brave-browser
brave-browser copied to clipboard
brave
Allow shields to whitelist an entire site, including subdomains
I switched from Chrome to Brave and then realized the Brave Shield has no domain whitelist feature. My work in IT requires that I use many web applications for which I do not want the shield operating. For example, I remote into dozens of servers each day using LogMeIn. Each URl is different, but the domain is always logmein.com. I would like to whitelist that domain so that each sub-domain is automatically whitelisted. AdBlockPlus has this feature. So now I have to move back to Chrome. I feel this is a basic feature that should be incorporated into the Brave Shield.
Other users have also requested this functionality:
- https://twitter.com/nicksergeant/status/1169044157568077824
Pinging this again. This is an incredibly necessary request, why has this sat here since July?
Any news on this? I got plenty of apps within my company's domain and their number is growing constantly - I'd love to see this feature get through
I found this issue because I was looking for the same thing. It would be great to have a setting for doing this.
Brave currently does allow for whitelisting via the brave://adblock/ page using adblock syntax:
@@||ads.example.com/notbanner^$~script
or entire sites:
@@||example.com^$document
if the OP needs to whitelist logmein they should be able to do so (with all subdomains) by adding:
@@||logmein.com^
What's missing currently is the ability to add URLs or to use a custom schema like ABP has to subscribe to a list:
abp:subscribe?location=https%3A%2F%2Fwww.example.com%2Fwhitelist%2Fsample-whitelist.txt%26amp%3Btitle%3DExample%20Whitelist
Brave would likely be able to solve a number of extension compatibility issues if there was a programmatic way to add exceptions or to subscribe to lists so that extensions could provide configuration files that users could decide to enable to deal with compatibility issues.
Thanks @AdamSC1-ddg.
I just tried this with @@||wordpress.com^ as a quick test to whitelist all WordPress.com sites, but the shields are still operational on them.
Is there something I'm missing?
I've also tried the @@||wordpress.com^$document variant to no avail.
I had managed to get this to work a while ago when targeting Outbrain ads, but, having tried again there is an issue.
To further test this I noted that:
- Custom filters do block. For example
||redditstatic.com^will break Reddit. - Custom whitelisting will overrule custom blocks. For example, placing
@@||redditstatic.com^one line under||redditstatic.com^over rules the blocking.
It seems that it isn't the case that whitelisting in general isn't working - but, rather that we are unable to have whitelisting over rule built-in lists and regional lists. I would guess based on the order they are being applied in? (cc: @rebron @bsclifton )
(Also @Luminus - the rule @@||wordpress.com^ wouldn't turn off shields for all WordPress sites, it would prevent any request from WordPress.com from being blocked on any site.)
@AdamSC1-ddg thanks for the explanation.
So in essence, it isn't quite possible just yet to whitelist a domain and all its subdomains so that shields are down for them.
Is this something that you think will get implemented anytime soon?
@AdamSC1-ddg thanks for the explanation.
So in essence, it isn't quite possible just yet to whitelist a domain and all its subdomains so that shields are down for them.
Is this something that you think will get implemented anytime soon?
In theory doing @@||wordpress.com^$document should whitelist all calls (same as disabling shields) on wordpress.com and its subdomains. Where as @@||wordpress.com^ should whitelist all calls to WordPress from other sites.
Not sure why its failing, but, I tagged the Brave staff who were involved in that convo above so hopefully they can investigate a fix.
Multiple +1's from https://github.com/brave/brave-browser/issues/7680
Including this great list from @Brave-Matt:
Some additional reports:
- https://community.brave.com/t/shields-is-blocking-webgl-on-itch-io/81402
- https://community.brave.com/t/how-to-widen-scope-of-saved-site-exceptions/13715
- https://community.brave.com/t/cant-deny-all-and-whitelist-cookies-in-version-0-57-18/39166/2
- https://community.brave.com/t/bravew-shields-league-of-legends/78761
- https://community.brave.com/t/a-manually-edited-whitelist-of-sites/89953
- https://community.brave.com/t/testing-brave-shields/39899/3
- https://www.reddit.com/r/brave_browser/comments/bwt4sw/whitelist_with_wildcard/
Happy to find/add more if necessary.
This is probably a reason to move back to Chrome. I really don't feel inclined to whitelist all our local IP addresses one by one...
@karenkliu Let's see if we can move this one along. We're looking for a list exception to turn off shields for specified domains. @AdamSC1-ddg mentioned using brave://adblock Custom Filter rules. a) It's possible we keep this as an advanced user feature and use the Custom Filter rules instead of adding UI to this. cc: @yrliou
We could also go with using b) brave://settings/content and introduce Shield settings here to manage a list or c) add a pref to brave://settings/shields. Or something else entirely.
@adamreisnz Thanks for the feedback and we do want to see why Brave users would possibly even consider moving back to Chrome and address those issues in a timely manner. With our speed and privacy advantages https://webtest.app/ we hopefully can keep you. Those seconds add up.
@rebron
. . . It's possible we keep this as an advanced user feature and use the Custom Filter rules instead of adding UI to this . . . Or something else entirely.
I just did a test where I whitelisted @@||api.amplitude.com^ via chrome://adblock/. When I reloaded the page, the call was still listed as being blocked
I would think this detailed view is a great place to add a slider toggle to whitelist a domain right from the UI, rather than having to load a separate advanced settings page. I believe this would be similar to the Ghostery ux-- "for website x, allow 3rd party calls to domain y"
My $0.02
I do not use Brave cause this. I preffer to keep using mozilla and NoScript, wich lets u whilelist sites and trackers one by one.
Having to unblock manually all the time is annoying.
+1 here, too. We have a huge number of internal pages which I could whitelist with one line, if this were possible.
+1
I'm trying to get out IT support over to Brave from Chrome, but this issue is preventing me recommending Brave currently. We use LogMeIn extensively and the URL for each session changes each time we connect, e.g.
https://testpc-zmddtrpcys.app03-32.logmein.com/
and cross-site trackers enabled breaks our ability to remote on to the machine. Yes, we can untick it each time but ideally we want to disable it for *.logmein.com.
Watching this thread with interest.
+1 I am unable to authenticate to portal.azure.com (Microsoft Azure management) because my company is integrating with Duo Security as an MFA provider. Brave is interpreting some aspect of the cross-site MFA process as Ad or Tracking related, and thus breaking authentication.
The redirects happen so fast that I am unable to manually open the Shields UI to disable Shields on all sites involved. Adding the sites I believe to be involved in the exchange to the brave://adblock white list (in both @@||site.com^ and @@||site.com^$document format) is ineffective.
I am falling back to use of Firefox for Azure access, but I would prefer to use Brave for everything. I can't recommend this product to colleagues until it is compatible with all of the tools that we need to use to get our jobs done.
Definitely need this resolved. My bank recently changed its authentication when you sign in and it takes you to a URL on a subdomain that has "shields up" But I can't white list by clicking the shield because then it reloads the page / can't login to bank b/c the authentication process is interrupted.
C'mon, Why is this still not fixed? Just add a button next to the cross-site trackers in the shield "disable".
This is a huge issue for adoption.
