How to deal with ajax.googleapis.com? #267

Open
jsamuel opened this Issue Dec 22, 2011 · 5 comments

Comments

Projects
None yet
5 participants
@jsamuel
Owner

jsamuel commented Dec 22, 2011

imported trac ticket
created: 2011-10-04 22:15:41
reporter: shabbyrobe

Many sites depend on jQuery served by google. Can a separate tab be added to requestpolicy to allow resources like this to be loaded from an alternative place? For e.g. I could host my own version of jQuery and point http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js there instead.

I don't know that this is necessarily the solution (hence the vague ticket name, sorry about that), but RequestPolicy breaks websites left right and centre without ajax.googleapis.com whitelisted everywhere and then pow, they're tracking me again whether I like it or not.

I only installed RequestPolicy an hour ago and I'm already seeing three of my most visited websites (stackoverflow, slashdot and reddit) breaking.

@EgbertW

This comment has been minimized.

Show comment Hide comment
@EgbertW

EgbertW Feb 29, 2012

It would be nice to have some built in way to do this. Currently, I'm redirecting ajax.googleapis.com to my own local webserver which is serving the requests for jquery etc, but it would be nice to have RequestPolicy take care of this.

EgbertW commented Feb 29, 2012

It would be nice to have some built in way to do this. Currently, I'm redirecting ajax.googleapis.com to my own local webserver which is serving the requests for jquery etc, but it would be nice to have RequestPolicy take care of this.

@tpo

This comment has been minimized.

Show comment Hide comment
@tpo

tpo Apr 15, 2013

When you get your *.js files from googleapis.com or similar, then - as far as I understand - google will only see:

  • your cookie if it asks for it
  • your IP
  • the browser string
  • the referrer

you can take care of cookies with CookieMonster or similar, by disallowing googleapis to set them, the browser string I don't know, but I guess there's an extension for that too, and you can disallow sending the referrer to google with RefControl.

That leaves google with your IP address which is not terribly telling. They will know that this IP, which they'll possibly correlate with your profile, is online and that's it.

I'm not saying that it this makes you invisible, but it reduces the damage somewhat.

I agree that I'd be very nice if RequestPolicy could let the browser cache jquery once and then "never again" let the browser access googleapis to get that same JS file.
*t

tpo commented Apr 15, 2013

When you get your *.js files from googleapis.com or similar, then - as far as I understand - google will only see:

  • your cookie if it asks for it
  • your IP
  • the browser string
  • the referrer

you can take care of cookies with CookieMonster or similar, by disallowing googleapis to set them, the browser string I don't know, but I guess there's an extension for that too, and you can disallow sending the referrer to google with RefControl.

That leaves google with your IP address which is not terribly telling. They will know that this IP, which they'll possibly correlate with your profile, is online and that's it.

I'm not saying that it this makes you invisible, but it reduces the damage somewhat.

I agree that I'd be very nice if RequestPolicy could let the browser cache jquery once and then "never again" let the browser access googleapis to get that same JS file.
*t

@sp00n

This comment has been minimized.

Show comment Hide comment
@sp00n

sp00n Jul 18, 2013

If you're really worried about Google, theoretically you could edit your hosts file to redirect ajax.googleapis.com to some other IP where you host the relevant JavaScript files yourself. Can even be 127.0.0.1, but as you cannot change the query path, you need to have at least some sort of web server running.

sp00n commented Jul 18, 2013

If you're really worried about Google, theoretically you could edit your hosts file to redirect ajax.googleapis.com to some other IP where you host the relevant JavaScript files yourself. Can even be 127.0.0.1, but as you cannot change the query path, you need to have at least some sort of web server running.

@asymmetric

This comment has been minimized.

Show comment Hide comment
@asymmetric

asymmetric Dec 3, 2013

Take a look at this project, it aims at running a local mirror of ajax.googleapis.com.

It was thought to be run on OS X but should work with minimal configuration on other *nixes too.

Take a look at this project, it aims at running a local mirror of ajax.googleapis.com.

It was thought to be run on OS X but should work with minimal configuration on other *nixes too.

@tpo

This comment has been minimized.

Show comment Hide comment
@tpo

tpo Dec 7, 2013

On Tue, 3 Dec 2013, Lorenzo Manacorda wrote:

Take a look at this project, it aims at running a local mirror of ajax.googleapis.com.

It was thought to be run on OS X but should work with minimal configuration on other *nixes too.

Thanks, I'll check it out.
*t

tpo commented Dec 7, 2013

On Tue, 3 Dec 2013, Lorenzo Manacorda wrote:

Take a look at this project, it aims at running a local mirror of ajax.googleapis.com.

It was thought to be run on OS X but should work with minimal configuration on other *nixes too.

Thanks, I'll check it out.
*t

@msxfm msxfm referenced this issue in RequestPolicyContinued/requestpolicy Jul 7, 2014

Closed

How to deal with ajax.googleapis.com? #267

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment