Does blocking by URL actually work?

[timkgh]

I blocked a specific URL for an extension:

But I still see DNS requests on my router for o1388847.ingest.sentry.io coming from this extension instance (if I disable the extension, the requests stop) and also actual network traffic to/from the IP the name resolves to, captured with tcpdump.

I did the full manual installation from this repo, not from the Chrome extension store.

[dnakov]

To be honest, i haven't tried blocking by individual urls myself. Does blocking all still work? Now I'm worried that a chrome update might decided to prevent this, i'll have to look later

[timkgh]

No, blocking the entire extension does not work either, I still see network traffic.

[dnakov]

Strange. I just tested it on multiple extensions, both URL and All work (latest chrome Version 125.0.6422.61 (Official Build) (arm64)). Can you try reinstalling and blocking some other extensions too? Also, your chrome version.

[timkgh]

Same version 125.0.6422.61 (Official Build) (arm64)

I can't get it to block. Maybe some other extension interferes, e.g. Proxy SwitchyOmega (though this one is not active, not using a proxy)

How do you test it? Are you looking at the actual network traffic using Wireshark, tcpdump or just trusting what Chrome may say? I'm looking at the traffic on the router, it's pretty clear connections are being made.

Can you try blocking the Unclutter extension?

One other observation: it looks like the traffic I'm seeing is HTTP/3, not sure whether it matters.

[dnakov]

I have a simple test extension that just does fetch(url). URL is a remote host that I have access to and can look at incoming requests. I can also see that the fetch fails by looking at the error log of that test extension test.zip

Do you have any other profiles open that could have that extension open? I'm gonna try Unclutter in a few.

[timkgh]

Do you have any other profiles open that could have that extension open?

I do not.

[dnakov]

Just tried with Unclutter. This is its service-worker erroring once I blocked it.

[dnakov]

Unblocked, then blocked. Can you try this on your end, go to Manage extensions, find Unclutter, click the service-worker.js link. This will open up its devtools, go to the network tab. Unblock it, click on the Unclutter extension icon, that triggers a request. Then block it and repeat, you should see it in red.

[timkgh]

Mine shows a different error and it gets a 429 from Sentry:

{
    "detail": "Sentry dropped data due to a quota or internal rate limit being reached. This will not affect your application. See https://docs.sentry.io/product/accounts/quotas/ for more information."
}

[dnakov]

It should say blocked in the network tab, but doesn't look like it. It's possible you have some other extension that explicitly allows all calls from extensions via a rule, which could invalidate this blocking rule. Can you try in a new profile without other extensions?

[timkgh]

Hmm, maybe it does work partially. I can get it to block retrieving content from the site that it's trying to unclutter when I click on the Unclutter icon. That part works. But there seem to be some calls to Sentry that happen in the background, on a regular basis when I'm not even using Chrome, and those do not get blocked (they just happen to get a 429 from Sentry, but that's a different issue with the dev's Sentry account).

Do you see any calls to *.sentry.io blocked or allowed? Mine is for o1388847.ingest.sentry.io but perhaps it varies with each extension install.

[dnakov]

A lot of websites and apps use sentry for tracking, could be from anywhere. little-rat just blocks extensions.