<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Jun 17, 2015 at 10:31 AM, Sebastian Noack <span dir="ltr"><<a href="mailto:sebastian@adblockplus.org" target="_blank">sebastian@adblockplus.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span>On Mon, Jun 15, 2015 at 5:42 AM, Benjamin Poulain <span dir="ltr"><<a href="mailto:benjamin@webkit.org" target="_blank">benjamin@webkit.org</a>></span> wrote:<br></span><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span><blockquote type="cite"><div dir="ltr">
</div>
</blockquote></span>
Targeting XHR specifically seems very easy to counter to me.
Couldn't one just use the Fetch API or Sockets to work around the
rule?<br></div></blockquote><div><br></div></span><div>I don't think so. Note that with the new content blocking API you cannot run code on request anymore. And even then you probably don't want to repeat requests just to retrieve additional metadata. And even then the response won't tell you in which context the request originally occurred.</div></div></div></div></blockquote><div><br></div><div>Sorry, I just realized what you meant here. (I mistakenly thought you suggested to repeat requests to obtain additional metadata). But yeah, if a page uses the Fetch API, rules checking for XMLHttpRequest wouldn't match, however filters checking for "other" request types should match then. The distinction between XMLHttpRequest and Fetch API doesn't seem to be important. We might merge them into a common type in the future. However, the distinction between these, JavaScript initiated, requests and object (Flash) initiated requests is kinda important for us, as explained in my previous email.</div><div><br></div><div>Sebastian</div></div></div></div>