Closed ameshkov closed 5 years ago
These two issues might change the way we're going to implement this:
@atropnikov see the last comment here: https://bugs.chromium.org/p/chromium/issues/detail?id=827582#c48
I have a change being reviewed right now (http://crrev.com/c/1338165) which will allow extensions to modify/view the headers if the 'extraHeaders' value is used in the extraInfoSpec of the listener. Once this is in Canary, you should be able to use this to match the previous behavior.
In order to test
turn off all filters
// test cookie removal by the domain name and cookie name
go to yandex.ru
see that there is a cookie with the name yandexuid
and it’s expiration will happen in 10 years
add rule
||yandex.ru^$cookie=yandexuid;maxAge=3600;sameSite=lax
reload yandex.ru
now expiration date is set to the current time plus one hour and the sameSite
property has value lax
// test all cookie removal by a domain name
go to google.com
add rule
||google.com^$cookie
reload page
all cookies set by google.com
should be removed
// test cookie removal by regexp
add rule
$cookie=/_ga/
go to meduza.io find out that cookies containing _ga
were removed
add rule
@@||meduza.io$cookie=/_ga/
reload meduza.io again and check that cookies containing _ga appeared again
all cookies removals or their modifying should be visible in the filtering log
also, check that in the integration mode cookies are not modified at all
Why:
I'd like this modifier to be able to:
Specification
The
$cookie
modifier completely changes rule behavior. Instead of blocking a request, this modifier makes us suppress or modify theCookie
andSet-Cookie
headers.$cookie
syntaxThe rule syntax depends on whether we are going to block all cookies or to remove a single cookie. The rule behavior can be changed with
maxAge
andsameSite
modifiers.||example.org^$cookie=NAME;maxAge=3600;sameSite=lax
-- every time AdGuard encounters a cookie calledNAME
in a request toexample.org
, it will do the following:3600
seconds||example.org^$cookie
-- blocks ALL cookies set byexample.org
. This is an equivalent to settingmaxAge
to zero.||example.org^$cookie=NAME
-- blocks a single cookie namedNAME
||example.org^$cookie=/regular_expression/
-- blocks every cookie that matches a given regular expression$cookie
rules are not affected by regular exception rules (@@
) unless it's a$document
exception. In order to disable a$cookie
rule, the exception rule should also have a$cookie
modifier. Here's how it works:@@||example.org^$cookie
-- unblocks all cookies set byexample.org
@@||example.org^$cookie=NAME
-- unblocks a single cookie namedNAME
@@||example.org^$cookie=/regular_expression/
-- unblocks every cookie matching a given regular expressionImplementation details
I suppose it is enough to intercept
Cookie
/Set-Cookie
headers and there's no need to mess with thedocument.cookie
property.Let's look at an example.
||example.org^$cookie=i_track_u
should block thei_track_u
cookie coming fromexample.org
https://example.org/count
Cookie
header value isi_track_u=1; JSESSIONID=321321
Cookie
header so that the server doesn't receive thei_track_u
value. Modified value:JSESSIONID=321321
Set-Cookie
headers received from the server.i_track_u
cookie (or modify it and strip that cookie if it contains more than one)Set-Cookie
header that setsi_track_u
with a negative expiration date:Set-Cookie: i_track_u=1; expires=[CURRENT_DATETIME]; path=/; domain=.example.org
.Real-life examples
$cookie=__cfduid
-- blocks CloudFlare cookie everywhere$cookie=/__utm[a-z]/
-- blocks Google Analytics cookies everywhere||facebook.com^$third-party,cookie=c_user
-- prevents Facebook from tracking you even if you are logged in