From cb9125026592d9f17ab6b800a2b2463ddd0913ba Mon Sep 17 00:00:00 2001
From: Jacob Sikorski <jacob.sikorski@gmail.com>
Date: Mon, 16 Oct 2023 16:24:46 -0600
Subject: [PATCH] Fix 3rd party check for request blocking

---
 .../Brave/WebFilters/AdblockRustEngine.swift  | 12 +++---
 .../CachedAdBlockEngineTests.swift            | 41 +++++++++++++++++++
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/Sources/Brave/WebFilters/AdblockRustEngine.swift b/Sources/Brave/WebFilters/AdblockRustEngine.swift
index e488593df21..803aac3c67e 100644
--- a/Sources/Brave/WebFilters/AdblockRustEngine.swift
+++ b/Sources/Brave/WebFilters/AdblockRustEngine.swift
@@ -25,15 +25,17 @@ extension AdblockEngine {
       return false
     }
     
+    guard let requestDomain = requestURL.baseDomain, let sourceDomain = sourceURL.baseDomain else {
+      return false
+    }
+    
     guard let requestHost = requestURL.host, let sourceHost = sourceURL.host else {
       return false
     }
     
-    // Normally we should check the etld+1.
-    // However for network filtering we use content blockers
-    // which unfortunately uses a host comparison.
-    // So this is what we simulate here
-    let isThirdParty = requestHost != sourceHost
+    // The content blocker rule for third party is the following:
+    // "third-party triggers if the resource isn’t from the same domain as the main page resource"
+    let isThirdParty = requestDomain != sourceDomain
     
     if !isAggressive {
       // If we have standard mode for this engine,
diff --git a/Tests/ClientTests/Web Filters/CachedAdBlockEngineTests.swift b/Tests/ClientTests/Web Filters/CachedAdBlockEngineTests.swift
index ddde3cd15c5..c4657bc375e 100644
--- a/Tests/ClientTests/Web Filters/CachedAdBlockEngineTests.swift	
+++ b/Tests/ClientTests/Web Filters/CachedAdBlockEngineTests.swift	
@@ -9,6 +9,47 @@ import Data
 @testable import Brave
 
 final class CachedAdBlockEngineTests: XCTestCase {
+  func test3rdPartyCheck() throws {
+    let engine = try AdblockEngine(rules: [
+      "||brave.com/path",
+      "||brave.com/other-path",
+      "@@||brave.com/path$~third-party"
+    ].joined(separator: "\n"))
+    
+    XCTAssertFalse(
+      engine.shouldBlock(
+        requestURL: URL(string: "https://subdomain.brave.com/path")!,
+        sourceURL: URL(string: "https://brave.com")!, resourceType: .xmlhttprequest,
+        isAggressive: false
+      ),
+      "We should not be blocking requests in the same domain on standard mode, regardless of the rules"
+    )
+    XCTAssertFalse(
+      engine.shouldBlock(
+        requestURL: URL(string: "https://subdomain.brave.com/path")!,
+        sourceURL: URL(string: "https://brave.com")!, resourceType: .xmlhttprequest,
+        isAggressive: true
+      ),
+      "We should not be blocking this request even on aggressive mode because of the exception rule"
+    )
+    XCTAssertFalse(
+      engine.shouldBlock(
+        requestURL: URL(string: "https://subdomain.brave.com/other-path")!,
+        sourceURL: URL(string: "https://brave.com")!, resourceType: .xmlhttprequest,
+        isAggressive: false
+      ),
+      "We should not be blocking requests in the same domain on standard mode, regardless of the rules"
+    )
+    XCTAssertTrue(
+      engine.shouldBlock(
+        requestURL: URL(string: "https://subdomain.brave.com/other-path")!,
+        sourceURL: URL(string: "https://brave.com")!, resourceType: .xmlhttprequest,
+        isAggressive: true
+      ),
+      "We should be blocking this request on aggressive mode because of the blocking rule without an exception"
+    )
+  }
+  
   func testEngineMemoryManagment() throws {
     AdblockEngine.setDomainResolver()
     var engine: AdblockEngine? = AdblockEngine()