First-party domain blocking
See original GitHub issueOther third-party blocking tools allow filter list authors to block the top-level, first-party request. This is useful when a page is overall harmful, but doesn’t fit SafeBrowsing’s threat model. It’s also useful as a defense-in-depth against phishing, bounce tracking, etc.
Brave currently does not have this capability. We don’t currently have a flexible way of saying “this page shouldn’t be loaded / given first-party storage”. The current way of doing this is SafeBrowsing (which we don’t control / fork) or rules that still load the page, but block all sub resources (i.e. https://*$domain=evil.org
). Neither of these provide the security and privacy benefits of blocking the initial page load (e.g. inline scripts, bounce tracking, etc).
An implementation should
- Display the domain being blocked
- Allow user to proceed (to the requested page) or go back (to the previous page)
- Cause zero network requests before the user decides to proceed
- Allow user to create a permanent exception for the domain
Issue Analytics
- State:
- Created 3 years ago
- Comments:15 (9 by maintainers)
Top GitHub Comments
@pes10k NO! 😠 . Just kidding 😆 Yeah, this has to be the approach for all the design system-related debt that needs to be tackled one piece at a time. Implemented design seems fine for now.
@LaurenWags I think it was just missed - thanks for checking - I added the label just now!