Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert redirect-url feature #20892

Closed
ShivanKaul opened this issue Feb 4, 2022 · 7 comments · Fixed by brave/brave-core#12064
Closed

Revert redirect-url feature #20892

ShivanKaul opened this issue Feb 4, 2022 · 7 comments · Fixed by brave/brave-core#12064
Assignees
@ShivanKaul
Labels
OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Required QA/Yes release-notes/exclude
Milestone
1.36.x - Release

Comments

@ShivanKaul
Copy link
Collaborator

ShivanKaul commented Feb 4, 2022
edited

Description

Revert $redirect-url feature added by #18542.

The intention was to allow resource replacements over the network if there's an adblock filter match. In other words, the redirect-filter option in a filter rule instructs the browser to load a replacement resource for the matching resource via a URL instead of locally - this was to be mainly used by Sugarcoated resources.

However, we've decided to not go ahead with loading adblock-related resources over the network and instead rely on component-bundled resources. Given that we don't plan on using redirect-url feature in the near-term, we should remove it to reduce security and bug surface. More details (including QA) in #18542.

@stephendonner
@ShivanKaul ShivanKaul added OS/Android Fixes related to Android browser functionality OS/Desktop labels Feb 4, 2022
@ShivanKaul ShivanKaul self-assigned this Feb 4, 2022
@ShivanKaul ShivanKaul mentioned this issue Feb 4, 2022
Merged
25 tasks
@ShivanKaul ShivanKaul added QA/Yes release-notes/exclude and removed OS/Android Fixes related to Android browser functionality labels Feb 4, 2022
@stephendonner stephendonner added this to the 1.37.x - Nightly milestone Feb 4, 2022
@stephendonner
Copy link

@ShivanKaul mind helping us with a test plan here? How does the following look, as a start?

Steps:

  1. new profile
  2. load brave://flags
  3. verify no flag in brave://flags
  4. open Developer Tools | Network panel
  5. visit each of the sites listed from Support $redirect-urls in adblock #18542 (comment)

Confirm we don't replace requests (using internal redirects?), and those resources return a 200 OK.

cc @brave/legacy_qa

@ShivanKaul
Copy link
Collaborator Author

ShivanKaul commented Feb 10, 2022
edited

@stephendonner I think the QA plan would be reverse of #18542 (comment). I can send the DAT file again. What you mentioned in ^ sounds perfect, but given the deployed filter list it would be sufficient to check only the rules on https://raw.githubusercontent.com/brave/adblock-lists/master/brave-lists/brave-sugarcoat.txt i.e. check https://dell.com for ensighten.com/dell/marketing/code/280f261e277ca609b7450f5304929274.js and https://live.house.gov for google-analytics.com/analytics.js

Added this test plan to the PR.

This was referenced Feb 22, 2022
Merged
Merged
@stephendonner
Copy link

@ShivanKaul please do send me the DAT file again.

Question: So we're not completely removing this, correct? (Given you pointed to rules for dell.com and live.house.gov.)

@ShivanKaul
Copy link
Collaborator Author

ShivanKaul commented Feb 24, 2022
edited

We are removing the feature where the sugarcoat replacement resource would be loaded remotely. Local replacements would still work i.e. for dell.com and live.house.gov, you shouldn't see it loaded via pcdn.brave.com, but just be a 200 loaded locally. This is a screenshot of what it should look like:

image

For all the other resources in #18542 (comment), no replacement at all should be happening, local or via PCDN (but that's just testing our brave component updater at this point).

@stephendonner
Copy link

Verified PASSED using

Brave 1.36.107 Chromium: 99.0.4844.45 (Official Build) (x86_64)
Revision edbc0b8343c7b10fddb0e1b4efb280b0f6e38cab-refs/branch-heads/4844@{#788}
OS macOS Version 11.6.3 (Build 20G415)

Case 1: no adblock-redirect in brave://flags

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. loaded brave://flags
  4. typed adblock-redirect

Confirmed no match for adblock-redirect

Screen Shot 2022-02-28 at 10 11 04 AM

Case 2: regression-testing of removal

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to /Users/stephendonner/Library/Application Support/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1228
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded reuters.com
  9. loaded amazon.jobs
  10. loaded fedex.com
  11. loaded sky.it

Confirmed no async-sugarcoat-{hex}.js redirects for various ad/tracking resources.

reuters.com amazon.jobs fedex.com sky.it
Screen Shot 2022-02-28 at 10 58 55 AM Screen Shot 2022-02-28 at 11 03 55 AM Screen Shot 2022-02-28 at 11 06 55 AM Screen Shot 2022-02-28 at 11 20 28 AM

Case 3: sugarcoat inline script replacement

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to /Users/stephendonner/Library/Application Support/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1228
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded https://shivankaul.com/adblock-redirect-test.html
  9. clicked on hn.js
  10. clicked on the Preview pane

Confirmed inline script replacement

1.36.107 1.35.104
Screen Shot 2022-02-28 at 9 35 26 AM Screen Shot 2022-02-28 at 10 45 55 AM

@stephendonner
Copy link

Verified PASSED using

Brave 1.36.107 Chromium: 99.0.4844.45 (Official Build) (64-bit)
Revision edbc0b8343c7b10fddb0e1b4efb280b0f6e38cab-refs/branch-heads/4844@{#788}
OS Linux

Case 1: no adblock-redirect in brave://flags

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. loaded brave://flags
  4. typed adblock-redirect

Confirmed no match for adblock-redirect

Screen Shot 2022-02-28 at 4 31 48 PM

Case 2: regression-testing of removal

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to ~/.config/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1229
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded reuters.com
  9. loaded amazon.jobs
  10. loaded fedex.com
  11. loaded sky.it

Confirmed no async-sugarcoat-{hex}.js redirects for various ad/tracking resources.

reuters.com amazon.jobs fedex.com sky.it
Screen Shot 2022-02-28 at 5 12 53 PM Screen Shot 2022-02-28 at 4 55 26 PM Screen Shot 2022-02-28 at 4 58 19 PM Screen Shot 2022-02-28 at 5 00 59 PM

Case 3: sugarcoat inline script replacement

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to ~/.config/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1229
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded https://shivankaul.com/adblock-redirect-test.html
  9. clicked on hn.js
  10. clicked on the Preview pane

Confirmed inline script replacement

1.36.107 1.35.103
Screen Shot 2022-02-28 at 5 20 45 PM Screen Shot 2022-02-28 at 5 29 20 PM

@GeetaSarvadnya
Copy link

GeetaSarvadnya commented Mar 1, 2022
edited

Verification PASSED on


Brave | 1.36.107 Chromium: 99.0.4844.45 (Official Build) (64-bit)
-- | --
Revision | edbc0b8343c7b10fddb0e1b4efb280b0f6e38cab-refs/branch-heads/4844@{#788}
OS | Windows 10 Version 21H2 (Build 19044.1526)

Case 1: no adblock-redirect in brave://flags

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. loaded brave://flags
  4. typed adblock-redirect

Confirmed no match for adblock-redirect
image

Case 2: regression-testing of removal

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to ~/.config/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1229
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded reuters.com
  9. loaded amazon.jobs
  10. loaded fedex.com
  11. loaded sky.it

Confirmed no async-sugarcoat-{hex}.js redirects for various ad/tracking resources.

reuters.com amazon.jobs fedex.com sky.it
image image image image

Case 3: sugarcoat inline script replacement

Steps:

  1. installed 1.36.107
  2. launched Brave
  3. shut down
  4. copied resources.json and rs-ABPFilterParserData.dat to ~/.config/BraveSoftware/Brave-Browser/cffkpbalmllkdoenhmdmpbkajipdjfam/1.0.1229
  5. relaunched Brave
  6. clicked on hamburger menu, chose More tools -> Developer Tools
  7. clicked on the Network pane
  8. loaded https://shivankaul.com/adblock-redirect-test.html
  9. clicked on hn.js
  10. clicked on the Preview pane

Confirmed inline script replacement

1.36.107 1.35.103
image image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShivanKaul ShivanKaul

Labels
OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Required QA/Yes release-notes/exclude
Projects
None yet
Milestone
1.36.x - Release
Development

Successfully merging a pull request may close this issue.

Revert "Redirect URL support for adblock" brave/brave-core
5 participants
@stephendonner @kjozwiak @ShivanKaul @LaurenWags @GeetaSarvadnya