Rule list context menu doesn't get cleared for new https urls
Due to the fact that we don't listen to https url events for onBeforeRequest, we do not have a way to clear stale rules from the url bar when the user manually navigates to a new URL (for example, visits "eff.org" and then types in "https://encrypted.google.com" the eff rules will remain displayed on the Google page). We don't want to listen to blocking https onBeforeRequest events because this would impede performance.
This bug is way more tricky than it seems. There are several possible solutions. I've tried the following four, and none of them really have worked out so far.
- Listen to onBeforeRequest async for https (https://code.google.com/chrome/extensions/trunk/experimental.webRequest.html#event-onBeforeRequest)
I tried purging the rules whenever we had a details.type == "main_frame" and an https scheme in the async handler, but this causes premature rule clearing for redirects unless you also listen to onBeforeRedirect. If you do listen to onBeforeRedirect, it still fails on JS redirects. eff.org has a JS redirect to www.eff.org.
- Listen to tabs.onUpdated async (https://code.google.com/chrome/extensions/tabs.html#event-onUpdated)
Had similar issues to #1, with some additional event ordering problems.
- Track rule destination urls used for each tab
In desperation, I even tried tracking the destination URL from our url engine for each tab, with the intention of clearing the list if the current URL differed from the last rule url.
However, I was again defeated by the inability to detect JS redirects.
- Listen to WebNavigation.onCommitted for details.transitionType == "typed" and possibly also "link" (https://code.google.com/chrome/extensions/trunk/webNavigation.html#event-onCommitted)
This was the most promising, because we could use it to clear the rule sets when we detected a user-driven navigation to a new https url.
However, transitionType == "typed" is still set for redirects that happen after a typed URL (and possibly for all JS redirects). This seems like an API bug to me. Should we file one?
It seems like we might be left with just adding some heuristics to option 3 only clear the rules if the domain smells different enough?