to intercept net requests at %s', (new Date()).toISOString());
|
2014-06-24 00:42:43 +02:00
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2015-04-06 16:26:32 +02:00
|
|
|
var isTemporarilyWhitelisted = function(result, hostname) {
|
|
|
|
|
var obsolete, pos;
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
obsolete = documentWhitelists[hostname];
|
|
|
|
|
if ( obsolete !== undefined ) {
|
|
|
|
|
if ( obsolete > Date.now() ) {
|
|
|
|
|
if ( result === '' ) {
|
|
|
|
|
return 'ua:*' + ' ' + hostname + ' doc allow';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
delete documentWhitelists[hostname];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
pos = hostname.indexOf('.');
|
|
|
|
|
if ( pos === -1 ) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
hostname = hostname.slice(pos + 1);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-09 00:46:08 +02:00
|
|
|
var documentWhitelists = Object.create(null);
|
|
|
|
|
|
2015-04-06 16:26:32 +02:00
|
|
|
/******************************************************************************/
|
|
|
|
|
|
|
|
|
|
exports.temporarilyWhitelistDocument = function(hostname) {
|
|
|
|
|
if ( typeof hostname !== 'string' || hostname === '' ) {
|
2015-03-26 00:28:22 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
documentWhitelists[hostname] = Date.now() + 60 * 1000;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
|
|
|
|
return exports;
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
|
2014-06-24 00:42:43 +02:00
|
|
|
})();
|
|
|
|
|
|
|
|
|
|
/******************************************************************************/
|
