Enable CNAME uncloaking by default

Advanced setting `cnameAliasList` has been removed. New advanced settings: cnameUncloak: Boolean Default value: true Description: Whether to CNAME-uncloak hostnames. cnameIgnoreExceptions: Boolean Default value: true Description: Whether to bypass the uncloaking of network requests which were excepted by filters/rules. This is necessary so as to avoid undue breakage by having exception filters being rendered useless as a result of CNAME-uncloaking. For example, `google-analytics.com` uncloaks to `www-google-analytics.l.google.com` and both hostnames appear in Peter Lowe's list, which means exception filters for `google-analytics.com` (to fix site breakage) would be rendered useless as the uncloaking would cause the network request to be ultimately blocked.
gorhill · Dec 1, 2019 · 91e702c · 91e702c
1 parent 8a1a8b1
commit 91e702c
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 14 deletions.
diff --git a/platform/firefox/vapi-webrequest.js b/platform/firefox/vapi-webrequest.js
@@ -61,19 +61,21 @@
  super();
  this.pendingRequests = [];
  this.cnames = new Map([ [ '', '' ] ]);
- this.cnameAliasList = null;
  this.cnameIgnoreList = null;
  this.cnameIgnore1stParty = true;
+ this.cnameIgnoreExceptions = true;
  this.cnameIgnoreRootDocument = true;
  this.cnameMaxTTL = 60;
  this.cnameReplayFullURL = false;
  this.cnameTimer = undefined;
+ this.cnameUncloak = true;
  }
  setOptions(options) {
  super.setOptions(options);
- this.cnameAliasList = this.regexFromStrList(options.cnameAliasList);
+ this.cnameUncloak = options.cnameUncloak !== false;
  this.cnameIgnoreList = this.regexFromStrList(options.cnameIgnoreList);
  this.cnameIgnore1stParty = options.cnameIgnore1stParty !== false;
+ this.cnameIgnoreExceptions = options.cnameIgnoreExceptions !== false;
  this.cnameIgnoreRootDocument = options.cnameIgnoreRootDocument !== false;
  this.cnameMaxTTL = options.cnameMaxTTL || 120;
  this.cnameReplayFullURL = options.cnameReplayFullURL === true;
@@ -199,22 +201,29 @@
  );
  }
  onBeforeSuspendableRequest(details) {
- let r = super.onBeforeSuspendableRequest(details);
- if ( r !== undefined ) { return r; }
- if ( this.cnameAliasList === null ) { return; }
- if ( details.type === 'main_frame' && this.cnameIgnoreRootDocument ) {
+ const r = super.onBeforeSuspendableRequest(details);
+ if ( r !== undefined ) {
+ if (
+ r.cancel === true ||
+ r.redirectUrl !== undefined ||
+ this.cnameIgnoreExceptions
+ ) {
+ return r;
+ }
+ }
+ if (
+ details.type === 'main_frame' &&
+ this.cnameIgnoreRootDocument
+ ) {
  return;
  }
+ if ( this.cnameUncloak === false ) { return; }
  const hn = vAPI.hostnameFromNetworkURL(details.url);
  let cname = this.cnames.get(hn);
  if ( cname === '' ) { return; }
  if ( cname !== undefined ) {
  return this.processCanonicalName(hn, cname, details);
  }
- if ( this.cnameAliasList.test(hn) === false ) {
- this.cnames.set(hn, '');
- return;
- }
  return browser.dns.resolve(hn, [ 'canonical_name' ]).then(
  rec => {
  const cname = this.recordCanonicalName(hn, rec);

diff --git a/src/js/background.js b/src/js/background.js
@@ -46,12 +46,13 @@ const µBlock = (( ) => { // jshint ignore:line
  cacheStorageAPI: 'unset',
  cacheStorageCompression: true,
  cacheControlForFirefox1376932: 'no-cache, no-store, must-revalidate',
- cnameAliasList: 'unset',
  cnameIgnoreList: 'unset',
  cnameIgnore1stParty: true,
+ cnameIgnoreExceptions: true,
  cnameIgnoreRootDocument: true,
- cnameMaxTTL: 120,
+ cnameMaxTTL: 60,
  cnameReplayFullURL: false,
+ cnameUncloak: true,
  consoleLogLevel: 'unset',
  debugScriptlets: false,
  debugScriptletInjector: false,

diff --git a/src/js/storage.js b/src/js/storage.js
@@ -136,12 +136,13 @@
 self.addEventListener('hiddenSettingsChanged', ( ) => {
  self.log.verbosity = µBlock.hiddenSettings.consoleLogLevel;
  vAPI.net.setOptions({
- cnameAliasList: µBlock.hiddenSettings.cnameAliasList,
  cnameIgnoreList: µBlock.hiddenSettings.cnameIgnoreList,
  cnameIgnore1stParty: µBlock.hiddenSettings.cnameIgnore1stParty,
+ cnameIgnoreExceptions: µBlock.hiddenSettings.cnameIgnoreExceptions,
  cnameIgnoreRootDocument: µBlock.hiddenSettings.cnameIgnoreRootDocument,
  cnameMaxTTL: µBlock.hiddenSettings.cnameMaxTTL,
  cnameReplayFullURL: µBlock.hiddenSettings.cnameReplayFullURL,
+ cnameUncloak: µBlock.hiddenSettings.cnameUncloak,
  });
 });
 

diff --git a/src/js/traffic.js b/src/js/traffic.js
@@ -103,7 +103,8 @@ const onBeforeRequest = function(details) {
  ) {
  pageStore.setFrame(details.frameId, details.url);
  }
- return;
+ if ( result !== 2 ) { return; }
+ return { cancel: false };
  }
 
  // Blocked