impulse-blocker icon indicating copy to clipboard operation
impulse-blocker copied to clipboard

Published 20 hours ago verified publisher icon raicem

subdomain whitelist

Open jimdigriz opened this issue 4 years ago • 4 comments

Great tool but the one problem I regularly run into is my youtube.com listing.

The result is that if I enter my username and password into any Google login prompt (or when they want me to revalidate who I am, etc etc), I get dropped onto:

Impulse Blocker
Your impulse to visit accounts.youtube.com is successfully blocked!

Google seem to use this as to set some authentication cookie for me, I have no idea why they do this (probably ads, duh!) but it is what it is.

Is there a way for me to allow 'accounts.youtube.com' whilst blocking everything else?

jimdigriz avatar Dec 01 '20 15:12 jimdigriz

I run into the same problem constantly so it would be nice to work on this. Let's not forget that we can contribute!

jardondiego avatar Feb 02 '21 14:02 jardondiego

Thanks for the idea! I can see how this can be a big annoyance.

I don't know if we can implement a "whitelist" with the API we're using. It just allows me feed in a list or URLs (via a match pattern). So I don't think I can say block youtube.com but not accounts.youtube.com.

I think we block all subdomains by default. Which seems wrong to me. Maybe we should change that. If you block example.com, we start blocking a.example.com as well. That's due the match pattern we're creating.

Feel free to play around this idea. I certainly will this weekend. Now that we have unit tests I am more comfortable making a change like this.

raicem avatar Feb 02 '21 19:02 raicem

My advice is to treat the webRequest filter as a first-pass filter that only triggers your callback function when there is something of interest. This filter covers 99%+ of requests and means your extension only sees the traffic it needs to actually make a decision on.

The hook looks to be at https://github.com/raicem/impulse-blocker/blob/master/src/ImpulseBlocker.js#L62 and that hardcoded 'block' instruction will need to be replaced with a function that hooks in your rule engine.

Holding me back submitting a PR is that my opinion on how this should work (UI/UX wise) is probably different to how you see it and that decision is ultimately yours, once the UX/UI decision is the actual rule engine work is straight forward.

One recommendation though, consider using the https://publicsuffix.org/ list to create your webRequest match pattern filter.

jimdigriz avatar Feb 03 '21 09:02 jimdigriz

I agree with @jimdigriz, the webRequest.RequestFilter will return a match for all blacklisted sites. That is the right time to check for matches against a whiteList before blocking the request.

neuhaus avatar Jun 22 '21 12:06 neuhaus