Brave does not respect Shield settings for Web-Sites

[perariontaeadastra]

Description

Brave ignores individual Shield settings for Web-Sites. If Shield is off for a Web-Site, ads are still being blocked if Trackers & ads blocking in Global Settings is not set to Disabled.

Steps to Reproduce

1. Enable Trackers & ads blocking in Global Settings.
2. Open Dev. Tools and load a page containing ads.
3. Disable Shield for that particular Web-Site and reload.

Actual result:

Ads are being blocked even if a particular domain has been whitelisted.

Expected result:

Should not block anything if Shield has been disabled for a particular domain, regardless of the global setting.

Reproduces how often:

Easily reproduced. Tested on 2 different PC.

Brave version (brave://version info)

Brave	1.25.70 Chromium: 91.0.4472.77 (Official Build) (64-bit)
Revision	1cecd5c8a856bc2a5adda436e7b84d8d21b339b6-refs/branch-heads/4472@{#1246}
OS	Windows 10 OS Version 2009 (Build 19042.985)
JavaScript	V8 9.1.269.28
User Agent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36
Command Line	"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --enable-dom-distiller --disable-domain-reliability --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --lso-url=https://no-thanks.invalid --variations-server-url=https://variations.brave.com/seed --enable-features=LegacyTLSEnforced,WebUIDarkMode,PrefetchPrivacyChanges,PasswordImport,ReducedReferrerGranularity,AutoupgradeMixedContent,WinrtGeolocationImplementation,SafetyTip --disable-features=FledgeInterestGroups,LangClientHintHeader,SignedExchangeSubresourcePrefetch,IdleDetection,FlocIdComputedEventLogging,HandwritingRecognitionWebPlatformApiFinch,AutofillEnableAccountWalletStorage,FledgeInterestGroupAPI,EnableProfilePickerOnStartup,TextFragmentAnchor,TabHoverCards,InterestCohortFeaturePolicy,WebOTP,NotificationTriggers,SharingQRCodeGenerator,TrustTokens,DirectSockets,FederatedLearningOfCohorts,AutofillServerCommunication,LiveCaption,InterestCohortAPIOriginTrial,FirstPartySets,HandwritingRecognitionWebPlatformApi,SubresourceWebBundles,NetworkTimeServiceQuerying,SignedExchangePrefetchCacheForNavigations --flag-switches-begin --flag-switches-end
Executable Path	C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
Profile Path	C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default
Variations	aed3cac0-3f4a17df7146a73c-3f4a17dfc63a3c82-3d47f4f4

[rebron]

cc: @antonok-edm @ryanbr Can you add additional details, str?

[antonok-edm]

I don't know what site the original issue is referring to, but the same issue occurs on https://mybroadband.co.za/news/energy/400329-koeberg-nuclear-power-station-manager-suspended.html, in Beta and Nightly but not Release.

Either choosing "Allow all trackers and ads" for the site or disabling Brave Shields on the site will reproduce the issue, although in my experience the page may need to be refreshed once or twice.

[perariontaeadastra]

I don't know what site the original issue is referring to, but the same issue occurs on https://mybroadband.co.za/news/energy/400329-koeberg-nuclear-power-station-manager-suspended.html, in Beta and Nightly but not Release.

Either choosing "Allow all trackers and ads" for the site or disabling Brave Shields on the site will reproduce the issue, although in my experience the page may need to be refreshed once or twice.

Hi.
that happens with pretty much every web-site I test, e.g. https://www.tecmint.com/

[GeetaSarvadnya]

Verification passed on

Brave | 1.25.72 Chromium: 91.0.4472.101 (Official Build) (64-bit)
-- | --
Revision | af52a90bf87030dd1523486a1cd3ae25c5d76c9b-refs/branch-heads/4472@{#1462}
OS | Windows 10 OS Version 2004 (Build 19041.985)

• Verified the description from the issue Brave does not respect Shield settings for Web-Sites #16265 (comment)
• Reproduced the issue in 1.25.70

Case 1: Disable a site shield

• Open Buzzfeed.com and disable the shield
• Confirmed none of the requests are Blocked in Network->Status column

1.25.70	1.25.72

Case 2: Change global shiled setting `Trackers & ads blocking`

• Confirmed Ads and trackers are blocked in opened sites when Trackers & ads blocking shield settings are set to Standard
• Confirmed Ads and trackers are allowed in opened sites when Trackers & ads blocking shield settings are set to Disabled
• Confirmed Ads and trackers are blocked in opened sites when Trackers & ads blocking shield settings are set to Aggressive

Case 3: Change global shiled setting `Cookies blocking`

• Confirmed cross-site cookies are blocked in opened sites when Cookie blocking is set to Only cross-site
• Confirmed all cookies are blocked in opened sites when Cookie blocking is set to All
• Confirmed cookies are allowed in opened sites when Cookie blocking is set to Disabled

Case 4: Change global shiled setting `Fingerprinting blocking`

• Confirmed fingerprinting is blocked in opened sites when Fingerprinting blocking is set to Standard
• Confirmed fingerprinting is blocked strictly in opened sites when Fingerprinting blocking is set to Strict may break sites
• Confirmed fingerprinting are allowed in opened sites when Fingerprinting blocking is set to Disabled

Case 5: Change global shiled setting `Block scripts`

• Confirmed Java scripts are blocked in a site when Block scripts is enabled
• Confirmed sites loads correctly when Block scripts is disabledd

Case 6: `Upgrade connections to HTTPS`

visit http://https-everywhere.badssl.com and disable HTTPS from the shields panel
visit http://https-everywhere.badssl.com again and ensure that the HTTPS upgrade doesn't occur

Case 7: Change site shiled setting

• Opened couple of sites and changed site shield settings and confirmed site shield settings work as expected

Case 8: Upgrade case

Installed 1.25.70 opened a few sites and changed site shield settings and global shield settings and upgraded profile to 1.25.72

• Confirmed site shield settings are retained after the upgrade
• Confirmed global shield settings are retained after the upgrade
• Confirmed site/global shield settings can be changed after the upgrade

---

Verification passed on

Brave	1.25.72 Chromium: 91.0.4472.101 (Official Build) (64-bit)
Revision	af52a90bf87030dd1523486a1cd3ae25c5d76c9b-refs/branch-heads/4472@{#1462}
OS	Ubuntu 18.04 LTS

• Verified the description from the issue Brave does not respect Shield settings for Web-Sites #16265 (comment)

Case 1: Disable a site shield

• Open interia.pl and disable the shield
• Confirmed none of the requests are Blocked in Network->Status column
• Confirmed ads are shown

Case 2: Change global shiled setting `Trackers & ads blocking`

• Confirmed Ads and trackers are blocked in opened sites when Trackers & ads blocking shield settings are set to Standard
• Confirmed Ads and trackers are allowed in opened sites when Trackers & ads blocking shield settings are set to Disabled
• Confirmed Ads and trackers are blocked in opened sites when Trackers & ads blocking shield settings are set to Aggressive

Case 3: Change global shiled setting `Cookies blocking`

• Confirmed cross-site cookies are blocked in opened sites when Cookie blocking is set to Only cross-site
• Confirmed all cookies are blocked in opened sites when Cookie blocking is set to All
• Confirmed cookies are allowed in opened sites when Cookie blocking is set to Disabled

Case 4: Change global shiled setting `Fingerprinting blocking`

• Confirmed fingerprinting is blocked in opened sites when Fingerprinting blocking is set to Standard
• Confirmed fingerprinting is blocked strictly in opened sites when Fingerprinting blocking is set to Strict may break sites
• Confirmed fingerprinting are allowed in opened sites when Fingerprinting blocking is set to Disabled

Case 5: Change global shiled setting `Block scripts`

• Confirmed Java scripts are blocked in a site when Block scripts is enabled
• Confirmed sites loads correctly when Block scripts is disabledd

Case 6: `Upgrade connections to HTTPS`

visit http://https-everywhere.badssl.com and disable HTTPS from the shields panel
visit http://https-everywhere.badssl.com again and ensure that the HTTPS upgrade doesn't occur

Case 7: Change site shiled setting

• Opened couple of sites and changed site shield settings and confirmed site shield settings work as expected

Case 8: Upgrade case

Installed 1.25.70 opened a few sites and changed site shield settings and global shield settings and upgraded profile to 1.25.72

• Confirmed site shield settings are retained after the upgrade
• Confirmed global shield settings are retained after the upgrade
• Confirmed site/global shield settings can be changed after the upgrade

---

Verification PASSED on macOS 11.3 x64 using the following build:

Brave | 1.25.72 Chromium: 91.0.4472.101 (Official Build) (x86_64)
--- | ---
Revision | af52a90bf87030dd1523486a1cd3ae25c5d76c9b-refs/branch-heads/4472@{#1462}
OS | macOS Version 11.3 (Build 20E232)

Ran through a combination of the cases mentioned above that both @GeetaSarvadnya & @btlechowski ran though and the cases that I created via brave/brave-core#9038 (comment) when verifying the fix on Nightly before we uplifted into 1.25.x via brave/brave-core#9078.

[darkmac78]

Same happens on latest opensuse brave version.