Loading…
Can't allow Recaptcha #1082
4 participants
This is not a valid Dynamic Filtering rule:
* google.com/recaptcha/ * allow
Dynamic Filtering is hostname-based.
Whitelisting won't help because your Dynamic Filtering rules override everything else.
Since recaptcha doesn't have its own domain, the only way to have an "exception" that causes recaptcha frames (and all other stuff from google.com) to be allowed would be something like:
* www.google.com * allow
But that obviously might allow undesirable things.
So this literally means that whitelisting items such as google.com/recaptcha/* has no effect at all ?
superuser.com www.google.com * noop will allow frames from www.google.com while on superuser.com.
So this literally means that whitelisting items such as google.com/recaptcha/* has no effect at all ?
Dynamic filtering rules have always been only hostname-based only.
That's a complete bummer, I'm not in the least interested in allowing any and everything Google (or anyone else, aamof) decides to throw at me, either at a global or local level. That's precisely the point for these filters!...
So why has this been closed, rather than being considered for fixing/implementing?
Dynamic filtering is hostname-based, by design. Anything else is going back to pattern-based filtering, which is CPU heavy, the opposite of what I want it to be.
I gave you the sensible solution: superuser.com www.google.com * noop, i.e. allow www.google.com only while on Superuser.
Thanks then, but no thanks, may be sensible for you but not for me. Back to abp, I guess.
Back to abp, I guess
Very amusing statement given that whatever filters you will create in ABP is fully supported in uBlock. Your statement is equivalent to saying "ABP protects me better than ABP+RequestPolicy" which is nonsense of course.
Except for pattern-based filters, that is.
Still can't see why it should be of anyone's concern but theirs, the amount of cpu workload users would have should they be able to decide by themselves the level of granularity that better suited them, but I'm glad you found it amusing!
Except for pattern-based filters, that is.
uBlock supports pattern-based ABP-compatible filters just fine.
Just not pattern-based firewall rules -- just like RequestPolicy does not support pattern-based firewall rules either like the one you want.
For people concerned with reducing exposure, RequestPolicy has always been a top advice. Your advice to go back rely strictly on ABP rather than the equivalent of ABP+RequestPolicy (uBlock) makes no sense. I am pretty sure you know it.
@cm-mc just to clarify, your understanding might be missing a few key things here.
uBlock supports pattern-based filters just fine. What you did is that you used Dynamic Filtering (firewall rules) to block 3rd-party frames — something that ABP does not even implement. With Dynamic Filtering (firewall rules), it's hostname-based and cannot be pattern based.
If you want to do pattern-based matching, use filters — uBlock supports those. If you want more efficient hostname-based filtering, use Dynamic Filtering.
Don't use Dynamic Filtering and don't enable Advanced Features if their functionality isn't fully clear.
This is why the UI instructs you to read the documentation to enable this Advanced feature: it's easy to misunderstand what's going on.
If there's some set of ABP filters that achieves what you want, just throw them at uBlock and it should deal with them just fine.
@gorhill I'll leave this quick diagram here — perhaps it'll be revealing to future readers:
@gorhill No idea where rp came from, but you forgot to add noscript to the mix, just saying...
Anyway, your words, not mine: "Anything else is going back to pattern-based filtering, which is CPU heavy, the opposite of what I want it to be." The least I could say is you don't care much for them.
@chrisaljoudi It wasn't me who implied so, see above...
I used dynamic filters AND whitelist when that didn't work, which didn't either.
Bottom line: with abp all you need is to add @@||google.com/recaptcha/ to the exceptions list, either manually or via the interface, to be done with it. Now, if you'd care to point to how and where you're supposed to do that with ublock, let alone WHERE that's even mentioned (thanks for the patronizing, though!)... still, gotta love me some chart... err.. diagram pr0n... explains the world!...
@cm-mc you're still incorrect.
I used dynamic filters AND whitelist when that didn't work
There are no dynamic filters in ABP. You used dynamic filtering to disable 3rd-party frames using uBlock. You did NOT do that with ABP. Period. All else is irrelevant when contrasting ABP with uBlock.
@cm-mc you said you added this exception
@@||google.com/recaptcha/
to ABP. Right? Okay. Have you tried that adding that to uBlock? (WITHOUT doing the extra dynamic filtering blocking that you didn't do on ABP?).
Dynamic filtering overrides all else. If you don't need it/want it (again: ABP does not implement it), then don't use it.
@cm-mc the very first thing you said in your issue is:
Have 3rd party frames blocked
You used Dynamic Filtering in uBlock to do that. Dynamic Filtering takes priority and is hostname-based.
If you can achieve what you want in ABP, you can achieve the exact same in uBlock by simply using the same set of filters. Forget about Dynamic Filtering if it's not what you want to use (and it probably isn't since you're happy with ABP).
No, I didn't, simply because, in fact, I never needed it; what I said was that's all I'd need, with Abp.
Guess I didn't explained myself right, but I DID add it to ublock, but excuse me for thinking an exception to a blocking filter would go into the whitelist... and also for READING IT wrong when it says dynamic filters would be ignored if "wrong", or something to that purpose, so, from the moment that it didn't work, I... well... ignored it, and proceeded to add to the, you know, whitelist, just in case. Still can't see how it being in the dynamic filters list as an ALLOW rule would hurt it being whitelisted...
So, again, bottom line is: apparently I REALLY can't add an exception to recaptcha AND filter other 3rd party frames INCLUDING anything else google may throw at me with it. Or did I failed to read you correctly?
@cm-mc you can; just use these two filters (make sure you disable the dynamic filtering rule).
*$third-party,subdocument
@@||google.com/recaptcha$subdocument,important
Still I wonder why a whitelist is considered below dynamic filters, isn't a whitelist that list where you don't want any blocking or other rules whatsoever being done ?
It's merely a "Whitelist if...if..." in this case.
@Betsy25 whitelisting a site works fine and isn't below dynamic filters — if you whitelist stackoverflow.com, then requests coming from a page you're visiting on stackoverflow.com won't be filtered.
Exception filter rules (and all other filter rules), however, are over-ridden by dynamic filtering.
@chrisaljoudi So, anyone coming from ABP start to wonder why their ABP filters suddenly break things in uBlock ? Enabling Dynamic filtering breaks all those exception rules in all those 3rd party lists ?
@Betsy25 that would never happen.
Merely enabling dynamic filtering doesn't change anything. Dynamic Filtering rules just take precedence over other filter rules.
For exception rules to "break" — for them to be overridden — the user would have to manually add the appropriate dynamic filtering rules.
Think about it like this: Dynamic Filtering operates on the network requests before they're matched against filters. It's a global firewall — a low-level one. It doesn't do URL pattern matching, just enforces policies based on hostname.
This is not what most users want, so Dynamic Filtering is behind an "Advanced usage" toggle. That's why the UI tells the user to read the documentation.
Let's say a 3rd party filter list has the following exception filter:
@@||google.com/ajaxLoginURL$domain=gmail.com
There will never, ever be a case where where that exception rule would just "stop working" by accident.
The user would have to explicitly:
- Go into the Preferences.
- Say that they're "advanced".
- Promise to have read the Advanced Usage documentation.
- Find the Dynamic Filtering UI.
- Add a Dynamic Filtering rule that's something like:
gmail.com * 3p block. - And to keep this from going away after a browser restart, committing their dynamic filter rule to the permanent list.
At that point, it is indeed the correct behavior to block the requests regardless of the exception rule. That's the point of Dynamic Filtering.
I understand now, but it's a bit harsh if you have any (even only 1) list checked, you could no longer enable any global dynamic rule without distorting the result of that list.
I always thought these lists where "special cases" and the dynamic rules are there for everything else that isn't a "special case".
you could no longer enable any global dynamic rule without distorting the result of that list
That's the whole point.
End users get the last word with dynamic filtering, not the filter lists crafted by somebody else.
I use default-deny, and I certainly do not want EasyList/EasyPrivacy exceptions to destroy my default-deny with it's myriad exception filters.
If I create the rule * google-analytics.com * block, last thing I want is to have any of the ~40 exception filters related to google-analytics.com to override my choice to block Google Analytics unconditionally. If the rule breaks a site, then it will be my choice whether to fix the site if I care about it by neutralizing the rule for that site. Or not.
@gorhill Good point, thanks a lot for explaining.
Also, @chrisaljoudi thank you for taking the time to explain it that way.
Have 3rd party frames blocked and can't manage to allow Recaptcha through (on Superuser.com).
Tried to dynamically allow it (* google.com/recaptcha/ * allow) and also add google.com/recaptcha/ to the whitelist, but no luck. This is the blocked frame:
− * * 3p-frame block sub_frame https://www.google.com/recaptcha/api2/anchor?k=6Lfmzf4SAAAAAESlOdWAUnRh3ab4BcteAbBBXsFm&co=aHR0cHM6Ly9zdXBlcnVzZXIuY29t&hl=en&v=r20150304153504&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.pt_BR.JpyeRWP54hs.O%2Fm%3D__features__%2Fam%3DIQ%2Frt%3Dj%2Fd%3D1%2Ft%3Dzcms%2Frs%3DAGLTcCN6mxBD1C9HS2v_H1YOzegU68XMUA#id=I0_1427141981190&parent=https%3A%2F%2Fsuperuser.com&pfname=&rpctoken=24117403
What I'm I doing wrong here?