Won't block 3rd party properly
-
Hi @NickC, ive just released v4.0 on my website. the App Store version should hopefully be available after review by Apple later today or tomorrow.
@SweetP I've tried it on another laptop with the fresh v4 from the website. I love the new types and control it allows.
Sadly, the bug still seems to happen. As soon as I add the 2 exceptions (for which I've disabled all types except the document), the page loads everything from 3rd party domains, which is weird.
Maybe the bug is that it ignores the exceptions lists settings for 3rd party types altogether?
-
@NickC, ive just released v4.0.1 with a rewritten rule engine which should fix the the issue you are seeing
-
perfect!
thanks for being persistent
The App Store version should be available later today or tomorrow
@SweetP And thank you for the quick fix.
As a side note, does the exceptions list enforce subdomains or just the main domain?
(i.e. research.investors.com vs investors.com)From what I could tell, if I add just the subdomain (research.investors.com) to the exceptions list, other subdomains (myibd.investors.com, auth.investors.com, etc.) from that main domain get whitelisted as well. Is this a Safari API limitation?
-
If you add an exception to a top level domain, it will also apply to all subdomains. To override that you need to also add an exception to any subdomains you want different settings for
@SweetP yeah, but now if I add just the subdomain research.investors.com for example, the other subdomains from investors.com get somehow to load JS and what I selected for the research.investors.com subdomain. The root domain doesn’t have a exception added. That is, I just have 1 rule, for the subdomain research.
-
Subdomain exceptions should only apply to that particular subdomain… and also any sub sub domains (if that makes sense)
@SweetP yes, I would think so. But currently it loads other subdomains that are at the same level as it is. Like auth.investors.com gets to load stuff with only the 1 rule added for research.investors.com.
-
Interesting,
As a workaround, you could set an exception on the top level domain and block everything@SweetP I tried that and also tried blocking other subdomains explicitly but still they load. It’s weird.
This is probably a corner case, as the bulk of the app is about blocking 3rd party resources.
But with new tracking/fingerprinting scripts being hosted on subdomains they usually pass by unfiltered.It would be great to specifically add an exception to those pesky subdomains and let all other subdomains load. But currently the exception doesn’t apply if one is permitting JS, all will load regardless.
-
@NickC OK, it finally updated in the store and got to update my main Mac.
I tried it out and as detailed, I think there's still a minor bug either with the subdomain enforcement or with Webkit itself.
From the 2 rules added, I would expect the images from www.investors.com to be blocked and just the ones on research.investors.com to be allowed. However, this is not the case. It would make for a fairly advanced Ad-blocker with this feature fully working
Maybe when you get some spare time to investigate you can figure where the issue lies. Thanks for all your work so far!
-
Ive been thinking about this, and im not sure this is an actual bug (in WebKit) but more of a limitation in the way it is implemented.
With the subdomain rule, you are blocking all third parties - which is happening.
but allowing some first party resources other subdomains and the top-level domain are actually first party resources, which it is also doing.I don't think there is a way to restrict resources to the specific domain/subdomain only - at least not via the APIs that Apple is providing.
-
hmm,
I might have spoke too soon.
there is maybe a rule I can use
but it may be too restrictive for most users....Im not sure how this could be implemented in a user friendly and non destructive way for most users.
Ill have a think about it and see if I can find a way to implement what you are hoping for, but not degrade the experience for everyone else (assuming the rule I mentioned does actually work :))
