1798225 - [DNR] Matching of missing initiators and/or with an opaque origin

Status: NEW

(WebExtensions :: Request Handling, enhancement, P5)

Description

[Rob Wu [:robwu]]

The declarativeNetRequest API allows extensions to match by initiator (i.e. triggeringPrincipal, NOT "fetch initiator") via initiatorDomains and excludedInitiatorDomains. Chrome's documentation is sorely lacking ("match network requests originating from the list of initiatorDomains"), so we need to look at the source code...

According to Chrome's source code, when an opaque initiator is encountered: when an include-list (initiatorDomains) is present, the rule is not matched. And when an exclude-list (excludedInitiatorDomains) is present, the rule may still be eligible for matching if the other conditions are met. This could be justified by considering that an opaque origin is one that never matches anything else, i.e. there is no way for a domain rule to match an opaque origin. Another aspect of Chrome's implementation is that a missing initiator is equivalent to an opaque origin. Therefore it is not possible to only match (or exclude) requests without an initiator, nor requests from a sandboxed document.

Firefox's implementation (https://phabricator.services.mozilla.com/D160316) follows the same behavior for compatibility.

This bug exists to track the possibility of introducing the ability to filter requests by a missing and/or the domain associated with an opaque origin.

Comment 1

[Rob Wu [:robwu]]

I came across this work-around, which is basically to enumerate all gTLDs: https://stackoverflow.com/questions/76191697/how-can-one-exclude-requests-with-no-initiator-from-declarativenetrequest-rules

... I think that the API can do better than this.