From e81fcc6f9819f61e0be2efebf42b9ee01b5ad135 Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Wed, 16 Sep 2020 16:34:31 -0500 Subject: [PATCH 1/5] Fixed #663 - Added logic to allow external scripts to be loaded if the frame ancestor was from a Facebook domain --- src/background.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/background.js b/src/background.js index 739b0867..d57377bc 100644 --- a/src/background.js +++ b/src/background.js @@ -289,6 +289,16 @@ function getRootDomain(url) { } +function getFrameAncestorsURLAndCheckIfFacebook(frameAncestorsArray) { + if (!frameAncestorsArray || frameAncestorsArray.length === 0) { + // No frame ancestor return false + return false; + } + + const frameAncestorsURL = frameAncestorsArray[0].url; + return isFacebookURL(frameAncestorsURL); +} + function isFacebookURL (url) { const parsedUrl = new URL(url); for (let facebookHostRE of facebookHostREs) { @@ -507,12 +517,13 @@ async function blockFacebookSubResources (requestDetails) { const urlIsFacebook = isFacebookURL(requestDetails.url); const originUrlIsFacebook = isFacebookURL(requestDetails.originUrl); + const frameAncestorUrlIsFacebook = getFrameAncestorsURLAndCheckIfFacebook(requestDetails.frameAncestors); if (!urlIsFacebook) { return {}; } - if (originUrlIsFacebook) { + if (originUrlIsFacebook || frameAncestorUrlIsFacebook) { const message = {msg: "facebook-domain"}; // Send the message to the content_script browser.tabs.sendMessage(requestDetails.tabId, message); From 98d6ab180333f8fe68ab368cef85f7d43fb4a1c8 Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Wed, 16 Sep 2020 23:20:58 -0500 Subject: [PATCH 2/5] Revise logic to only allow frameAncestor requests through if they originate from apps.facebook.com --- src/background.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/background.js b/src/background.js index d57377bc..18dc7c61 100644 --- a/src/background.js +++ b/src/background.js @@ -295,7 +295,14 @@ function getFrameAncestorsURLAndCheckIfFacebook(frameAncestorsArray) { return false; } + const appsFacebookURL = "https://apps.facebook.com"; const frameAncestorsURL = frameAncestorsArray[0].url; + + if (!frameAncestorsURL.startsWith(appsFacebookURL)) { + // Only allow frame ancestors that originate from apps.facebook.com + return false; + } + return isFacebookURL(frameAncestorsURL); } From 95e594ea6312a72aaaab1718d5963513e75fa77d Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Wed, 16 Sep 2020 23:22:54 -0500 Subject: [PATCH 3/5] Return function after each URL Co-authored-by: luke crouch --- src/background.js | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/background.js b/src/background.js index 18dc7c61..6d378c34 100644 --- a/src/background.js +++ b/src/background.js @@ -523,14 +523,23 @@ async function blockFacebookSubResources (requestDetails) { } const urlIsFacebook = isFacebookURL(requestDetails.url); + // If this request isn't going to Facebook, let's return {} ASAP + if (!urlIsFacebook) { + return {}; + } + const originUrlIsFacebook = isFacebookURL(requestDetails.originUrl); - const frameAncestorUrlIsFacebook = getFrameAncestorsURLAndCheckIfFacebook(requestDetails.frameAncestors); - if (!urlIsFacebook) { + if (originUrlIsFacebook) { + const message = {msg: "facebook-domain"}; + // Send the message to the content_script + browser.tabs.sendMessage(requestDetails.tabId, message); return {}; } - if (originUrlIsFacebook || frameAncestorUrlIsFacebook) { + const frameAncestorUrlIsFacebook = getFrameAncestorsURLAndCheckIfFacebook(requestDetails.frameAncestors); + + if (frameAncestorUrlIsFacebook) { const message = {msg: "facebook-domain"}; // Send the message to the content_script browser.tabs.sendMessage(requestDetails.tabId, message); From cfbe23500521ccba6b34e05ef2e7970c5a5baac7 Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Tue, 22 Sep 2020 09:35:44 -0500 Subject: [PATCH 4/5] Removed isFacebook URL check as it wasn't necessary, revised function name to be more descriptive --- src/background.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/background.js b/src/background.js index 6d378c34..3c0133c5 100644 --- a/src/background.js +++ b/src/background.js @@ -289,7 +289,7 @@ function getRootDomain(url) { } -function getFrameAncestorsURLAndCheckIfFacebook(frameAncestorsArray) { +function topFrameUrlIsFacebookApps(frameAncestorsArray) { if (!frameAncestorsArray || frameAncestorsArray.length === 0) { // No frame ancestor return false return false; @@ -303,7 +303,7 @@ function getFrameAncestorsURLAndCheckIfFacebook(frameAncestorsArray) { return false; } - return isFacebookURL(frameAncestorsURL); + return frameAncestorsURL; } function isFacebookURL (url) { @@ -537,9 +537,9 @@ async function blockFacebookSubResources (requestDetails) { return {}; } - const frameAncestorUrlIsFacebook = getFrameAncestorsURLAndCheckIfFacebook(requestDetails.frameAncestors); + const frameAncestorUrlIsFacebookApps = topFrameUrlIsFacebookApps(requestDetails.frameAncestors); - if (frameAncestorUrlIsFacebook) { + if (frameAncestorUrlIsFacebookApps) { const message = {msg: "facebook-domain"}; // Send the message to the content_script browser.tabs.sendMessage(requestDetails.tabId, message); From b226ec0116105ebb347d73656c2484fbd113069c Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Tue, 22 Sep 2020 09:36:38 -0500 Subject: [PATCH 5/5] Updated package/manifest version for new release --- package.json | 2 +- src/manifest.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 736a7125..103ebbf8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "contain-facebook", - "version": "2.1.1", + "version": "2.2.0", "description": "Facebook Container isolates your Facebook activity from the rest of your web activity in order to prevent Facebook from tracking you outside of the Facebook website via third party cookies. ", "main": "background.js", "scripts": { diff --git a/src/manifest.json b/src/manifest.json index 9ca70eb4..5d7ed62f 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -1,7 +1,7 @@ { "manifest_version": 2, "name": "Facebook Container", - "version": "2.1.1", + "version": "2.2.0", "incognito": "not_allowed",