Priority of Declarative Net Request rules not respected on Safari

A DNR rule with lower priority is being applied before a DNR rule of higher priority on Safari. Specifically, a low-priority DNR block rule that matches a request is being applied before a high-priority DNR redirect rule that matches the same request, preventing the redirect from occurring. The only way to get the high-priority redirect rule to occur is to remove the DNR block rule. This does not occur on other browsers.

I have already submitted a Feedback Assistant report about this bug: FB16535579

How to reproduce:

  • Create/install a web extension on Safari with the declarativeNetRequest and declarativeNetRequestWithHostAccess permissions
  • Open the Web Extension Background Content console and add a redirect rule with a high priority number. For example:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
    {id: 5000, condition: {urlFilter: "||www.google-analytics.com*/ga.js", resourceTypes: ["script"], domainType: "thirdParty"}, priority: 80, action: {type: "redirect", redirect: {url: “http://www.apple.com/”}}}
]})
  • Add a block rule of lower priority for the same urlFilter:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
    {id: 5001, condition: {urlFilter: "||www.google-analytics.com^", domainType: "thirdParty"}, priority: 1, action: {type: "block"}}
]})
  • Visit https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html
  • Check the network tab and see that neither a request to Google Analytics nor apple.com appear. This means that the request to Google Analytics was blocked instead of being / before being redirected
  • Remove the block rule:
await chrome.declarativeNetRequest.updateDynamicRules({removeRuleIds: [5001]})
  • Reload https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html.
  • Check the network tab and confirm that there is a request to apple.com, showing that the redirect rule is only applied if the lower-priority block rule is removed. The priority of the DNR rules should handle this without having to remove a DNR rule.

I have confirmed that the incorrect application of DNR rule priority happens on other top level domains, with other urlFilters, and with other redirect URLs. I confirmed that this is happening while I’ve granted my extension permissions on all websites.

I created a simple demo extension to demonstrate this bug: https://github.com/lenacohen/Safari-Test-Extensions/tree/main/dnr-redirect-block-priority

The DNR rules can be found here: https://github.com/lenacohen/Safari-Test-Extensions/blob/main/dnr-redirect-block-priority/DNR%20Test%20Extension/Resources/background.js

The mock extension is designed to be tested here: https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html

Priority of Declarative Net Request rules not respected on Safari
 
 
Q