Twitch

[Zegnat]

Your Twitch rules didn’t actually work for me. I have been looking for exactly what I need and the following is a start, though could require some more refinements:

twitch.tv 0914.global.ssl.fastly.net image allow
twitch.tv 0914.global.ssl.fastly.net script allow
twitch.tv 1st-party * allow
twitch.tv d1xfq2052q7thw.cloudfront.net script allow
twitch.tv imasdk.googleapis.com frame allow
twitch.tv imasdk.googleapis.com script allow
twitch.tv jtvnw.net image allow
twitch.tv static.twitchcdn.net css allow
twitch.tv ttvnw.net xhr allow
twitch.tv twitchcdn.net script allow

Something that immediately stands out as new compared to your rules is twitchcdn.net.

None of this is testing for logged in users, just for navigating the site and watching streams.

(Note that I require twitch.tv 1st-party * allow because my default uMatrix setting is * * * block.)

[kristerkari]

Thanks! I did not really test the Twitch rule properly so that's why it might be a bit broken.

It seems that Twitch is using quite a few 3rd-party services and it is easy to miss some things.

I'll test your rules and update the README after that.

[kristerkari]

It seems that Twitch had changed some things from last time when I tested it.

Here is what I whitelisted to get it to work:

twitch.tv 0914.global.ssl.fastly.net script allow
twitch.tv 0914.global.ssl.fastly.net xhr allow
twitch.tv algolia.net script allow
twitch.tv algolia.net xhr allow
twitch.tv algolianet.com script allow
twitch.tv algolianet.com xhr allow
twitch.tv polyfill.twitchsvc.net script allow
twitch.tv s.jtvnw.net image allow
twitch.tv sctatic.twitchcdn.net script allow
twitch.tv sentinel.twitchsvc.net xhr allow
twitch.tv static-cdn.jtvnw.net image allow
twitch.tv static.twitchcdn.net css allow
twitch.tv static.twitchcdn.net image allow
twitch.tv static.twitchcdn.net script allow
twitch.tv ttvnw.net xhr allow
twitch.tv web-cdn.ttvnw.net script allow

• Algolia is used for search so it needed to be whitelisted.
• I wasn't sure what imasdk.googleapis.com is used for, so it seems that it does not need to be whitelisted. @Zegnat do you know if it is required?

[Zegnat]

• Algolia is used for search so it needed to be whitelisted.

Ah, I never tested search, good catch.

• I wasn't sure what imasdk.googleapis.com is used for, so it seems that it does not need to be whitelisted.

I think it may have been some front-page thing. It is very possible that it wasn’t required overall. I basically stopped tweaking once I had gotten access to watching things again.

twitch.tv polyfill.twitchsvc.net script allow

Is this polyfill domain neccessary? I seem to recall I had it in my filters at first, but was able to remove it without losing the ability to watch streams or navigate the site.

[kristerkari]

Is this polyfill domain neccessary? I seem to recall I had it in my filters at first, but was able to remove it without losing the ability to watch streams or navigate the site.

It might be necessary because polyfills usually patch browser APIs, so depending on your browser and the needed polyfills the site might break if it is removed.

Currently it seems to load these polyfills:
https://polyfill.twitchsvc.net/v2/polyfill.min.js?unknown=polyfill&features=default,URL,fetch,Array.prototype.find,Array.prototype.findIndex,Array.prototype.includes,Intl.~locale.en