Same site query filter

[fmarier]

Resolves brave/brave-browser#9020

Submitter Checklist:

• Submitted a ticket for my issue if one did not already exist.
• Used Github auto-closing keywords in the commit message.
• Added/updated tests for this change (for new code or code which already has tests).
• Verified that these changes build without errors on
  • Android
  • iOS
  • Linux
  • macOS
  • Windows
• Verified that these changes pass automated tests (unit, browser, security tests) on
  • iOS
  • Linux
  • macOS
  • Windows
• Verified that all lint errors/warnings are resolved (npm run lint)
• Ran git rebase master (if needed).
• Ran git rebase -i to squash commits (if needed).
• Tagged reviewers and labelled the pull request as needed.
• Request a security/privacy review as needed.
• Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone
• Public documentation has been updated as necessary. For instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-compatibility-issues-with-tracking-protection
  • https://github.com/brave/brave-browser/wiki/QA-Guide

Test Plan:

All of the test cases on https://fmarier.github.io/brave-testing/query-filter.html should work as described on there.

Reviewer Checklist:

• New files have MPL-2.0 license header.
• Request a security/privacy review as needed.
• Adequate test coverage exists to prevent regressions
• Verify test plan is specified in PR before merging to source

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on.
• All relevant documentation has been updated.

[iefremov]

isn't ctx->internal_redirect always false if we have good redirect_source?

[fmarier]

No, because we generate 307s as a result of the query filter for example. If we don't filter those out here, we end up looking at these requests twice.

[iefremov]

I mean that redirect_source is set to a non-empty value only if ctx->internal_redirect is false, and it seems that ctx->internal_redirect cannot change to true afterwards without changing ctx->redirect_source. This way, if ctx->redirect_source is non-empty, ctx->internal_redirect should be false
Am I wrong?

[fmarier]

I believe you're right, as long as we keep these in sync.

[iefremov]

curious why do we need this?

[fmarier]

That's to simulate a navigation, as opposed to a redirect. Another way I could have done this would have been to include a link and then inject JS to click the link programmatically.

[iefremov]

100ms is pretty noticeable dealy even for browsertests, so I'd suggest to change if we can avoid it

[iefremov]

LGTM with small nits. I'll rebase my #6674 on top of this one after it gets merged

[iefremov]

maybe we also can shorten the code by chosing something like source_url conditionally?

if (...) {source_url = ctx->redirect_source;}
else if (...) {source_url = ctx->initiator_url;}

if (net::registry_controlled_domains::SameDomainOrHost(source_url, ctx->request_url, ...) {
  return;
}

[fmarier]

I updated the documentation on the wiki: https://github.com/brave/brave-browser/wiki/Query-String-Filter/_compare/ac55a85c8e44c91e16bdbe5fb2a82ceab1af271c...9ea0443624df53f34b0265568ee2c82f8c4e6acf

[fmarier]

For some reason, GitHub didn't show me your comments and only showed me your approval (I found out catching up on emails). Sorry for merging without addressing these first.