@SweetP Brilliant! It works now with proper separation between domain/subdomain and first/third-party resources are properly blocked.

Really like the simplified UI as well. Much cleaner and easier to follow. Great stuff overall!

@SweetP This great news. Looking forward to the new and improved v5

@SweetP said in Won't block 3rd party properly:

It looks as though you can load third party content via a first party script...

That seems to be the case. I didn’t get to try any blocking with unless-top-url instead of the unless-domain. Might be a limitation of the domain selector itself when working with a URL filter.

@SweetP Another bug, if you unblock by default all first-party resources, the generic block rule for first-party gets generated but with an empty array for resource-type which blocks all resources, thus completely preventing any page from loading.

  {
    "trigger" : {
      "resource-type" : [

      ],
      "load-type" : [
        "first-party"
      ],
      "url-filter" : ".*"
    },
    "action" : {
      "type" : "block"
    }
  },

@SweetP Sadly, I think I found a bug

When adding www.youtube.com as an exception to default blocking rules, all third-party resources get loaded as well, despite explicit blocking in both Minim's default and the exceptions list.

{
    "trigger" : {
      "load-type" : [
        "third-party"
      ],
      "resource-type" : [
        "script",
        "font",
        "style-sheet",
        "popup",
        "image",
        "media",
        "svg-document",
        "document",
        "raw",
        "ping",
        "fetch",
        "websocket",
        "other"
      ],
      "url-filter" : "^https?:\/\/www.youtube.com[:\/]"
    },
    "action" : {
      "type" : "block"
    }
  }

These are the rules that get added and the standard unless-domain = www.youtube.com for the default blocking policy.

From what I could tell, everything should work as expected, however, third-party resources all load.

All other behaviour in Minim seems to work as expected, but as soon as you add an exception with first-party resources unblocked, somehow third-party get loaded as well despite the rule seemingly being correct.

@SweetP Thanks for considering this.

If you decide to implement something like this, my only consideration would be to no add extra permission requirements to Minim, as I’d imagine the users of the app are a bit more privacy conscious.
Minim currently requires just Browsing History, which is acceptable:

Some apps that I disable and I imagine am not the only one require web page content access, which is very sensitive:

I imagine the only extra feature that would require such access would be a visual element picker for blocking, which, given the profile of the typical Minim user, would be pretty useless, as most privacy/techy types already know about the Web Inspector features of Safari and could write their own CSS (id, class, etc.) selectors.

@SweetP All seems to be working as expected. Thank you for doing this, Russell. With these changes Minim has become quite a fierce content blocker for Safari. Nothing quite like it.

@SweetP Thanks.

Also, don’t know if you saw my previous comment re the regex handling/typo. However, if you decide to remove the www handling part of the code, of course that comment would no longer apply.

Also, if you completely unblock all resources for www.google.com, since no other "url-filter" rules gets generated and only the default "unless-domain” google.com gets added (without www part) the exception won’t apply.

I think the default behaviour of stripping the www part when adding an exception to Minim is no longer valid with this new better handling of domain/subdomain separation. In essence, www is a subdomain and should be treated as such.

@SweetP Update just hit. Seems to work well, except for a small issue with the way www and non-www domains get handled.

If you go to www.google.com and add an exception for it, Minim’s list will have google.com without the www part
This means that with the current behaviour it won’t load resources unless the user manually fixes the exceptions list and adds the www back.

I think the regex for www matching is broken because of the extra escape char \ after www:

^https?:\/\/(www\\.)?google.com[:\/]

@SweetP Something seems to be wrong. The update just hit a moment ago and Minim seems to be blocking everything by default and ignores the Block Rules tab. Regardless of the options in Block Rules tab, the only rules written are the default

  {
    "trigger" : {
      "url-filter" : ".*"
    },
    "action" : {
      "type" : "ignore-previous-rules"
    }
  },
  {
    "trigger" : {
      "url-filter" : ".*"
    },
    "action" : {
      "type" : "block"
    }
  },

I think the resource-type trigger field is missing from the default block rules and just the action (i.e. block) is being generated, thus blocking every URL.

@SweetP Awesome. Looking forward to giving it a go.

Thank you, Russell. Have a great weekend!

@SweetP said in Won't block 3rd party properly:

Also, currently domains with a wildcard will override subdomain rules…
I’ll see if there’s anything I can do about that

I would think this to the expected behaviour. Once the user adds a wildcard root domain all subdomain rules should be ignored.
It would be great if the ruleset would automatically be pruned once the user whitelists the root domain with the wildcard, but that’s a nice to have mostly.

@SweetP wow, that’s awesome news! Thank you for looking into this, Russell. Looking forward to testing it.

@SweetP Ok, so from what I could tell of the way Minim is writing its ruleset, the trigger “if-domain” with the wildcard * seems to make the root domain + all subdomains whitelist appear.
As per Apple’s docs, "if-domain | An array of strings to match to a URL's domain; limits the action to a list of specific domains. The values must be lowercase ASCII, or Punycode for non-ASCII. Add * in front to match domain and subdomains. You can't use this with unless-domain.”

Would this mean that having Minim just add the if-domain without the wildcard * in front work as expected (i.e. to block just that specific subdomain) ?

This way, the user could either add * in front if he/she wants to block the root domain and be done with it or have more granular control by default.

Of course, there could be a small UI element (like a checkmark/asterisk icon or something similar) in front when adding a wildcard exception to the Minim list.

Would this work/be reasonable?

It would be awesome if Minim had the ability, for power users, to edit/add a local ruleset for visually hiding elements on pages (similar to a full-fledged--bloated-- content blocker like AdGuard, etc. but will much less fuss and complexity).

Thinking of either the ability to have a local .json formatted according to the Apple specs for content blocking rules
or something similar to an extension that I already use, but would love to use just Minim in my Safari and nothing else, like: AdZapper

This way Minim would become one of the best AppStore apps for advanced users that want to control what goes into their browser and also replace most need for bloated adblockers like AdGuard, etc.

@SweetP Thank you for the awesome work and responsiveness! Have a great day onwards!

@SweetP Indeed it does. Awesome sauce!

@SweetP 1. For the safari-web-extensions page I use a open source app from the store called Userscripts. Once installed the safari extension has a “open extension settings” link that once clicked goes to the editor for userscripts. This editor doesn’t load properly as JS is blocked in Minim.

2. For the safari-resource page, any website that doesn’t have a valid certificate would trigger that page—I use a local dev server or my local router’s https page that is signed with a local certificate.

Hmm, doesn't seem to be working yet.
Just to be sure I understood, the expected behavior is for Minim to not block (internal whitelist) the "safari-resources" and "safari-web-extensions" pages, right?
I tested it with the default settings of JS blocked in Minim, both for 1st and 3rd party. Obviously, if I disable it it works...but I cannot set an exception for these pages manually as the "+" button won't work with these pages since the URL is hidden in the bar.