use main frame url for webrequest first party url

fix #4137

auditors: @bridiver

app/adBlock.js

@@ -28,7 +28,7 @@ const whitelistHosts = ['disqus.com', 'a.disquscdn.com']
 
 const startAdBlocking = (adblock, resourceName, shouldCheckMainFrame) => {
   Filtering.registerBeforeRequestFilteringCB((details) => {
-    const firstPartyUrl = URL.parse(details.firstPartyUrl)
+    const firstPartyUrl = URL.parse(Filtering.getMainFrameUrl(details))
     let firstPartyUrlHost = firstPartyUrl.hostname || ''
     const urlHost = URL.parse(details.url).hostname
     const cancel = firstPartyUrl.protocol &&

app/filtering.js

@@ -8,6 +8,7 @@ const messages = require('../js/constants/messages')
 const electron = require('electron')
 const session = electron.session
 const BrowserWindow = electron.BrowserWindow
+const webContents = electron.webContents
 const AppStore = require('../js/stores/appStore')
 const appActions = require('../js/actions/appActions')
 const appConfig = require('../js/constants/appConfig')
@@ -81,12 +82,13 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
  */
 function registerForBeforeRequest (session) {
   session.webRequest.onBeforeRequest((details, cb) => {
-    // Using an electron binary which isn't from Brave
-    if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) {
+    if (shouldIgnoreUrl(details.url)) {
       cb({})
       return
     }
 
+    const firstPartyUrl = module.exports.getMainFrameUrl(details)
+
     if (appUrlUtil.isTargetAboutUrl(details.url)) {
       if (process.env.NODE_ENV === 'development' && !details.url.match(/devServerPort/)) {
         // add webpack dev server port
@@ -106,7 +108,7 @@ function registerForBeforeRequest (session) {
       const isHttpsEverywhere = results.resourceName === appConfig.resourceNames.HTTPS_EVERYWHERE
       const isTracker = results.resourceName === appConfig.resourceNames.TRACKING_PROTECTION
 
-      if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) {
+      if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) {
         continue
       }
       if (results.cancel) {
@@ -171,7 +173,7 @@ function registerForBeforeRedirect (session) {
   // Note that onBeforeRedirect listener doesn't take a callback
   session.webRequest.onBeforeRedirect(function (details) {
     // Using an electron binary which isn't from Brave
-    if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) {
+    if (shouldIgnoreUrl(details.url)) {
       return
     }
     for (let i = 0; i < beforeRedirectFilteringFns.length; i++) {
@@ -197,7 +199,7 @@ function registerForBeforeSendHeaders (session) {
 
   session.webRequest.onBeforeSendHeaders(function (details, cb) {
     // Using an electron binary which isn't from Brave
-    if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) {
+    if (shouldIgnoreUrl(details.url)) {
       cb({})
       return
     }
@@ -217,9 +219,11 @@ function registerForBeforeSendHeaders (session) {
       requestHeaders['User-Agent'] = spoofedUserAgent
     }
 
+    const firstPartyUrl = module.exports.getMainFrameUrl(details)
+
     for (let i = 0; i < beforeSendHeadersFilteringFns.length; i++) {
       let results = beforeSendHeadersFilteringFns[i](details)
-      if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) {
+      if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) {
         continue
       }
       if (results.cancel) {
@@ -231,12 +235,12 @@ function registerForBeforeSendHeaders (session) {
       }
     }
 
-    if (module.exports.isResourceEnabled(appConfig.resourceNames.COOKIEBLOCK, details.firstPartyUrl)) {
-      if (module.exports.isThirdPartyHost(urlParse(details.firstPartyUrl || '').hostname,
+    if (module.exports.isResourceEnabled(appConfig.resourceNames.COOKIEBLOCK, firstPartyUrl)) {
+      if (module.exports.isThirdPartyHost(urlParse(firstPartyUrl || '').hostname,
                                           parsedUrl.hostname)) {
         // Clear cookie and referer on third-party requests
         if (requestHeaders['Cookie'] &&
-            getOrigin(details.firstPartyUrl) !== pdfjsOrigin) {
+            getOrigin(firstPartyUrl) !== pdfjsOrigin) {
           requestHeaders['Cookie'] = undefined
         }
         if (requestHeaders['Referer'] &&
@@ -262,13 +266,14 @@ function registerForHeadersReceived (session) {
   // Note that onBeforeRedirect listener doesn't take a callback
   session.webRequest.onHeadersReceived(function (details, cb) {
     // Using an electron binary which isn't from Brave
-    if (!details.firstPartyUrl || shouldIgnoreUrl(details.url)) {
+    if (shouldIgnoreUrl(details.url)) {
       cb({})
       return
     }
+    const firstPartyUrl = module.exports.getMainFrameUrl(details)
     for (let i = 0; i < headersReceivedFilteringFns.length; i++) {
       let results = headersReceivedFilteringFns[i](details)
-      if (!module.exports.isResourceEnabled(results.resourceName, details.firstPartyUrl)) {
+      if (!module.exports.isResourceEnabled(results.resourceName, firstPartyUrl)) {
         continue
       }
       if (results.responseHeaders) {
@@ -693,3 +698,18 @@ module.exports.clearAutofillData = () => {
     ses.autofill.clearAutofillData()
   }
 }
+
+module.exports.getMainFrameUrl = (details) => {
+  if (details.resourceType === 'mainFrame') {
+    return details.url
+  }
+  const tabId = details.tabId
+  const wc = webContents.getAllWebContents()
+  if (wc && tabId) {
+    const content = wc.find((item) => item.getId() === tabId)
+    if (content) {
+      return content.getURL()
+    }
+  }
+  return null
+}

app/httpsEverywhere.js

@@ -114,7 +114,8 @@ function startHttpsEverywhere () {
 
 function onBeforeHTTPRequest (details) {
   let result = { resourceName: module.exports.resourceName }
-  if (!Filtering.isResourceEnabled(module.exports.resourceName, details.firstPartyUrl)) {
+  if (!Filtering.isResourceEnabled(module.exports.resourceName,
+    Filtering.getMainFrameUrl(details))) {
     return result
   }
   // Ignore URLs that are not HTTP
@@ -136,7 +137,8 @@ function onBeforeHTTPRequest (details) {
 }
 
 function onBeforeRedirect (details) {
-  if (!Filtering.isResourceEnabled(module.exports.resourceName, details.firstPartyUrl)) {
+  if (!Filtering.isResourceEnabled(module.exports.resourceName,
+    Filtering.getMainFrameUrl(details))) {
     return
   }
 

app/siteHacks.js

@@ -42,10 +42,11 @@ module.exports.init = () => {
 
     let redirectURL
     let cancel
+    const firstPartyUrl = Filtering.getMainFrameUrl(details)
     if (hack && hack.onBeforeRequest &&
         (hack.enableForAll ||
-         hack.enableForAdblock && Filtering.isResourceEnabled(appConfig.resourceNames.ADBLOCK, details.firstPartyUrl) ||
-         hack.enableForTrackingProtection && Filtering.isResourceEnabled(appConfig.resourceNames.TRACKING_PROTECTION, details.firstPartyUrl))) {
+         hack.enableForAdblock && Filtering.isResourceEnabled(appConfig.resourceNames.ADBLOCK, firstPartyUrl) ||
+         hack.enableForTrackingProtection && Filtering.isResourceEnabled(appConfig.resourceNames.TRACKING_PROTECTION, firstPartyUrl))) {
       const result = hack.onBeforeRequest.call(this, details)
       if (result && result.redirectURL) {
         redirectURL = result.redirectURL

app/trackingProtection.js

@@ -21,7 +21,7 @@ const whitelistHosts = ['connect.facebook.net', 'connect.facebook.com', 'staticx
 
 const startTrackingProtection = (wnd) => {
   Filtering.registerBeforeRequestFilteringCB((details) => {
-    const firstPartyUrl = URL.parse(details.firstPartyUrl)
+    const firstPartyUrl = URL.parse(Filtering.getMainFrameUrl(details))
     let firstPartyUrlHost = firstPartyUrl.hostname || ''
     if (firstPartyUrlHost.startsWith('www.')) {
       firstPartyUrlHost = firstPartyUrlHost.substring(4)