websocket blocked when easylist match

[jaypea]

Read first: https://github.com/gorhill/uBlock/blob/master/CONTRIBUTING.md

Describe the issue

i'm developing a JS app which tries to use a websocket (socket.io) on the local domain.
however the request to wss://localhost:8080 gets blocked when the URI of the page has an easylist match:

12:57:21                xhr http://localhost:8080/__webpack_hmr
12:57:21                font    http://localhost:8080/a0537ab9872ea22b2d7284338162d708.woff2
12:57:21                xhr http://localhost:8080/socket.io/?EIO=3&transport=polling&t=LRLyanz
12:57:21                script  http://localhost:8080/bundle.js
12:57:21                css http://localhost:8080/fonts/font-awesome/css/font-awesome.min.css
12:57:20        /?view=ad   --  websocket   http://localhost:8080/?view=admin
12:57:20                inline-script   http://localhost:8080/?view=admin
12:57:20                doc http://localhost:8080/?view=admin

script console says: bundle.js:46 Refused to connect to 'wss://localhost:8080/socket.io/?EIO=3&transport=websocket&sid=4nqaF7ANnFB8df04AAAa' because it violates the following Content Security Policy directive: "connect-src http:".

i'd expect the connection to wss:// or ws:// to be allowed for the same host and port.

Your settings

settings backup txt

{
  "timeStamp": 1472469752457,
  "version": "1.9.2",
  "userSettings": {
    "advancedUserEnabled": true,
    "autoUpdate": true,
    "cloudStorageEnabled": true,
    "collapseBlocked": true,
    "colorBlindFriendly": false,
    "contextMenuEnabled": true,
    "dynamicFilteringEnabled": true,
    "externalLists": "! Examples:\n! https://easylist-downloads.adblockplus.org/fb_annoyances_full.txt\n! https://easylist-downloads.adblockplus.org/yt_annoyances_full.txt\nhttps://raw.githubusercontent.com/r4vi/block-the-eu-cookie-shit-list/master/filterlist.txt\nhttps://raw.github.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt\n",
    "firewallPaneMinimized": true,
    "hyperlinkAuditingDisabled": true,
    "ignoreGenericCosmeticFilters": false,
    "largeMediaSize": 50,
    "parseAllABPHideFilters": true,
    "prefetchingDisabled": true,
    "requestLogMaxEntries": 1000,
    "showIconBadge": true,
    "tooltipsDisabled": false,
    "webrtcIPAddressHidden": false
  },
  "filterLists": {
    "assets/user/filters.txt": {
      "group": "default",
      "off": false,
      "entryCount": 0,
      "entryUsedCount": 0
    },
    "assets/ublock/experimental.txt": {
      "title": "uBlock filters – Experimental",
      "group": "default",
      "off": true,
      "supportURL": "https://github.com/gorhill/uBlock/wiki/Experimental-filters",
      "instructionURL": "https://github.com/gorhill/uBlock/wiki/Experimental-filters"
    },
    "https://raw.githubusercontent.com/r4vi/block-the-eu-cookie-shit-list/master/filterlist.txt": {
      "title": "Block-EU-Cookie-Shit-List",
      "group": "custom",
      "external": true,
      "off": false,
      "entryCount": 1134,
      "entryUsedCount": 799
    },
    "https://raw.github.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt": {
      "title": "AakList (Anti-Adblock Killer)",
      "group": "custom",
      "external": true,
      "off": false,
      "entryCount": 2009,
      "entryUsedCount": 0
    },
    "assets/thirdparties/easylist-downloads.adblockplus.org/easylist.txt": {
      "title": "EasyList",
      "group": "ads",
      "homeURL": "https://easylist.to/easylist/easylist.txt",
      "supportURL": "https://forums.lanik.us/",
      "off": false,
      "entryCount": 66758,
      "entryUsedCount": 66672
    },
    "https://easylist-downloads.adblockplus.org/easylistgermany.txt": {
      "off": false,
      "title": "DEU: EasyList Germany",
      "group": "regions",
      "lang": "de",
      "supportURL": "https://forums.lanik.us/viewforum.php?f=90",
      "entryCount": 9587,
      "entryUsedCount": 9584
    },
    "assets/thirdparties/easylist-downloads.adblockplus.org/easyprivacy.txt": {
      "title": "EasyPrivacy",
      "group": "privacy",
      "homeURL": "https://easylist.to/easylist/easyprivacy.txt",
      "supportURL": "https://forums.lanik.us/",
      "off": false,
      "entryCount": 11910,
      "entryUsedCount": 11869
    },
    "https://raw.githubusercontent.com/liamja/Prebake/master/obtrusive.txt": {
      "off": false,
      "title": "EU: Prebake - Filter Obtrusive Cookie Notices",
      "group": "regions",
      "supportURL": "https://github.com/liamja/Prebake",
      "entryCount": 862,
      "entryUsedCount": 859
    },
    "assets/thirdparties/mirror1.malwaredomains.com/files/justdomains": {
      "title": "Malware domains",
      "group": "malware",
      "homeURL": "https://mirror.cedia.org.ec/malwaredomains/justdomains",
      "supportURL": "http://www.malwaredomains.com/",
      "off": false,
      "entryCount": 23103,
      "entryUsedCount": 23031
    },
    "assets/thirdparties/pgl.yoyo.org/as/serverlist": {
      "title": "Peter Lowe’s Ad server list",
      "group": "ads",
      "homeURL": "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext",
      "supportURL": "https://pgl.yoyo.org/adservers/",
      "off": false,
      "entryCount": 2371,
      "entryUsedCount": 2371
    },
    "https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt": {
      "off": false,
      "title": "Anti-Adblock Killer | Reek",
      "group": "ads",
      "supportURL": "https://github.com/reek/anti-adblock-killer",
      "instructionURL": "https://github.com/reek/anti-adblock-killer#instruction",
      "entryCount": 2009,
      "entryUsedCount": 2009
    },
    "assets/thirdparties/www.malwaredomainlist.com/hostslist/hosts.txt": {
      "title": "Malware Domain List",
      "group": "malware",
      "homeURL": "https://www.malwaredomainlist.com/hostslist/hosts.txt",
      "off": false,
      "entryCount": 1226,
      "entryUsedCount": 1226
    }
  },
  "netWhitelist": "about-scheme\nbehind-the-scene\nchrome-extension-scheme\nchrome-scheme\njimdo.dev\nloopconversation.about-scheme\nopera-scheme",
  "dynamicFilteringString": "behind-the-scene * 3p-frame noop\nbehind-the-scene * 3p noop",
  "urlFilteringString": "",
  "hostnameSwitchesString": "",
  "userFilters": ""
}

- Browser/version: Chrome 52 linux - uBlock Origin version: 1.9.2 ##### Your filter lists

Default filter lists + DEU

Your custom filters (if any)

[gorhill]

Will release 1.9.4 ASAP.

[gorhill]

Issue was that any match was considered when evaluating whether websocket should be wholly block or not. For the purpose of injecting a websocket-blocking CSP, only filters with an explicit websocket option must be considered.

[mapx-]

*$websocket,domain=pornhub.com is working fine
|ws://$websocket,domain=pornhub.com does not.

What about the easylist filters:

|ws://$other,third-party,domain=jpost.com
|wss:$other,domain=thewatchseries.to
|ws://$domain=4shared.com

any chance to be "seen" / converted by ubo ?

[gorhill]

any chance to be "seen" / converted by ubo ?

Good idea. I didn't even know these filters existed.

Probably could be converted at compile time, with a special code path. The ones with third-party though would need to be discarded in the current implementation, unless I extend the code to support injecting a CSP directive such as connect-src http: ws://jpost.com; (using the example above).

[Snapy]

@gorhill FYI here are the ws/wss filters I found in Easylist & Easyprivacy
|wss:$other,domain=thewatchseries.to
|ws://nodesocket-$other,domain=thewatchseries.to
|ws://$domain=4shared.com
|ws://$other,third-party,domain=batmanstream.com
|ws://$other,third-party,domain=jpost.com
|ws://$other,third-party,domain=fastpic.ru
|ws://$other,domain=pornhub.com|redtube.com|redtube.com.br|tube8.com|tube8.es|tube8.fr|xtube.com|youporn.com|youporngay.com (I believe it is similar to this filter *$websocket,domain=free-torrents.org|natureworldnews.com|opensubtitles.org|parentherald.com|pornhub.com|redtube.com|redtube.com.br|tomshardware.com|tube8.com|tube8.es|tube8.fr|xtube.com|youporn.com|youporngay.com present in uAssets)

[gorhill]

I wish websocket was used instead of other. Firefox is able to distinguish websocket requests, and for Chrome also of course since the wrapper is the one creating the request. I don't get why non-descript other was used.

Essentially this means that other won't work to block websocket requests in uBO, unless the special handling path is taken. For instance, |ws://nodesocket-$other,domain=thewatchseries.to won't work for uBO (unless I add yet-another special case for handling other...)

[Snapy]

I understand your worries. Maybe @ryanbr could tell us why other is used.
A wild guess would be that websocket option breaks ABP on Chromium browsers.

[mapx-]

on extratorrent.cc
in ABP wsp.mgid.comseems blocked

in ubo I can see this url (..ubofix) in network tab (and it seems also blocked but a user reported ads):

http://extratorrent.cc/?url=wss%3A%2F%2Fwsp.mgid.com%2Fws&ubofix=f41665f3028c7fd10eecf573336216d3

https://forums.lanik.us/viewtopic.php?p=101726#p101726

[gorhill]

on extratorrent.cc

Site is down, "503 Service Unavailable".

The ubofix URL is a fake, internal-only one, emitted by uBO-WebSocket and caught by uBO and never leaves the browser. I should probably convert to using postMessage() as suggested here.