Auto create temporary scopes ignore global scope rules

[jonvuri]

I set a global rule to allow all for youtube.com and ytimg.com to allow Youtube embeds on all pages. However, if I have the "Auto create temporary domain scope" setting on, when it creates the new temporary domains it blocks any youtube.com and ytimg.com includes on the current page (I also have strict blocking on), effectively invalidating the global rules since the domain scope has higher precedence. It would be nice if the new temporary scopes merged global whitelist rules into their default state, or perhaps didn't include overriding blacklists for any such domains at all.

[gorhill]

Rules in global scope are not ubiquitous. Scopes are sandboxed, they do not share rules between each others. If you want youtube.com and ytimg.com to be ubiquitously whitelisted in all scopes, add them to the "My allow rules" in the Ubiquitous rules tab.

It would be nice if the new temporary scopes merged global whitelist rules into their default state

That would lead to rule bloat, i.e. scopes with rules that are completely irrelevant to them, irrelevant as in having Youtube whitelisted on Hacker News.

[gorhill]

Dup of #227.

[jonvuri]

That would lead to rule bloat, i.e. scopes with rules that are completely irrelevant to them, irrelevant as in having Youtube whitelisted on Hacker News.

I had assumed there'd be a way to only merge the whitelist rules that would have otherwise been blacklisted in the new temporary scope.

Thanks for the tip about ubiquitous rules.

[gorhill]

only merge the whitelist rules that would have otherwise been blacklisted in the new temporary scope

Wait a minute, it should: https://github.com/gorhill/httpswitchboard/blob/master/js/httpsb.js#L483

Give me a test case, what site did you expect the youtube rules to be copied?

[jonvuri]

In the process of reproducing this I found out that it's basically random each time how many of the global whitelist rules are included and how - sometimes they are all included and whitelisted, sometimes only some of them are included, sometimes some of them are included and whitelisted and others are included and blacklisted. I will describe the precise steps I'm performing below as well as several results I'm seeing from the same steps:

With these settings:

Add global-scoped rules for youtube.com and ytimg.com, as well as frames for youtube.com and script and css for ytimg.com:

Make sure that no prior scope exists for *.pcper.com or www.pcper.com: (If reproducing again, start at this step and delete the automatic scope set for it, then commit the delete.)

Visit the page http://www.pcper.com/news/General-Tech/Computex-2014-Corsairs-Cherry-MX-RGB-Keyboards-Launch, which has an embedded Youtube video at the top of the article. I have gotten the following 3 results:

1. None of the whitelist rules are merged in, though they seem to appear (not whitelisted) in the Switchboard pane, possibly just because they are requests made on the page and not because they are global whitelist rules:
2. Only some of the whitelist rules are merged in, causing the embed to half load. It seems that this is usually *.ytimg.com, which causes the embed not to work because it needs the ytimg content to set up the clickable starter:
3. All of the rules are merged and the embed works:

Again, these are all with the same reproduction steps.

(As an aside, why isn't that temporary scope deleted right away as per the "Auto delete unused temporary scopes." option? I would have expected that to happen as soon as the tab was closed.)

[jonvuri]

Oh, note that the ytimg.com request might propagate from the youtube.com frame (I'm not actually sure).

[gorhill]

Sorry, I completely wasted your time. It just occurred to me that the scope is auto-created way too early, at a time when the matrix is rather empty, hence the copy rules helper doesn't see any relevant domain names, because there are no domain at all, let alone relevant. The solution would be to move the auto-creation of scope to when the page has finished loaded (when chrome.webNavigation.onCompleted is fired)

[jonvuri]

Sorry, I completely wasted your time.

Not at all! I'm a developer too, not just a disgruntled customer. Happy to help out any way I can.

The solution would be to move the auto-creation of scope to when the page has finished loaded (when chrome.webNavigation.onCompleted is fired)

I tried doing this and it still seems to produce the same bug, it doesn't merge in global whitelisted rules with the same repro steps. Maybe I'm missing a piece:

https://github.com/jrajav/httpswitchboard/commit/c2e249833d4dc9500d33f729341cd37d3c2c78c3

[gorhill]

Never mind, I will add useful information only if I spent time investigating what is actually happening.

[gorhill]

As said in the change log, I am done. If someone take the project further, good luck to them.