[Updated October 2020] webRequestBlocking deprecation by Google (Manifest v3) #17268
Comments
Update: I see where the speculation on the maximum number of rules came from, the api docs mention it will be 30,000 |
@Parasrah Thank you for bringing this to attention. We had some discussion yesterday about how this impacts the extension as the Manifest proposal currently stands. The main concerns are around: DNR's methods of handling rules are static
Service WorkersTransference from background scripts to service workers could potentially allow sites to have more control over the extension's upgrade actions Missing features in DNRRedirect looping handling and other features are not necessarily addressed for replacement in declarativeNetRequest are also in question. Error handling is almost nonexistent. ConclusionOverall the move to be more static with There is already bug filed here with lengthy discussion: https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2 This conversation is also being brought up with other privacy oriented extensions: |
Thanks for the response, glad to hear this wasn't a surprise and there have been talks internally. Would it be possible to update this issue when a decision has been reached by the team as to next steps? |
@Parasrah yea we will update this as a consensus is made on what to do programmatically. Right now the discussion is still young among us and other privacy extensions. There is a working group having discussion and discourse being had with the proper channels. Since this is a draft the possibility for changes remain and we are hoping to extend the future of the extension's current capabilities if we clearly outline early on what issues this |
Thanks, I appreciate it, and will keep an eye on the various conversations |
Related: EFForg/privacybadger#2273. |
Someone needs to pin this issue like the Privacy Badger one. |
Linked is the document I attached to the Google Group discussing Manifest V3. The general thought process is to request functionality that is missing for the declarativeNetRequest API and breaks HTTPSE as it currently stands. Will be on stand by for further responses from the group and watching out for any changes in the dNR API. https://docs.google.com/document/d/1vzSyzrrjOJrUavfOWC5FC2PNwcBOfN2WkK_HcTdTacw/edit?usp=sharing |
As an update, set up general asks if declarativeNetRequest were to happen. So far some responses on what can and can't happen, but generally still watching out for written updates to the potential dNR API Public Conversation here in the Google Group. |
This comment has been minimized.
This comment has been minimized.
When was the last edit of this document? Last time I checked we were waiting for a second draft to track what has changed. |
Right now we are still waiting for the second draft of Manifest V3. The last time the document was updated was November 18th, 2018. Public conversation and any further questions can be posted to the public Google group. But unfortunately we are stuck in the position of waiting on changes to the draft |
@zoracon Any updates? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Looking at the docs for declarativeNetRequest, they seemed to have added some changes involving dynamic rules and redirect. The Google Group discussion so far came back with with statement:
Right now, the best action for a HTTPS Everywhere volunteer, user, enthusiast would be to look into jumping into the discussion in the public Google Group discussing these changes. On our end, we are discussing internally what next steps look like and doing our best to create a plan. |
Removed |
Update: 12-17 First steps:
Unknowns
|
@zoracon Current Canary can still load Manifest V2 extensions it seems. |
@pipboy96 Right, they don't specify when V2 will hit EoL. To test V3, just have to change the |
- First attempt breaking down this file to accomplish: 1. Writing in more documentation via jsDoc 2. Making the code more readable 3. Removing utility code into modules 4. Making the code easier to migrate to potential MV3 port (EFForg#17268)
Just a quick update with where we are with this MV3 is still highly unstable and I am working up a PoC of what the MV3 extension could look like: Basically, it would have to run strict HTTPS only to get around the ruleset cap as much as possible. As nice as strict HTTPS is, the volatile changes on MV3's new declarativeNetRequest API and service worker structure are very difficult and frustrating to test with at the moment. There is a bug filed here: |
@zoracon Do you mean MV3 version will be pretty much EASE-only? |
@zoracon What's the status of this right now? |
@pipboy96 Pretty much in the same state as when I commented here: Other developments include the dNR API adding regex rulesets, ability to load different ruleset objects, and better url filtering. With the latest developments + the API finally being more available for testing, I can continue to see what a HTTPS Everywhere in MV3 looks like. The major issue that I want to tackle is being able to load all applicable rulesets. Which still doesn't seem possible. Google still unilaterally makes changes to the API without much notice. With that said I am working with a similar extension to see what issues we come across collectively. The bigger voice we have, changes do seem to happen in response to our critiques that make the API more tolerable. However, there are still major concerns on their timeline and when exactly will MV2 will be EOL. Which is still unknown. Hopefully we get a better sense of the timeline, but until then we are just testing changes and trying to adapt while keeping in mind to advocate for privacy extensions to survive MV3. |
Cross referencing my comment made here in #18069 (comment)
With that said, I have created a project that will keep track of the components needed to port successfully and refactor existing code Edit: Looks like MV2 may be EoL around end of next year. So we can focus on getting the extension in shape for the rest of the year, and we can target January 2021 as the beginning of the port over to MV3 work. |
Updates
Latest update (September 4)
Mozilla made a statement on Manifest v3, see #17268 (comment)
Previous updates
View
May 31
Blocking capabilities of webRequest are still being deprecated, see uBlockOrigin/uBlock-issues#338 (comment) (original post deleted) and commentary by @gorhill: uBlockOrigin/uBlock-issues#338 (comment).
Thanks @Giltyhub for update!
Statements made by other browser vendors:
Mozilla
[source: Mozilla blog]
Vivaldi
[source: Vivaldi blog]
Brave
Brendan Eich's answer to ZDNet's inquiry:
[source: ZDNet (archive.is link)]
Microsoft
None yet.
If you know others, please post a comment in this issue or edit it if you are able to.
Original text by @Parasrah
Hi, I've recently read a string of reports about the chromium project moving to a new API called
declarativeNetRequest
, and removing the capabilities of thewebRequest
API to block or redirect requests. From what I understanddeclarativeNetRequest
will still allow blocking and redirect rules, but it will not be as flexible aswebRequest
in that you will essentially be providing a fairly simple rule-set and will no longer be able to react to a request programatically. They claim this is to increase the privacy for their users and to make redirects/blocking more efficient, although it may also conveniently (for them) break the functionality of many ad-blockers (apparently according to their authors in the reports I've read, I could not find a source for this).I was wondering how this will affect HTTPS Everywhere (I know you make extensive use of the
webRequest
API), and if the extension will still be able to function in Chromium. I've also seen speculation that the number of rule sets permitted withdeclarativeNetRequest
would be limited, which would obviously be a problem for this extension if the limit was too low.Draft of Manifest V3 for chrome extensions
PDF (for those who would like to avoid google docs)
declarativeNetRequest API
Thanks for all the work the team has put in to enhance the security of their users, hopefully there is a way around these changes
The text was updated successfully, but these errors were encountered: