Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support $redirect-urls in adblock
See original GitHub issueRelated to https://github.com/brave/brave-browser/issues/18186. We’ve added support for redirect-url for adblock-rs which will allow us to specify loading a replacement resource over the network.
We will restrict this to known safe filter lists (disabled by default).
The intention is to allow resource replacements over the network if there’s an adblock filter match. In other words, the redirect-filter option in a filter rule instructs the browser to load a replacement resource for the matching resource via a URL instead of locally. Example:
google-analytics.js$redirect-url=important,https://pcdn.brave.software/sugarcoat/sugarcoat-analytics-a14946c73def6bdaa93155f58435a82e.min.js
would load the script at https://pcdn.brave.software/sugarcoat/sugarcoat-analytics-a14946c73def6bdaa93155f58435a82e.min.js instead of any script named google-analytics.js.
Notice the pcdn.brave.software domain - the intended usecase is to only load sugarcoated scripts hosted on Private CDN. The only filter lists we will enable redirect-url filter option to be parsed on are Brave-controlled ones, and specifically only Sugarcoat for now.
Sugarcoat is a research project to automatically stub out privacy-invasive API accesses by scripts. For more info: https://github.com/brave-experiments/sugarcoat-pipeline/. Essentially, the sugarcoat pipeline takes in a webpage and gives you sanitized scripts that would have been blocked by a filter list rule but are not because of webcompat reasons i.e. have a corresponding exception rule. The generated sugarcoat rule has an important filter option so as to ensure the resource does get blocked despite the exception rule. We previously tried loading the sugarcoated replacement resources locally but that requires us to ship them in the browser which resulted in some memory-bound machines getting borked (this also has to do with some tech debt in how we load filter lists but in any case, for Sugarcoat to be useful we would need to load many, many replacement scripts).
This feature should have a feature flag so we can turn it off via Griffin, though given that the sugarcoat rules are shipped in the adblock crx component we can just ship a component update which would not require a restart.
Related PRs:
- Add sugarcoat rules (actually an update because of aforementioned-deploy that we rolled back in https://github.com/brave/adblock-resources/pull/32): https://github.com/brave/adblock-lists/pull/660
- Add sugarcoat list to default.json: https://github.com/brave/adblock-resources/pull/37
Security/privacy review: https://github.com/brave/security/issues/615
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@ShivanKaul when you get a chance, can you please check on the
bloomberg.com,bmw.com.au, andvirginmobile.cacases, as I think they’ve changed; thanks!@stephendonner updated the PR test plan and DM’d the DAT file for testing convenience.