From 91e702cebbe52137f59a94f55e46d31f95eb98b9 Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Sun, 1 Dec 2019 12:05:49 -0500 Subject: [PATCH] Enable CNAME uncloaking by default Advanced setting `cnameAliasList` has been removed. New advanced settings: cnameUncloak: Boolean Default value: true Description: Whether to CNAME-uncloak hostnames. cnameIgnoreExceptions: Boolean Default value: true Description: Whether to bypass the uncloaking of network requests which were excepted by filters/rules. This is necessary so as to avoid undue breakage by having exception filters being rendered useless as a result of CNAME-uncloaking. For example, `google-analytics.com` uncloaks to `www-google-analytics.l.google.com` and both hostnames appear in Peter Lowe's list, which means exception filters for `google-analytics.com` (to fix site breakage) would be rendered useless as the uncloaking would cause the network request to be ultimately blocked. --- platform/firefox/vapi-webrequest.js | 29 +++++++++++++++++++---------- src/js/background.js | 5 +++-- src/js/storage.js | 3 ++- src/js/traffic.js | 3 ++- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/platform/firefox/vapi-webrequest.js b/platform/firefox/vapi-webrequest.js index 93055a2ab973d..876b8a4caab27 100644 --- a/platform/firefox/vapi-webrequest.js +++ b/platform/firefox/vapi-webrequest.js @@ -61,19 +61,21 @@ super(); this.pendingRequests = []; this.cnames = new Map([ [ '', '' ] ]); - this.cnameAliasList = null; this.cnameIgnoreList = null; this.cnameIgnore1stParty = true; + this.cnameIgnoreExceptions = true; this.cnameIgnoreRootDocument = true; this.cnameMaxTTL = 60; this.cnameReplayFullURL = false; this.cnameTimer = undefined; + this.cnameUncloak = true; } setOptions(options) { super.setOptions(options); - this.cnameAliasList = this.regexFromStrList(options.cnameAliasList); + this.cnameUncloak = options.cnameUncloak !== false; this.cnameIgnoreList = this.regexFromStrList(options.cnameIgnoreList); this.cnameIgnore1stParty = options.cnameIgnore1stParty !== false; + this.cnameIgnoreExceptions = options.cnameIgnoreExceptions !== false; this.cnameIgnoreRootDocument = options.cnameIgnoreRootDocument !== false; this.cnameMaxTTL = options.cnameMaxTTL || 120; this.cnameReplayFullURL = options.cnameReplayFullURL === true; @@ -199,22 +201,29 @@ ); } onBeforeSuspendableRequest(details) { - let r = super.onBeforeSuspendableRequest(details); - if ( r !== undefined ) { return r; } - if ( this.cnameAliasList === null ) { return; } - if ( details.type === 'main_frame' && this.cnameIgnoreRootDocument ) { + const r = super.onBeforeSuspendableRequest(details); + if ( r !== undefined ) { + if ( + r.cancel === true || + r.redirectUrl !== undefined || + this.cnameIgnoreExceptions + ) { + return r; + } + } + if ( + details.type === 'main_frame' && + this.cnameIgnoreRootDocument + ) { return; } + if ( this.cnameUncloak === false ) { return; } const hn = vAPI.hostnameFromNetworkURL(details.url); let cname = this.cnames.get(hn); if ( cname === '' ) { return; } if ( cname !== undefined ) { return this.processCanonicalName(hn, cname, details); } - if ( this.cnameAliasList.test(hn) === false ) { - this.cnames.set(hn, ''); - return; - } return browser.dns.resolve(hn, [ 'canonical_name' ]).then( rec => { const cname = this.recordCanonicalName(hn, rec); diff --git a/src/js/background.js b/src/js/background.js index 0860abf7950b9..86ea12ee12c54 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -46,12 +46,13 @@ const µBlock = (( ) => { // jshint ignore:line cacheStorageAPI: 'unset', cacheStorageCompression: true, cacheControlForFirefox1376932: 'no-cache, no-store, must-revalidate', - cnameAliasList: 'unset', cnameIgnoreList: 'unset', cnameIgnore1stParty: true, + cnameIgnoreExceptions: true, cnameIgnoreRootDocument: true, - cnameMaxTTL: 120, + cnameMaxTTL: 60, cnameReplayFullURL: false, + cnameUncloak: true, consoleLogLevel: 'unset', debugScriptlets: false, debugScriptletInjector: false, diff --git a/src/js/storage.js b/src/js/storage.js index 9eeec05b387e1..7a214dbeae639 100644 --- a/src/js/storage.js +++ b/src/js/storage.js @@ -136,12 +136,13 @@ self.addEventListener('hiddenSettingsChanged', ( ) => { self.log.verbosity = µBlock.hiddenSettings.consoleLogLevel; vAPI.net.setOptions({ - cnameAliasList: µBlock.hiddenSettings.cnameAliasList, cnameIgnoreList: µBlock.hiddenSettings.cnameIgnoreList, cnameIgnore1stParty: µBlock.hiddenSettings.cnameIgnore1stParty, + cnameIgnoreExceptions: µBlock.hiddenSettings.cnameIgnoreExceptions, cnameIgnoreRootDocument: µBlock.hiddenSettings.cnameIgnoreRootDocument, cnameMaxTTL: µBlock.hiddenSettings.cnameMaxTTL, cnameReplayFullURL: µBlock.hiddenSettings.cnameReplayFullURL, + cnameUncloak: µBlock.hiddenSettings.cnameUncloak, }); }); diff --git a/src/js/traffic.js b/src/js/traffic.js index 30ba0fd18a868..8410c9cf2c76d 100644 --- a/src/js/traffic.js +++ b/src/js/traffic.js @@ -103,7 +103,8 @@ const onBeforeRequest = function(details) { ) { pageStore.setFrame(details.frameId, details.url); } - return; + if ( result !== 2 ) { return; } + return { cancel: false }; } // Blocked