From c3cf2e403f2459a52c8b4e86180fa6d896dd1477 Mon Sep 17 00:00:00 2001 From: yan Date: Wed, 21 Sep 2016 00:38:50 -0700 Subject: [PATCH] use main frame url for webrequest first party url fix #4137 auditors: @bridiver --- app/adBlock.js | 2 +- app/filtering.js | 42 +++++++++++++++++++++++++++++---------- app/httpsEverywhere.js | 6 ++++-- app/siteHacks.js | 5 +++-- app/trackingProtection.js | 2 +- 5 files changed, 40 insertions(+), 17 deletions(-) diff --git a/app/adBlock.js b/app/adBlock.js index 924becc0086..3ed1c01c9d5 100644 --- a/app/adBlock.js +++ b/app/adBlock.js @@ -28,7 +28,7 @@ const whitelistHosts = ['disqus.com', 'a.disquscdn.com'] const startAdBlocking = (adblock, resourceName, shouldCheckMainFrame) => { Filtering.registerBeforeRequestFilteringCB((details) => { - const firstPartyUrl = URL.parse(details.firstPartyUrl) + const firstPartyUrl = URL.parse(Filtering.getMainFrameUrl(details)) let firstPartyUrlHost = firstPartyUrl.hostname || '' const urlHost = URL.parse(details.url).hostname const cancel = firstPartyUrl.protocol && diff --git a/app/filtering.js b/app/filtering.js index 28214e8b411..e1a02e64d15 100644 --- a/app/filtering.js +++ b/app/filtering.js @@ -8,6 +8,7 @@ const messages = require('../js/constants/messages') const electron = require('electron') const session = electron.session const BrowserWindow = electron.BrowserWindow +const webContents = electron.webContents const AppStore = require('../js/stores/appStore') const appActions = require('../js/actions/appActions') const appConfig = require('../js/constants/appConfig') @@ -81,12 +82,13 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => { */ function registerForBeforeRequest (session) { session.webRequest.onBeforeRequest((details, cb) => { - // Using an electron binary which isn't from Brave - if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) { + if (shouldIgnoreUrl(details.url)) { cb({}) return } + const firstPartyUrl = module.exports.getMainFrameUrl(details) + if (appUrlUtil.isTargetAboutUrl(details.url)) { if (process.env.NODE_ENV === 'development' && !details.url.match(/devServerPort/)) { // add webpack dev server port @@ -106,7 +108,7 @@ function registerForBeforeRequest (session) { const isHttpsEverywhere = results.resourceName === appConfig.resourceNames.HTTPS_EVERYWHERE const isTracker = results.resourceName === appConfig.resourceNames.TRACKING_PROTECTION - if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) { + if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) { continue } if (results.cancel) { @@ -171,7 +173,7 @@ function registerForBeforeRedirect (session) { // Note that onBeforeRedirect listener doesn't take a callback session.webRequest.onBeforeRedirect(function (details) { // Using an electron binary which isn't from Brave - if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) { + if (shouldIgnoreUrl(details.url)) { return } for (let i = 0; i < beforeRedirectFilteringFns.length; i++) { @@ -197,7 +199,7 @@ function registerForBeforeSendHeaders (session) { session.webRequest.onBeforeSendHeaders(function (details, cb) { // Using an electron binary which isn't from Brave - if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) { + if (shouldIgnoreUrl(details.url)) { cb({}) return } @@ -217,9 +219,11 @@ function registerForBeforeSendHeaders (session) { requestHeaders['User-Agent'] = spoofedUserAgent } + const firstPartyUrl = module.exports.getMainFrameUrl(details) + for (let i = 0; i < beforeSendHeadersFilteringFns.length; i++) { let results = beforeSendHeadersFilteringFns[i](details) - if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) { + if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) { continue } if (results.cancel) { @@ -231,12 +235,12 @@ function registerForBeforeSendHeaders (session) { } } - if (module.exports.isResourceEnabled(appConfig.resourceNames.COOKIEBLOCK, details.firstPartyUrl)) { - if (module.exports.isThirdPartyHost(urlParse(details.firstPartyUrl || '').hostname, + if (module.exports.isResourceEnabled(appConfig.resourceNames.COOKIEBLOCK, firstPartyUrl)) { + if (module.exports.isThirdPartyHost(urlParse(firstPartyUrl || '').hostname, parsedUrl.hostname)) { // Clear cookie and referer on third-party requests if (requestHeaders['Cookie'] && - getOrigin(details.firstPartyUrl) !== pdfjsOrigin) { + getOrigin(firstPartyUrl) !== pdfjsOrigin) { requestHeaders['Cookie'] = undefined } if (requestHeaders['Referer'] && @@ -262,13 +266,14 @@ function registerForHeadersReceived (session) { // Note that onBeforeRedirect listener doesn't take a callback session.webRequest.onHeadersReceived(function (details, cb) { // Using an electron binary which isn't from Brave - if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) { + if (shouldIgnoreUrl(details.url)) { cb({}) return } + const firstPartyUrl = module.exports.getMainFrameUrl(details) for (let i = 0; i < headersReceivedFilteringFns.length; i++) { let results = headersReceivedFilteringFns[i](details) - if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) { + if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) { continue } if (results.responseHeaders) { @@ -693,3 +698,18 @@ module.exports.clearAutofillData = () => { ses.autofill.clearAutofillData() } } + +module.exports.getMainFrameUrl = (details) => { + if (details.resourceType === 'mainFrame') { + return details.url + } + const tabId = details.tabId + const wc = webContents.getAllWebContents() + if (wc && tabId) { + const content = wc.find((item) => item.getId() === tabId) + if (content) { + return content.getURL() + } + } + return null +} diff --git a/app/httpsEverywhere.js b/app/httpsEverywhere.js index 235242a901f..3da795fb382 100644 --- a/app/httpsEverywhere.js +++ b/app/httpsEverywhere.js @@ -114,7 +114,8 @@ function startHttpsEverywhere () { function onBeforeHTTPRequest (details) { let result = { resourceName: module.exports.resourceName } - if (!Filtering.isResourceEnabled(module.exports.resourceName, details.firstPartyUrl)) { + if (!Filtering.isResourceEnabled(module.exports.resourceName, + Filtering.getMainFrameUrl(details))) { return result } // Ignore URLs that are not HTTP @@ -136,7 +137,8 @@ function onBeforeHTTPRequest (details) { } function onBeforeRedirect (details) { - if (!Filtering.isResourceEnabled(module.exports.resourceName, details.firstPartyUrl)) { + if (!Filtering.isResourceEnabled(module.exports.resourceName, + Filtering.getMainFrameUrl(details))) { return } diff --git a/app/siteHacks.js b/app/siteHacks.js index 3a60d638884..ddf5a37636b 100644 --- a/app/siteHacks.js +++ b/app/siteHacks.js @@ -42,10 +42,11 @@ module.exports.init = () => { let redirectURL let cancel + const firstPartyUrl = Filtering.getMainFrameUrl(details) if (hack && hack.onBeforeRequest && (hack.enableForAll || - hack.enableForAdblock && Filtering.isResourceEnabled(appConfig.resourceNames.ADBLOCK, details.firstPartyUrl) || - hack.enableForTrackingProtection && Filtering.isResourceEnabled(appConfig.resourceNames.TRACKING_PROTECTION, details.firstPartyUrl))) { + hack.enableForAdblock && Filtering.isResourceEnabled(appConfig.resourceNames.ADBLOCK, firstPartyUrl) || + hack.enableForTrackingProtection && Filtering.isResourceEnabled(appConfig.resourceNames.TRACKING_PROTECTION, firstPartyUrl))) { const result = hack.onBeforeRequest.call(this, details) if (result && result.redirectURL) { redirectURL = result.redirectURL diff --git a/app/trackingProtection.js b/app/trackingProtection.js index f689c13cd94..df1da9c48d6 100644 --- a/app/trackingProtection.js +++ b/app/trackingProtection.js @@ -21,7 +21,7 @@ const whitelistHosts = ['connect.facebook.net', 'connect.facebook.com', 'staticx const startTrackingProtection = (wnd) => { Filtering.registerBeforeRequestFilteringCB((details) => { - const firstPartyUrl = URL.parse(details.firstPartyUrl) + const firstPartyUrl = URL.parse(Filtering.getMainFrameUrl(details)) let firstPartyUrlHost = firstPartyUrl.hostname || '' if (firstPartyUrlHost.startsWith('www.')) { firstPartyUrlHost = firstPartyUrlHost.substring(4)