Closes #311: enable tracking protection #318

mcomella · 2018-01-12T23:56:11Z

The isBlockingEnabled flag should still work when we add the UI.

From my commit summary:

I think request.isForMainFrame() is unnecessary because of this line in
UrlMatcher.matches:

        if (pageHost != null && pageHost.equals(resourceHost)) {
            return false;
        }

Which whitelists first party requests: this is assuming the pageHost, which
comes from TrackingProtectionWebViewClient.currentPageUrl, actually
represents the current page loading (and thus the main frame).

I noted that my Android TV emulator seems to block the same numbers of trackers
as Focus.

I think request.isForMainFrame() is unnecessary because of this line in UrlMatcher.matches: if (pageHost != null && pageHost.equals(resourceHost)) { return false; } Which whitelists first party requests: this is assuming the `pageHost`, which comes from `TrackingProtectionWebViewClient.currentPageUrl`, actually represents the current page loading (and thus the main frame). I noted that my Android TV emulator seems to block the same numbers of trackers as Focus.

liuche

One comment about isForMainFrame.

liuche · 2018-01-13T01:45:26Z

app/src/webview/java/org/mozilla/focus/webview/TrackingProtectionWebViewClient.java


        // Don't block the main frame from being loaded. This also protects against cases where we
        // open a link that redirects to another app (e.g. to the play store).
-        final Uri pageUri = Uri.parse(currentPageURL);
-
-//        if ((!request.isForMainFrame()) &&


I dug through some code and it looks like the isForMainFrame was added to prevent non-browser links (like market://) from crashing on this matcher check.

If you verify that it still works, then I'm okay with it, but otherwise I'd leave it in.

mozilla-mobile/focus-android#106 (comment)

I can't use isForMainFrame because with this version of the webView we get a string, rather than the expected type we get in Focus.

That being said, I'll dig in on your research – thanks for doing that (good idea!)!

it looks like the isForMainFrame was added to prevent non-browser links (like market://) from crashing on this matcher check.

Looking at the linked issue, it looks like the http/http(s) checks were added to prevent crashing with malformed URLs like (market:://) but isForMainFrame is unrelated. #38 is open for fixing the http(s) check, which is out of scope of this issue (and we haven't seen any problems for it yet - maybe AmazonWebView is different because we're on a TV).

mcomella added 2 commits January 12, 2018 15:49

Add comment about discovered bug.

4ce187e

mcomella requested review from liuche and boek January 12, 2018 23:56

Add comment explaining the first party whitelist.

8dc2b4d

liuche approved these changes Jan 13, 2018

View reviewed changes

mcomella merged commit 33ee0b1 into mozilla-mobile:master Jan 16, 2018

mcomella deleted the i311-tp branch January 16, 2018 23:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Closes #311: enable tracking protection #318

Closes #311: enable tracking protection #318

mcomella commented Jan 12, 2018

liuche left a comment

liuche Jan 13, 2018

mcomella Jan 16, 2018

mcomella Jan 16, 2018

Closes #311: enable tracking protection #318

Closes #311: enable tracking protection #318

Conversation

mcomella commented Jan 12, 2018

liuche left a comment

Choose a reason for hiding this comment

liuche Jan 13, 2018

Choose a reason for hiding this comment

mcomella Jan 16, 2018

Choose a reason for hiding this comment

mcomella Jan 16, 2018

Choose a reason for hiding this comment