A DNR rule with lower priority is being applied before a DNR rule of higher priority on Safari. Specifically, a low-priority DNR block rule that matches a request is being applied before a high-priority DNR redirect rule that matches the same request, preventing the redirect from occurring. The only way to get the high-priority redirect rule to occur is to remove the DNR block rule. This does not occur on other browsers.
I have already submitted a Feedback Assistant report about this bug: FB16535579
How to reproduce:
- Create/install a web extension on Safari with the declarativeNetRequest and declarativeNetRequestWithHostAccess permissions
- Open the Web Extension Background Content console and add a redirect rule with a high priority number. For example:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
{id: 5000, condition: {urlFilter: "||www.google-analytics.com*/ga.js", resourceTypes: ["script"], domainType: "thirdParty"}, priority: 80, action: {type: "redirect", redirect: {url: “http://www.apple.com/”}}}
]})
- Add a block rule of lower priority for the same urlFilter:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
{id: 5001, condition: {urlFilter: "||www.google-analytics.com^", domainType: "thirdParty"}, priority: 1, action: {type: "block"}}
]})
- Visit https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html
- Check the network tab and see that neither a request to Google Analytics nor apple.com appear. This means that the request to Google Analytics was blocked instead of being / before being redirected
- Remove the block rule:
await chrome.declarativeNetRequest.updateDynamicRules({removeRuleIds: [5001]})
- Reload https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html.
- Check the network tab and confirm that there is a request to apple.com, showing that the redirect rule is only applied if the lower-priority block rule is removed. The priority of the DNR rules should handle this without having to remove a DNR rule.
I have confirmed that the incorrect application of DNR rule priority happens on other top level domains, with other urlFilters, and with other redirect URLs. I confirmed that this is happening while I’ve granted my extension permissions on all websites.