LCF-AT Posted October 16, 2021 Share Posted October 16, 2021 Hi guys, I'am a fan of using that uBO extension for my browsers for years and its really a very good one which has tons of features.So in my case I would say I'am a Newbie+ user but I would like to use that extension more in a advanced way and I have some diffrent questions I would like to ask to you who are maybe more advanced as I'am.Otherwise lets use this topic to ask all about uBO & filter stuff questions etc.Below 3 links of basic filter syntax & Resources-Library. https://github.com/gorhill/uBlock/wiki/Static-filter-syntax https://github.com/DandelionSprout/adfilt/blob/master/Wiki/SyntaxMeaningsThatAreActuallyHumanReadable.md https://github.com/gorhill/uBlock/wiki/Resources-Library I'am using uBO to prevent ADS / AndiADS-Blocker / Tracking etc.All stuff nobody needs and wants to see or deal with in best case ("Clean is Beautiful"). Some people will say "HeyHo but we need to run ADS'n stuff to make some little money etc" but this I will not accept for hardcore ADS warrior where pages are paved with ADS & Popups & websockets & other BS you know. Question: How to get started to analyze what requests a webpage does / does nothing what has to do with the main webpage content itself (ADS/TRACKING/ETC)?Normaly I can check the requests in browser console to see what it is / comming from but of course not all is maked as ADS or Track etc.Just would like to know how you do it & analyse the whole request content.What are you looking for to find all unnecessary dung you want to clean out?Would be nice if you could tell me/us/all how you do manage that. What is CSP (Content-Security-Policy) / How to find it and use it?So in the filterlists of uBO I can find some filters using that "csp" command to prevet/set rules.I'am still unsure about that filter so till now I could not found some CSP anyhow.If I check this right then CSP is in the response header to find if pages who using it.In the uBO filterlist I found for example this one. ! https://github.com/uBlockOrigin/uAssets/issues/2951 game-dna.de##+js(acis, document.getElementById, TVGuideUd) ||game-dna.de^$csp=worker-src 'none' https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy The filter above sais "Won't allow loading of any resources" with paramter 'none'.Now when I disable uBO and check the network tab then I can't find any info about any workers in any response header of main page or other loaded pages.Where to find it?The only info about service worker I can see into console tab (uBO disabled). Registrieren/aktualisieren eines ServiceWorker für Gültigkeitsbereich 'https://game-dna.de/' ist fehlgeschlagen: Es besteht in diesem Kontext nur eingeschränkter Zugriff auf Storage, entweder durch Benutzereinstellungen oder den Privaten Modus. Now if I enable that filter / uBO then I get this... Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf https://game-dna.de/sw.js blockiert ("worker-src"). What does it mean / diffrent?In both cases there wasn't logged any script called sw.js.Why?Somehow I don't check this filter yet (how to find / use it). So another CSP filter I found is that one.."script-src" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src ||uppit.com^$csp=script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googletagservices.com *.google-analytics.com If I use this filter above then there getting 2 URLs blocked with the info CSP in network tab... ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js googletagmanager.com/gtag/js ...in this case I just allow script requests from own host & the URLs set at data sheme.My question in this case is whats the diffrent to using just a direct block filter?Also not pretty sure how I have to understand this filter you know. Another filters I don't check yet & how to use them are those..."no-fetch-if.js / no-xhr-if.js".The examples showing this... https://github.com/gorhill/uBlock/wiki/Resources-Library#no-fetch-ifjs- https://github.com/gorhill/uBlock/wiki/Resources-Library#no-xhr-ifjs- Examples: example.com##+js(no-fetch-if, method:HEAD) example.com##+js(no-fetch-if, adsbygoogle.js) example.com##+js(no-fetch-if, adsbygoogle.js method:HEAD) example.com##+js(no-fetch-if, /adsbygoogle.js$/ method:/HEAD|POST/) Examples: example.com##+js(no-xhr-if, method:HEAD) example.com##+js(no-xhr-if, adsbygoogle.js) example.com##+js(no-xhr-if, adsbygoogle.js method:HEAD) example.com##+js(no-xhr-if, /adsbygoogle.js$/ method:/HEAD|POST/) I found some of them in uBO filterlists but could not check/verify that on fly.So what does this filter mean exactly?The description sais it does Defuses calls to fetch() (function right?) which are found / executed in any JS file / html code?Also not sure about that so maybe anyone of you could explain that to me/us + having a example page to test it anyhow to see the action.Thank you. greetz Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now