general discussion #484

Open
myrdd opened this Issue Oct 3, 2014 · 94 comments

Comments

Projects
None yet
@myrdd
Member

myrdd commented Oct 3, 2014

This issue is for general discussion and any kind of short comments or questions. Anything that doesn't need a separate issue can be written here. Off-topic allowed.

@SkySkimmer

This comment has been minimized.

Show comment
Hide comment
@SkySkimmer

SkySkimmer Oct 3, 2014

Contributor

Why is the website in a branch as opposed to a separate repository?

Contributor

SkySkimmer commented Oct 3, 2014

Why is the website in a branch as opposed to a separate repository?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 3, 2014

Member

@SkySkimmer gh-pages is an orphan branch, this means it doesn't share history with another branch. Github makes the content of that branch available on https://requestpolicycontinued.github.io/requestpolicy/. See #445 (comment).

Member

myrdd commented Oct 3, 2014

@SkySkimmer gh-pages is an orphan branch, this means it doesn't share history with another branch. Github makes the content of that branch available on https://requestpolicycontinued.github.io/requestpolicy/. See #445 (comment).

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 4, 2014

Member

FYI: 446e54b

[menu] show numRequests also for origin & otherOrigins

this feature is now complete

also, now the flag will be shown in front of the origin(s) that flag is specific to that origin, so it might be that the "main" origin has no red flag, but an other origin.

There is now a new file: GUILocation.jsm. It contains several classes which are used in menu.js. The "Destination" class has been renamed to "GUIDestination" which is now located in GUILocation.jsm.

A nice possibility to test the display of other origins is Google Image search. Here's an exemplary screenshot:
the menu

Member

myrdd commented Oct 4, 2014

FYI: 446e54b

[menu] show numRequests also for origin & otherOrigins

this feature is now complete

also, now the flag will be shown in front of the origin(s) that flag is specific to that origin, so it might be that the "main" origin has no red flag, but an other origin.

There is now a new file: GUILocation.jsm. It contains several classes which are used in menu.js. The "Destination" class has been renamed to "GUIDestination" which is now located in GUILocation.jsm.

A nice possibility to test the display of other origins is Google Image search. Here's an exemplary screenshot:
the menu

@SkySkimmer

This comment has been minimized.

Show comment
Hide comment
@SkySkimmer

SkySkimmer Oct 4, 2014

Contributor

What does the flag do?

Contributor

SkySkimmer commented Oct 4, 2014

What does the flag do?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 4, 2014

Member

What does the flag do?

it shows red if anything has been blocked for that origin. Suppose you have a rule allowing everything which google.de requests, the flag for google in the above image would turn gray.

Member

myrdd commented Oct 4, 2014

What does the flag do?

it shows red if anything has been blocked for that origin. Suppose you have a rule allowing everything which google.de requests, the flag for google in the above image would turn gray.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Oct 5, 2014

Member

Nice changes @myrdd

@SkySkimmer The idea was to have everything in the same Github repo for portability/accountability/integrity/authentication (code, issues, website, doc, releases one git clone away). You still have to run a backup script for issues, but this should be optional as long as the doc, FAQ, etc. is up-to date. You can use git hooks to do it automatically.

The released XPIs are attached to a git tag, so the committer can add a checksum to the commit for users to verify the integrity of the XPI. Unfortunately the XPIs on github can't be used for public releases (single-click installation not working, addon auto-update etc.) so it's not perfect, but once we have a signed XPI we could host the XPI anywhere (the original sslsites.de proposed by @myrdd would be ok IMHO, as long as the XPI is signed and matches the checksum in github tags).

The only thing still outside the repo is the wiki, and we could add a submodule to it in the main repo (git submodule add https://github.com/RequestPolicyContinued/requestpolicy.wiki.git`), so you'd get it with git clone --recursive.

Member

nodiscc commented Oct 5, 2014

Nice changes @myrdd

@SkySkimmer The idea was to have everything in the same Github repo for portability/accountability/integrity/authentication (code, issues, website, doc, releases one git clone away). You still have to run a backup script for issues, but this should be optional as long as the doc, FAQ, etc. is up-to date. You can use git hooks to do it automatically.

The released XPIs are attached to a git tag, so the committer can add a checksum to the commit for users to verify the integrity of the XPI. Unfortunately the XPIs on github can't be used for public releases (single-click installation not working, addon auto-update etc.) so it's not perfect, but once we have a signed XPI we could host the XPI anywhere (the original sslsites.de proposed by @myrdd would be ok IMHO, as long as the XPI is signed and matches the checksum in github tags).

The only thing still outside the repo is the wiki, and we could add a submodule to it in the main repo (git submodule add https://github.com/RequestPolicyContinued/requestpolicy.wiki.git`), so you'd get it with git clone --recursive.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 5, 2014

Member

once we have a signed XPI we could host the XPI anywhere (…) as long as the XPI is signed and matches the checksum in github tags

How do you mean this? So you would sign the XPI with the CA certificate and with GPG, with the gpg-signed being for github? We could upload the certificate-signed xpi on both places, no?

we could add a submodule to it in the main repo

adding the wiki to the repo sounds interesting – will this be for everyone who clones the main repo? Will the submodule be in all branches or just in one? (ok, master branch would be enough in general – as soon as 1.0 is released we will switch to master again.)

Member

myrdd commented Oct 5, 2014

once we have a signed XPI we could host the XPI anywhere (…) as long as the XPI is signed and matches the checksum in github tags

How do you mean this? So you would sign the XPI with the CA certificate and with GPG, with the gpg-signed being for github? We could upload the certificate-signed xpi on both places, no?

we could add a submodule to it in the main repo

adding the wiki to the repo sounds interesting – will this be for everyone who clones the main repo? Will the submodule be in all branches or just in one? (ok, master branch would be enough in general – as soon as 1.0 is released we will switch to master again.)

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Oct 6, 2014

Member

How do you mean this?

The release process would go like:

  • Changes are made to the source until you think it's releasable (say the latest commit is ed6c435405)
  • You build the XPI and sign it with the CA certificate, then do an sha512sum of it
  • Then git tag -u [gpg-key id] v1.0.0b8 ed6c435405 with the tag message This is release v1.0.0b8 with lot of bugfixes. SHA-512 sum of the attached XPI is eab1851a48ff5a27268ac6e786f3af8188fb23b86e94e16b3db06da819c4d2d82846747530137a97f060486a1a3bc3cde7ef402ef4affd7239d79b04c5947797
  • You create a Github release for the tag and attach the XPI to it.

By then:

  • The GPG signing proves the source has not been tampered with (you signed it)
  • The SHA 512 sum provides integrity verification for the XPI on github (in case someone wants to download it from here, or to check XPIs from other sources against it - this is really the XPI that's built from this tag)
  • The CA signing provides a secure auto-update mechanism when we host the XPI elsewhere (AMO doesn't support signed XPIs?? But we could host it anywhere as long as it's signed and can be checked against the GPG-signed SHA512 sum. For example you originally used https://sslsites.de/requestpolicy.256k.de/ which would be ok)

I hope I made it clear :/ Please tell if something doesn't make sense ...

will this be for everyone who clones the main repo? Will the submodule be in all branches or just in one?

It will be for everyone who uses git clone --recursive or does a git submodule update --init in their copy. Yes it's only in the branch you add the submodule to.

Member

nodiscc commented Oct 6, 2014

How do you mean this?

The release process would go like:

  • Changes are made to the source until you think it's releasable (say the latest commit is ed6c435405)
  • You build the XPI and sign it with the CA certificate, then do an sha512sum of it
  • Then git tag -u [gpg-key id] v1.0.0b8 ed6c435405 with the tag message This is release v1.0.0b8 with lot of bugfixes. SHA-512 sum of the attached XPI is eab1851a48ff5a27268ac6e786f3af8188fb23b86e94e16b3db06da819c4d2d82846747530137a97f060486a1a3bc3cde7ef402ef4affd7239d79b04c5947797
  • You create a Github release for the tag and attach the XPI to it.

By then:

  • The GPG signing proves the source has not been tampered with (you signed it)
  • The SHA 512 sum provides integrity verification for the XPI on github (in case someone wants to download it from here, or to check XPIs from other sources against it - this is really the XPI that's built from this tag)
  • The CA signing provides a secure auto-update mechanism when we host the XPI elsewhere (AMO doesn't support signed XPIs?? But we could host it anywhere as long as it's signed and can be checked against the GPG-signed SHA512 sum. For example you originally used https://sslsites.de/requestpolicy.256k.de/ which would be ok)

I hope I made it clear :/ Please tell if something doesn't make sense ...

will this be for everyone who clones the main repo? Will the submodule be in all branches or just in one?

It will be for everyone who uses git clone --recursive or does a git submodule update --init in their copy. Yes it's only in the branch you add the submodule to.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 6, 2014

Member

Oh, thanks a lot @nodiscc for the detailed explanation. I think this is the way I'll do it. Would you like to see pre-releases signed, too? Well, I guess it's just a few clicks, so I could do it ;)

Yes it's only in the branch you add the submodule to.

alright, so go ahead and do that, if you'd like to @nodiscc :) we can do this either on master or on dev-1.0.

Member

myrdd commented Oct 6, 2014

Oh, thanks a lot @nodiscc for the detailed explanation. I think this is the way I'll do it. Would you like to see pre-releases signed, too? Well, I guess it's just a few clicks, so I could do it ;)

Yes it's only in the branch you add the submodule to.

alright, so go ahead and do that, if you'd like to @nodiscc :) we can do this either on master or on dev-1.0.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Oct 8, 2014

Member

Pull request for the wiki as a submodule at #490, feel free to merge it if it's ok.

Would you like to see pre-releases signed, too?

If you could sign every future tag that has an XPI attached (and add the SHA to the tag message) this would be great! Thanks!

Member

nodiscc commented Oct 8, 2014

Pull request for the wiki as a submodule at #490, feel free to merge it if it's ok.

Would you like to see pre-releases signed, too?

If you could sign every future tag that has an XPI attached (and add the SHA to the tag message) this would be great! Thanks!

@ldgbc

This comment has been minimized.

Show comment
Hide comment
@ldgbc

ldgbc Oct 21, 2014

Found out about an add-on's call "Policeman" (https://addons.mozilla.org/en-US/firefox/addon/policeman) through an "ghacks.net" article. From the look of it, it purpose is similar what NoScript and RequestPolicy, however it look rather new and probably in rapid development, given a year it might be a contestant.

It already is restartless/jetpack, which NoScript is trying to achieve with it next major version, and also one of the "Issue" planned for RequestPolicy.

It also have a few other feature that RequestPolicy planned to have. Anyway, enough diagnosis, I wanted to ask what the contributor of RequestPolicyContinued think of it? It have potential if the developer continue to work on it. Currently is lack the ease of use but offer a strictness that surpass RequestPolicy current state.

From the look of the commit ever since the RequestPolicyContinued started, it seem like "myrdd" does the major of the work. If Policeman become "better", would you consider stop working on RequestPolicy and perhaps contribute to Policeman instead? It would lessen the work that need to be put in this project.

I would type more but this is already too long.

ldgbc commented Oct 21, 2014

Found out about an add-on's call "Policeman" (https://addons.mozilla.org/en-US/firefox/addon/policeman) through an "ghacks.net" article. From the look of it, it purpose is similar what NoScript and RequestPolicy, however it look rather new and probably in rapid development, given a year it might be a contestant.

It already is restartless/jetpack, which NoScript is trying to achieve with it next major version, and also one of the "Issue" planned for RequestPolicy.

It also have a few other feature that RequestPolicy planned to have. Anyway, enough diagnosis, I wanted to ask what the contributor of RequestPolicyContinued think of it? It have potential if the developer continue to work on it. Currently is lack the ease of use but offer a strictness that surpass RequestPolicy current state.

From the look of the commit ever since the RequestPolicyContinued started, it seem like "myrdd" does the major of the work. If Policeman become "better", would you consider stop working on RequestPolicy and perhaps contribute to Policeman instead? It would lessen the work that need to be put in this project.

I would type more but this is already too long.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 21, 2014

Member

hi @ldgbc thanks for your comment, I also stumbled on the ghacks.net article yesterday. I already recognized @futpib's work several months ago as he had made some changes to RequestPolicy (see here). As you can see from the commits there, his first step was to differentiate between different content types, which is also afaik the main feature of policeman.

However, I still don't know the roadmap for policeman, so it would be great to hear @futpib's comment on this. It would be great if the two projects could work together in any form. In fact I already thought about some kind of framework/library which could be used by RP, NoScript etc. but this shouldn't be within the scope of this discussion.

By the way, policeman is mainly written in coffeescript, but as it compiles to javascript, there's absolutely no problem. So working together and being in contact between projects would be great. However, having both RP and policeman could be ok or even good, i.e. it could be possible that @futpib has different plans than RP has, and users might be happy to choose between different addons. Once again, we need to hear what @futpib will say.

PS: By the way, most of the work I've done so far is refactoring. The current internal structure is not good for maintaining. I already did a lot, but there's still a lot more to do. Possibly @futpib started his own addon/rewrite because refactoring is a lot of work (?).

PPS: I'm currently working on restartlessness, and it looks good :) but it's indeed a bigger change.

@ldgbc go ahead and write more about your thoughts :)

Member

myrdd commented Oct 21, 2014

hi @ldgbc thanks for your comment, I also stumbled on the ghacks.net article yesterday. I already recognized @futpib's work several months ago as he had made some changes to RequestPolicy (see here). As you can see from the commits there, his first step was to differentiate between different content types, which is also afaik the main feature of policeman.

However, I still don't know the roadmap for policeman, so it would be great to hear @futpib's comment on this. It would be great if the two projects could work together in any form. In fact I already thought about some kind of framework/library which could be used by RP, NoScript etc. but this shouldn't be within the scope of this discussion.

By the way, policeman is mainly written in coffeescript, but as it compiles to javascript, there's absolutely no problem. So working together and being in contact between projects would be great. However, having both RP and policeman could be ok or even good, i.e. it could be possible that @futpib has different plans than RP has, and users might be happy to choose between different addons. Once again, we need to hear what @futpib will say.

PS: By the way, most of the work I've done so far is refactoring. The current internal structure is not good for maintaining. I already did a lot, but there's still a lot more to do. Possibly @futpib started his own addon/rewrite because refactoring is a lot of work (?).

PPS: I'm currently working on restartlessness, and it looks good :) but it's indeed a bigger change.

@ldgbc go ahead and write more about your thoughts :)

@futpib

This comment has been minimized.

Show comment
Hide comment
@futpib

futpib Oct 21, 2014

Well, honestly, I don't have a definite roadmap (does RP have one?), but the addon is like an improved RP for me, so it will stay fairly similar to it anyhow. I think we can't get around duplicating effort here.

I have tried working on RP, but changes I had in mind were hard (at least for me) to incorporate into existing code base (you guessed it @myrdd ). It's actually more then filtering on content-type, it's a mini-language for writing kind of rules.
On the other hand, RP has a huge user base that is happy with it. It's not like RP is bad or dead or something, so I wouldn't expect people to just leave it.

futpib commented Oct 21, 2014

Well, honestly, I don't have a definite roadmap (does RP have one?), but the addon is like an improved RP for me, so it will stay fairly similar to it anyhow. I think we can't get around duplicating effort here.

I have tried working on RP, but changes I had in mind were hard (at least for me) to incorporate into existing code base (you guessed it @myrdd ). It's actually more then filtering on content-type, it's a mini-language for writing kind of rules.
On the other hand, RP has a huge user base that is happy with it. It's not like RP is bad or dead or something, so I wouldn't expect people to just leave it.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 29, 2014

Member

FYI: I've updated RP's readme and wiki. I think it's a little better structured now.

Now my answer to @futpib

I don't have a definite roadmap (does RP have one?)

It's not written down :) But you could extract it from the issues that exist.

I have tried working on RP, but changes I had in mind were hard (at least for me) to incorporate into existing code base

I agree with you that RP currently is still bad for extending. Nevertheless I would be very pleased if we could merge the two projects again some day or at least share the code basis. As for now, I will continue maintaining RP and refactoring its codebase. You're welcome to join at any time! :)

Member

myrdd commented Oct 29, 2014

FYI: I've updated RP's readme and wiki. I think it's a little better structured now.

Now my answer to @futpib

I don't have a definite roadmap (does RP have one?)

It's not written down :) But you could extract it from the issues that exist.

I have tried working on RP, but changes I had in mind were hard (at least for me) to incorporate into existing code base

I agree with you that RP currently is still bad for extending. Nevertheless I would be very pleased if we could merge the two projects again some day or at least share the code basis. As for now, I will continue maintaining RP and refactoring its codebase. You're welcome to join at any time! :)

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Nov 9, 2014

Member

Version 1.0.beta8 is released. Already installed versions >= 1.0.0b4 will update automatically.

The release provides a SHA-512 sum and the tag itself is signed with a GnuPG key. I've just uploaded the key to a keyserver (hkp://keys.gnupg.net). The key ID is AE78FDFE, the user ID is Martin Kimmerle <dev@256k.de>.

Member

myrdd commented Nov 9, 2014

Version 1.0.beta8 is released. Already installed versions >= 1.0.0b4 will update automatically.

The release provides a SHA-512 sum and the tag itself is signed with a GnuPG key. I've just uploaded the key to a keyserver (hkp://keys.gnupg.net). The key ID is AE78FDFE, the user ID is Martin Kimmerle <dev@256k.de>.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Nov 9, 2014

Member

congrats @myrdd thanks thanks thanks!
What happened to the versioning number schema? 1.0.0b7 -> 1.0.beta8

Member

nodiscc commented Nov 9, 2014

congrats @myrdd thanks thanks thanks!
What happened to the versioning number schema? 1.0.0b7 -> 1.0.beta8

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Nov 9, 2014

Member

What happened to the versioning number schema? 1.0.0b7 -> 1.0.beta8

I wanted to have the word "beta" in the version string. Also I wanted to remove the last zero. Sadly "1.0beta8" was not possible, so it's now 1.0.betaN.

Member

myrdd commented Nov 9, 2014

What happened to the versioning number schema? 1.0.0b7 -> 1.0.beta8

I wanted to have the word "beta" in the version string. Also I wanted to remove the last zero. Sadly "1.0beta8" was not possible, so it's now 1.0.betaN.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Nov 11, 2014

Member

Thank you @myrdd for the very quick release for the fix of #514
I had tracked the problem down to yourpolicy.js but was unable to find what was going on (there are soooo many vars and no comments, and the firefox debugger doesn't seem to work on RP's chrome pages). If you can give some tips later on how to debug it would be nice.

Member

nodiscc commented Nov 11, 2014

Thank you @myrdd for the very quick release for the fix of #514
I had tracked the problem down to yourpolicy.js but was unable to find what was going on (there are soooo many vars and no comments, and the firefox debugger doesn't seem to work on RP's chrome pages). If you can give some tips later on how to debug it would be nice.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Nov 12, 2014

Member

@nodiscc nice to hear you tried to find the problem. Yes, the code could have more comments.

To debug chrome code, you have to use the browser toolbox, see here: https://github.com/RequestPolicyContinued/requestpolicy/wiki/Working-with-the-Source-Code Feel free to extend the wiki or ask questions.

Member

myrdd commented Nov 12, 2014

@nodiscc nice to hear you tried to find the problem. Yes, the code could have more comments.

To debug chrome code, you have to use the browser toolbox, see here: https://github.com/RequestPolicyContinued/requestpolicy/wiki/Working-with-the-Source-Code Feel free to extend the wiki or ask questions.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Nov 25, 2014

Member

FYI, I've changed from Apache Ant to GNU Make.

Now you can also run MozMill tests via make mozmill if you have set up everything correctly.

Member

myrdd commented Nov 25, 2014

FYI, I've changed from Apache Ant to GNU Make.

Now you can also run MozMill tests via make mozmill if you have set up everything correctly.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Nov 26, 2014

Member

My GPG key id is 24D103D6. The fingerprint is BAFE 2502 80B2 8106 7D31 FA01 20EC 53B1 24D1 03D6. The user id is nodiscc <nodiscc@gmail.com>

Member

nodiscc commented Nov 26, 2014

My GPG key id is 24D103D6. The fingerprint is BAFE 2502 80B2 8106 7D31 FA01 20EC 53B1 24D1 03D6. The user id is nodiscc <nodiscc@gmail.com>

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 5, 2014

Member

I did some work on the labels (recolouring). Also I created the page inspection label as I see potential in how RP could provide help to users in the question "Which of those domains need to be allowed/denied?". Maybe there will be some dedicated site inspection mode some time (after 1.0 of course). Maybe that mode could be even integrated into some of Firefox' developer tools (?).

Btw @nodiscc when you work on the issues, please remove a milestone from an issue if you close it as duplicate, wontfix etc. – for example like #141

Member

myrdd commented Dec 5, 2014

I did some work on the labels (recolouring). Also I created the page inspection label as I see potential in how RP could provide help to users in the question "Which of those domains need to be allowed/denied?". Maybe there will be some dedicated site inspection mode some time (after 1.0 of course). Maybe that mode could be even integrated into some of Firefox' developer tools (?).

Btw @nodiscc when you work on the issues, please remove a milestone from an issue if you close it as duplicate, wontfix etc. – for example like #141

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 6, 2014

Member

I've got a question to the community. Currently I've got a quite list of issues on my personal computer which don't exist on github. It includes bugs, features that I'm planning and ToDo's in general (e.g. refactoring). I'm not sure whether I should create an issue for each one of them on github. It would probably be a little more work than managing them on my pc, but on the other hand if it's online you can review it. What do you think?

Btw fyi, in Mozilla's source code repo every commit contains a link to a bug report, but I think that's not necessary for RP.

Member

myrdd commented Dec 6, 2014

I've got a question to the community. Currently I've got a quite list of issues on my personal computer which don't exist on github. It includes bugs, features that I'm planning and ToDo's in general (e.g. refactoring). I'm not sure whether I should create an issue for each one of them on github. It would probably be a little more work than managing them on my pc, but on the other hand if it's online you can review it. What do you think?

Btw fyi, in Mozilla's source code repo every commit contains a link to a bug report, but I think that's not necessary for RP.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Dec 6, 2014

Member

@myrdd you could paste your todo on https://gist.github.com/ and link it from here. gists allow comments and you can update them (they are just git repositories, you'll get a clone URL when you save the gist). And yes it would be interesting.

Ok for removing milestone for wontfix, duplicates, etc.

Member

nodiscc commented Dec 6, 2014

@myrdd you could paste your todo on https://gist.github.com/ and link it from here. gists allow comments and you can update them (they are just git repositories, you'll get a clone URL when you save the gist). And yes it would be interesting.

Ok for removing milestone for wontfix, duplicates, etc.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 6, 2014

Member

That's a really nice idea @nodiscc, a public online scratchpad. :) Btw I'll translate/cleanup everything before creating the gist.

Member

myrdd commented Dec 6, 2014

That's a really nice idea @nodiscc, a public online scratchpad. :) Btw I'll translate/cleanup everything before creating the gist.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 12, 2014

Member

In view of the current situation (Fx36 compatibility) IMHO it's a good time to add "donate" buttons. My idea was to add one button per contributor, meaning that there won't be a common account, but the user needs to decide to whom to donate.

Currently me and @nodiscc are candidates for the donation list, but anyone who seems to do any kind of significant and continuous contribution is welcome to add his/her donation button. What do you think @nodiscc?

Donations have originally been discussed here: RequestPolicy/requestpolicy#407 (comment)

Member

myrdd commented Dec 12, 2014

In view of the current situation (Fx36 compatibility) IMHO it's a good time to add "donate" buttons. My idea was to add one button per contributor, meaning that there won't be a common account, but the user needs to decide to whom to donate.

Currently me and @nodiscc are candidates for the donation list, but anyone who seems to do any kind of significant and continuous contribution is welcome to add his/her donation button. What do you think @nodiscc?

Donations have originally been discussed here: RequestPolicy/requestpolicy#407 (comment)

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Dec 12, 2014

Member

I personnally don't expect donations, but ok. I'd start by adding a "Contribute to RequestPolicy Continued" paragraph in https://requestpolicycontinued.github.io/#about

You can help improving RequestPolicy Continued by testing, reporting bugs, improving code or documentation, or doing a small donation. How to contribute.

CONTRIBUTING.md should contain info on high priority bugs, how to report issues, debug, and donate to each individual contributor. For example you could add a homepage link to your github profile, and post a small text on how to donate specifically to you. This leaves the choice of the donation service to each contributor.

Another option is bug bounties (example). AMO also has a donation nag screen.

From experience don't expect too much from money donations :/

Member

nodiscc commented Dec 12, 2014

I personnally don't expect donations, but ok. I'd start by adding a "Contribute to RequestPolicy Continued" paragraph in https://requestpolicycontinued.github.io/#about

You can help improving RequestPolicy Continued by testing, reporting bugs, improving code or documentation, or doing a small donation. How to contribute.

CONTRIBUTING.md should contain info on high priority bugs, how to report issues, debug, and donate to each individual contributor. For example you could add a homepage link to your github profile, and post a small text on how to donate specifically to you. This leaves the choice of the donation service to each contributor.

Another option is bug bounties (example). AMO also has a donation nag screen.

From experience don't expect too much from money donations :/

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 15, 2014

Member

From experience don't expect too much from money donations :/

No worries, I don't want to earn my living with that :) In fact I'd put donation buttons quite unobstrusively – no big images, not on top of any page, …

I agree on the contributing file, seems to be a de-facto standard. I've opened #542 for this.

IMHO bug bounties are too complicated, at least for the moment. If someone would like a feature being implemented, it's possible to bump a bug with the text +1 and that will be fully respected. A donation containing a comment like „Please resolve issue #{issue_number}“ is possible though.

Member

myrdd commented Dec 15, 2014

From experience don't expect too much from money donations :/

No worries, I don't want to earn my living with that :) In fact I'd put donation buttons quite unobstrusively – no big images, not on top of any page, …

I agree on the contributing file, seems to be a de-facto standard. I've opened #542 for this.

IMHO bug bounties are too complicated, at least for the moment. If someone would like a feature being implemented, it's possible to bump a bug with the text +1 and that will be fully respected. A donation containing a comment like „Please resolve issue #{issue_number}“ is possible though.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Dec 26, 2014

Member

A new open source browser fingerprinting tool: https://github.com/DIVERSIFY-project/amiunique (https://amiunique.org/). More up to date fingerprinting methods than panopticlick, which we link to in the doc, so I figured it might interest someone.

Member

nodiscc commented Dec 26, 2014

A new open source browser fingerprinting tool: https://github.com/DIVERSIFY-project/amiunique (https://amiunique.org/). More up to date fingerprinting methods than panopticlick, which we link to in the doc, so I figured it might interest someone.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 26, 2014

Member

Heya, this looks good! :) They list also some other sites on their faq. For example, I knew http://browserspy.dk already. IMHO panopticlick collects way too few data – much less than what is possible.

Member

myrdd commented Dec 26, 2014

Heya, this looks good! :) They list also some other sites on their faq. For example, I knew http://browserspy.dk already. IMHO panopticlick collects way too few data – much less than what is possible.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Jan 9, 2015

Member

I've read the Disconnect addon (mentioned in #448 (comment)) is now proprietary. I used to recommend/install disconnect for people who couldn't handle RP in default: block, but if we can

  1. get blocklists from Disconnect into RPcontinued subscriptions
  2. Have a simple first run page (#545) proposing default block/allow functionality vs default allow/block trackers modes

this would easily replace disconnect (and maybe ghostery)

Updating the website #445 is still on my list :/

Member

nodiscc commented Jan 9, 2015

I've read the Disconnect addon (mentioned in #448 (comment)) is now proprietary. I used to recommend/install disconnect for people who couldn't handle RP in default: block, but if we can

  1. get blocklists from Disconnect into RPcontinued subscriptions
  2. Have a simple first run page (#545) proposing default block/allow functionality vs default allow/block trackers modes

this would easily replace disconnect (and maybe ghostery)

Updating the website #445 is still on my list :/

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Jan 9, 2015

Member

Disconnect is now proprietary? Hm, too bad! I've also installed it on some machines…

get blocklists from Disconnect into RPcontinued subscriptions

You want to do this? I'm focussing heavily on coding right now. RP 0.5 is marked as unstable with Fx 36, wich will be released in the late February…

Have a simple first run page (#545) proposing default block/allow functionality vs default allow/block trackers modes

Yes, I also consider a good initial setup page as important – however, my idea is to put the decision between default allow vs. default deny prominently into the menu, either in addition or instead of an "initial setup" page.

Updating the website #445 is still on my list :/

No worries, as long as the content of the current website is mostly up to date, I see no problem.

Member

myrdd commented Jan 9, 2015

Disconnect is now proprietary? Hm, too bad! I've also installed it on some machines…

get blocklists from Disconnect into RPcontinued subscriptions

You want to do this? I'm focussing heavily on coding right now. RP 0.5 is marked as unstable with Fx 36, wich will be released in the late February…

Have a simple first run page (#545) proposing default block/allow functionality vs default allow/block trackers modes

Yes, I also consider a good initial setup page as important – however, my idea is to put the decision between default allow vs. default deny prominently into the menu, either in addition or instead of an "initial setup" page.

Updating the website #445 is still on my list :/

No worries, as long as the content of the current website is mostly up to date, I see no problem.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Jan 22, 2015

Member

After looking at µBlock (a lightweight ad blocker), I think it implements some form of "local mirroring" of common js/css/font resources: https://github.com/gorhill/uBlock/blob/master/assets/ublock/mirror-candidates.txt. It seems to have been removed in a recent release though: https://github.com/gorhill/uBlock/releases

This (mirroring resources from common CDNs) was discussed at #267 for RequestPolicy

Member

nodiscc commented Jan 22, 2015

After looking at µBlock (a lightweight ad blocker), I think it implements some form of "local mirroring" of common js/css/font resources: https://github.com/gorhill/uBlock/blob/master/assets/ublock/mirror-candidates.txt. It seems to have been removed in a recent release though: https://github.com/gorhill/uBlock/releases

This (mirroring resources from common CDNs) was discussed at #267 for RequestPolicy

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jun 12, 2015

I just started using RequestPolicyContinued and noticed that the Ctrl+Alt+R key combo is now associated with the extension.

Is this something that I can change?

ghost commented Jun 12, 2015

I just started using RequestPolicyContinued and noticed that the Ctrl+Alt+R key combo is now associated with the extension.

Is this something that I can change?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Jun 12, 2015

Member

Hi @antnythr, that's right. The shortcut is currently not configurable, is that what you want? If yes, check out #616.

Member

myrdd commented Jun 12, 2015

Hi @antnythr, that's right. The shortcut is currently not configurable, is that what you want? If yes, check out #616.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jun 12, 2015

@myrdd, I had skimmed over some of the issues but missed this one. Thanks.

ghost commented Jun 12, 2015

@myrdd, I had skimmed over some of the issues but missed this one. Thanks.

@jdgalt

This comment has been minimized.

Show comment
Hide comment
@jdgalt

jdgalt Oct 8, 2015

I'm not sure what is the right place to post this:

I would like to suggest that we be allowed to assign a priority number to each rule, and have the higher priorities automatically trump the lower ones.

We could allow, for example, priorities from 1 to 255, with any rules that come from a subscription being automatically assigned 128. That way I can write rules that always yield to them and rules that never do.

Here's an example of a case where this would help. I use reddit, so have a rule allowing all requests from them. But I also have a rule banning all requests to *.4disply.com (a site that generates pop-under ads). Result: One of their pop-under ads appeared, and there is apparently no way to disable those unless I want to take the time to discover and list every single site that reddit is allowed to send requests to. Setting a high priority for "Block *.4disply.com" would solve this problem.

jdgalt commented Oct 8, 2015

I'm not sure what is the right place to post this:

I would like to suggest that we be allowed to assign a priority number to each rule, and have the higher priorities automatically trump the lower ones.

We could allow, for example, priorities from 1 to 255, with any rules that come from a subscription being automatically assigned 128. That way I can write rules that always yield to them and rules that never do.

Here's an example of a case where this would help. I use reddit, so have a rule allowing all requests from them. But I also have a rule banning all requests to *.4disply.com (a site that generates pop-under ads). Result: One of their pop-under ads appeared, and there is apparently no way to disable those unless I want to take the time to discover and list every single site that reddit is allowed to send requests to. Setting a high priority for "Block *.4disply.com" would solve this problem.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 8, 2015

Member

Thanks for sharing your idea @jdgalt. I've already been thinking about adding a "priority" property to each rule. IMHO the default priority could be zero, allowing both positive and negative numbers, but that's a detail we can discuss at a specific issue. It would be nice if you could open a new issue for priorities.

However, the problem in the example case you're describing might have to do with issue #491. Is your default policy "allow"?

Member

myrdd commented Oct 8, 2015

Thanks for sharing your idea @jdgalt. I've already been thinking about adding a "priority" property to each rule. IMHO the default priority could be zero, allowing both positive and negative numbers, but that's a detail we can discuss at a specific issue. It would be nice if you could open a new issue for priorities.

However, the problem in the example case you're describing might have to do with issue #491. Is your default policy "allow"?

@jdgalt

This comment has been minimized.

Show comment
Hide comment
@jdgalt

jdgalt Oct 8, 2015

Yes it is, and #498 could be related.

Created #717.

jdgalt commented Oct 8, 2015

Yes it is, and #498 could be related.

Created #717.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 8, 2015

Member

I guess you mean #491 – since your default policy is "allow", that's the fallback policy.

Member

myrdd commented Oct 8, 2015

I guess you mean #491 – since your default policy is "allow", that's the fallback policy.

@nodiscc nodiscc referenced this issue in pyllyukko/user.js Oct 19, 2015

Closed

[Talk] Ghostery Vs. Disconnect.me Vs. uBlock #16

@woxcab

This comment has been minimized.

Show comment
Hide comment
@woxcab

woxcab Apr 22, 2016

RequestPolicy Continued blocks external images on localhost web-apps (for example: web images from non-localhost are not shown in Tiny Tiny RSS (webapp on localhost:8080) when RequestPolicy is enabled). Allowing 'blocked destinations' from list does not help (images are still blocked). Manual policies:

  • Origin localhost, Destination *
  • Origin localhost:8080, Destination *

does not help.

Can it be fixed manually using policies or is it a bug?

woxcab commented Apr 22, 2016

RequestPolicy Continued blocks external images on localhost web-apps (for example: web images from non-localhost are not shown in Tiny Tiny RSS (webapp on localhost:8080) when RequestPolicy is enabled). Allowing 'blocked destinations' from list does not help (images are still blocked). Manual policies:

  • Origin localhost, Destination *
  • Origin localhost:8080, Destination *

does not help.

Can it be fixed manually using policies or is it a bug?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Apr 22, 2016

Member

@woxcab Matching against * does not work yet. Please try a rule with the "destination" field being empty. If you specify a port, make sure you enter it in the dedicated "port" field. If this doesn't help, please check the Request Log for the exact destination URI.

Member

myrdd commented Apr 22, 2016

@woxcab Matching against * does not work yet. Please try a rule with the "destination" field being empty. If you specify a port, make sure you enter it in the dedicated "port" field. If this doesn't help, please check the Request Log for the exact destination URI.

@woxcab

This comment has been minimized.

Show comment
Hide comment
@woxcab

woxcab Apr 22, 2016

@myrdd, thank you! Empty destination have helped. For my case origin must be with port localhost:8080 (if no port then images are blocked) or localhost:*.

woxcab commented Apr 22, 2016

@myrdd, thank you! Empty destination have helped. For my case origin must be with port localhost:8080 (if no port then images are blocked) or localhost:*.

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Apr 24, 2016

Member

@woxcab great! By the way, the * issue should now be resolved in the latest pre-build. Would you mind trying if * now works as the destination host? :)

Member

myrdd commented Apr 24, 2016

@woxcab great! By the way, the * issue should now be resolved in the latest pre-build. Would you mind trying if * now works as the destination host? :)

@woxcab

This comment has been minimized.

Show comment
Hide comment
@woxcab

woxcab Apr 24, 2016

@myrdd, yes, * destination works for me in the latest pre-build 1.0.beta11.1.1488.r608f5fc.pre. Thank you!

woxcab commented Apr 24, 2016

@myrdd, yes, * destination works for me in the latest pre-build 1.0.beta11.1.1488.r608f5fc.pre. Thank you!

@agilbertson1977

This comment has been minimized.

Show comment
Hide comment
@agilbertson1977

agilbertson1977 Jun 8, 2016

Posting here to start with to make sure that this isn't an open issue (I didn't find it when searching for "font" or "CSS" but maybe I'm not familiar enough with the issue to figure out what the right search term is).

Going to http://www.tampabay.com/news/breaking/ with Request Policy Continued results in links to stories with an associated picture having a weird character that looks like a black circle with a white + in it showing up behind the headline text. Visiting the same page without Request Policy Continued results in an icon which I guess is supposed to represent a picture of mountains and the sun. I don't see anything that's not allowed that I would expect to prevent this transformation.

(Let me know if you'd like screenshots of it with/without RPC enabled.)

Is this expected behavior, an existing issue, or should I open a new issue for it?

Thanks!

Posting here to start with to make sure that this isn't an open issue (I didn't find it when searching for "font" or "CSS" but maybe I'm not familiar enough with the issue to figure out what the right search term is).

Going to http://www.tampabay.com/news/breaking/ with Request Policy Continued results in links to stories with an associated picture having a weird character that looks like a black circle with a white + in it showing up behind the headline text. Visiting the same page without Request Policy Continued results in an icon which I guess is supposed to represent a picture of mountains and the sun. I don't see anything that's not allowed that I would expect to prevent this transformation.

(Let me know if you'd like screenshots of it with/without RPC enabled.)

Is this expected behavior, an existing issue, or should I open a new issue for it?

Thanks!

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Jun 10, 2016

Member

@agilbertson1977 In this case please create a new issue. Please attach a screenshot of the expected and the actual appearance. Please also add a screenshot of RP's menu, to see which destinations have been allowed/denied.
Right now I couldn't reproduce what you are describing, but that could be because certain rules need to be added, or because of some add-on you've got installed.

Member

myrdd commented Jun 10, 2016

@agilbertson1977 In this case please create a new issue. Please attach a screenshot of the expected and the actual appearance. Please also add a screenshot of RP's menu, to see which destinations have been allowed/denied.
Right now I couldn't reproduce what you are describing, but that could be because certain rules need to be added, or because of some add-on you've got installed.

@akwala

This comment has been minimized.

Show comment
Hide comment
@akwala

akwala Jun 23, 2016

Recently I've been seeing blocked destinations such as "jid1-mnnxcxisbpnsxq-eff-at-jetpack". So far all of these have ended with "-eff-at-jetpack". My guess is that this has to do with an EFF addon. What is going on here?

akwala commented Jun 23, 2016

Recently I've been seeing blocked destinations such as "jid1-mnnxcxisbpnsxq-eff-at-jetpack". So far all of these have ended with "-eff-at-jetpack". My guess is that this has to do with an EFF addon. What is going on here?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Jun 24, 2016

Member

@akwala jid1-MnnxcxisBPnSXQ@jetpack is the ID of PrivacyBadger (source). How does the request look like, that is, the full URI of origin and destination? It could have to do with the fix for #783, released in beta12.0. If you think there is some misbehavior, go ahead and create a new issue.

Member

myrdd commented Jun 24, 2016

@akwala jid1-MnnxcxisBPnSXQ@jetpack is the ID of PrivacyBadger (source). How does the request look like, that is, the full URI of origin and destination? It could have to do with the fix for #783, released in beta12.0. If you think there is some misbehavior, go ahead and create a new issue.

@inril

This comment has been minimized.

Show comment
Hide comment
@inril

inril Dec 1, 2016

Using 1.0.beta12.4.
When enabling the privacy subscription the policy will allow facebook and twitter (7 entries).
I did not expect to see any green entries in a privacy policy.
Everything in this list should be denied.

Am I missing something?

inril commented Dec 1, 2016

Using 1.0.beta12.4.
When enabling the privacy subscription the policy will allow facebook and twitter (7 entries).
I did not expect to see any green entries in a privacy policy.
Everything in this list should be denied.

Am I missing something?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Dec 1, 2016

Member

When enabling the privacy subscription the policy will allow facebook and twitter (7 entries).

These seven entries allow facebook-internal and twitter-internal request, respectively. There are also blocking rules for those domains. So, for example, requests to facebook.net are blocked, except requests from facebook.com. See this image for clarification:

deny_trackers rules for facebook

Member

myrdd commented Dec 1, 2016

When enabling the privacy subscription the policy will allow facebook and twitter (7 entries).

These seven entries allow facebook-internal and twitter-internal request, respectively. There are also blocking rules for those domains. So, for example, requests to facebook.net are blocked, except requests from facebook.com. See this image for clarification:

deny_trackers rules for facebook

@Atavic

This comment has been minimized.

Show comment
Hide comment
@Atavic

Atavic Feb 19, 2017

Without a minimal Allow Policy I can't even do a complete search on twitter.

Atavic commented Feb 19, 2017

Without a minimal Allow Policy I can't even do a complete search on twitter.

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@nodiscc

nodiscc Feb 22, 2017

Member

Hi @myrdd , it's been a long time, hope all is well.
I have sent a PR at RequestPolicyContinued/subscriptions#54 I wish you could review (serials, etc.).
I want to remove the deny_trackers subscription for reasons I will detail in another PR.

@Atavic in "default deny" mode you need to whitelist items manually to get full website functionality.
If you need some basic premade allow rules, enable subscriptions.
If you want to add allow rules to official subscriptions, check https://github.com/RequestPolicyContinued/subscriptions

Member

nodiscc commented Feb 22, 2017

Hi @myrdd , it's been a long time, hope all is well.
I have sent a PR at RequestPolicyContinued/subscriptions#54 I wish you could review (serials, etc.).
I want to remove the deny_trackers subscription for reasons I will detail in another PR.

@Atavic in "default deny" mode you need to whitelist items manually to get full website functionality.
If you need some basic premade allow rules, enable subscriptions.
If you want to add allow rules to official subscriptions, check https://github.com/RequestPolicyContinued/subscriptions

@lazerhawk

This comment has been minimized.

Show comment
Hide comment
@lazerhawk

lazerhawk Mar 3, 2017

Mozilla's add-on compatibility reporter shows it isn't multiprocess/e10s compatible. Reporter bug or is it actually true?

Mozilla's add-on compatibility reporter shows it isn't multiprocess/e10s compatible. Reporter bug or is it actually true?

@Atavic

This comment has been minimized.

Show comment
Hide comment
@Atavic

Atavic Mar 3, 2017

According to: https://www.arewee10syet.com/
RequestPolicy Continued • incompatible

Atavic commented Mar 3, 2017

According to: https://www.arewee10syet.com/
RequestPolicy Continued • incompatible

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Mar 8, 2017

Member
Member

myrdd commented Mar 8, 2017

@nazmifr

This comment has been minimized.

Show comment
Hide comment
@nazmifr

nazmifr Mar 14, 2017

hey, I have some kind of suggestion for that amazing piece of addon that is requestpolicy:

When there are some redirects, the user has to move his mouse all the way to the upper right hand corner of Firefox to click on allow, it's painful and sometimes there are timeouts (especially if you're slow or on a laptop), couldn't an enter key press fill the same function while being simpler to acheive?

Thanks for having read
Nazmi

nazmifr commented Mar 14, 2017

hey, I have some kind of suggestion for that amazing piece of addon that is requestpolicy:

When there are some redirects, the user has to move his mouse all the way to the upper right hand corner of Firefox to click on allow, it's painful and sometimes there are timeouts (especially if you're slow or on a laptop), couldn't an enter key press fill the same function while being simpler to acheive?

Thanks for having read
Nazmi

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Jul 7, 2017

Member

Thanks for your comment @nazmifr. If you like to use the keyboard, you currently can press Alt+A to allow the request. If it's not „A“, it's the underlined letter on the „allow“ button.

Member

myrdd commented Jul 7, 2017

Thanks for your comment @nazmifr. If you like to use the keyboard, you currently can press Alt+A to allow the request. If it's not „A“, it's the underlined letter on the „allow“ button.

@nazmifr

This comment has been minimized.

Show comment
Hide comment
@nazmifr

nazmifr Jul 10, 2017

Thanks for your response, I will from now on.

nazmifr commented Jul 10, 2017

Thanks for your response, I will from now on.

@zazenbingle

This comment has been minimized.

Show comment
Hide comment
@zazenbingle

zazenbingle Sep 19, 2017

Hello,

Please help me configure an "Allow" rule for web browsing. I perform a search on DuckDuckGo, then right-click some results and open in new tab. When I look at each "new tab", the website is blocked.

I created the following rule:
Policy -- Origin----------------------- Destination-- Rule Set
Allow -- https://duckduckgo.com/://: ://:* -- User

What am I doing wrong?

Hello,

Please help me configure an "Allow" rule for web browsing. I perform a search on DuckDuckGo, then right-click some results and open in new tab. When I look at each "new tab", the website is blocked.

I created the following rule:
Policy -- Origin----------------------- Destination-- Rule Set
Allow -- https://duckduckgo.com/://: ://:* -- User

What am I doing wrong?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Sep 20, 2017

Member

I created the following rule:
Policy -- Origin----------------------- Destination-- Rule Set
Allow -- https://duckduckgo.com/://: ://:* -- User

I guess you put https://duckduckgo.com/ in the origin "scheme" field and :// in the destination "scheme" field. Instead, fill in as follows:

  • origin scheme: https
  • origin host: duckduckgo.com
  • destination host: *
Member

myrdd commented Sep 20, 2017

I created the following rule:
Policy -- Origin----------------------- Destination-- Rule Set
Allow -- https://duckduckgo.com/://: ://:* -- User

I guess you put https://duckduckgo.com/ in the origin "scheme" field and :// in the destination "scheme" field. Instead, fill in as follows:

  • origin scheme: https
  • origin host: duckduckgo.com
  • destination host: *
@zazenbingle

This comment has been minimized.

Show comment
Hide comment
@zazenbingle

zazenbingle Sep 20, 2017

Thank you! It worked!

I'm thankful for this add-on and for your responsiveness.

Here are my 2 cents on how to make it more noob-friendly:

  1. Change default setting:
    --> Preferences >> Menu >> "Allow adding non-temporary rules when using Private Browsing Mode"
    --> Current default: OFF
    --> Proposed default: ON
    --> Reason: Security conscious noobs will have their browsers set to private mode or equivalent.
    --> When I didn't see the option to whitelist my search engine website, it just confused me until I found this setting.

  2. Modify the "Allow requests from *.duckduckgo.com" [or whatever website you're on] command:

--> Current "Allow" rule created by the command:
Policy - Origin - Destination - Rule Set
Allow - https://duckduckgo.com/://: - ://:* - User

--> Proposed "Allow" rule created by the command:
Policy - Origin - Destination - Rule Set
Allow - https://duckduckgo.com - * - User

--> Reason for the change: the current automated "Allow Rule" creation didn't work for me. I scoured the Internet for a couple of hours before creating a GitHub account and posting this question. Not complaining, just providing the perspective of a motivated noob.

  1. Add an FAQ explaining how to configure a search engine website in this way.
    --> If changing the default setting is not acceptable, then you can just include those instructions in the FAQ.
    --> If changing the values created by the "Allow requests from..." command is time-consuming, then posting this information in an FAQ will be very helpful to prevent future questions like mine.
    --> This is probably the first rule a user will create, right? I mean, don't many people browse by opening new tabs?
    --> If my assumptions are incorrect, then how are they incorrect? Maybe it's a completely different FAQ that's required, and I just don't know enough to understand it.

Thank you! It worked!

I'm thankful for this add-on and for your responsiveness.

Here are my 2 cents on how to make it more noob-friendly:

  1. Change default setting:
    --> Preferences >> Menu >> "Allow adding non-temporary rules when using Private Browsing Mode"
    --> Current default: OFF
    --> Proposed default: ON
    --> Reason: Security conscious noobs will have their browsers set to private mode or equivalent.
    --> When I didn't see the option to whitelist my search engine website, it just confused me until I found this setting.

  2. Modify the "Allow requests from *.duckduckgo.com" [or whatever website you're on] command:

--> Current "Allow" rule created by the command:
Policy - Origin - Destination - Rule Set
Allow - https://duckduckgo.com/://: - ://:* - User

--> Proposed "Allow" rule created by the command:
Policy - Origin - Destination - Rule Set
Allow - https://duckduckgo.com - * - User

--> Reason for the change: the current automated "Allow Rule" creation didn't work for me. I scoured the Internet for a couple of hours before creating a GitHub account and posting this question. Not complaining, just providing the perspective of a motivated noob.

  1. Add an FAQ explaining how to configure a search engine website in this way.
    --> If changing the default setting is not acceptable, then you can just include those instructions in the FAQ.
    --> If changing the values created by the "Allow requests from..." command is time-consuming, then posting this information in an FAQ will be very helpful to prevent future questions like mine.
    --> This is probably the first rule a user will create, right? I mean, don't many people browse by opening new tabs?
    --> If my assumptions are incorrect, then how are they incorrect? Maybe it's a completely different FAQ that's required, and I just don't know enough to understand it.
@zazenbingle

This comment has been minimized.

Show comment
Hide comment
@zazenbingle

zazenbingle Sep 20, 2017

myrdd,

Scratch my last post. It seems more likely that I didn't see the setting until AFTER I created it manually, because the "Allow requests from" command seems to work everywhere else.

I still think an FAQ that helps a new user get their search page up and running is a good idea. Here's what I propose:

FAQ: My search engine web-page can't open any pages without me clicking on a link to "Allow" on each new page I open. What should I do?

ANS: Here's how you add a rule to allow your search engine web-page to open new pages:

  1. From your search enging web-page, hover over the red-flag icon for the "RequestPolicy Continued" extension.
  2. Click on "Allow requests from *.duckduckgo.com" [or whatever website you perform web-searches from]

If you don't see the option to "Allow requests from" option when you hover over the icon:

  1. You're probably in private-mode or equivalent.
  2. Go to: Settings >> Preferences >> Menu >> "Allow adding non-temporary rules when using Private Browsing Mode"
  3. Change from unchecked to checked
  4. You should now see the option to "Allow requests from..." when you hover over the icon.

myrdd,

Scratch my last post. It seems more likely that I didn't see the setting until AFTER I created it manually, because the "Allow requests from" command seems to work everywhere else.

I still think an FAQ that helps a new user get their search page up and running is a good idea. Here's what I propose:

FAQ: My search engine web-page can't open any pages without me clicking on a link to "Allow" on each new page I open. What should I do?

ANS: Here's how you add a rule to allow your search engine web-page to open new pages:

  1. From your search enging web-page, hover over the red-flag icon for the "RequestPolicy Continued" extension.
  2. Click on "Allow requests from *.duckduckgo.com" [or whatever website you perform web-searches from]

If you don't see the option to "Allow requests from" option when you hover over the icon:

  1. You're probably in private-mode or equivalent.
  2. Go to: Settings >> Preferences >> Menu >> "Allow adding non-temporary rules when using Private Browsing Mode"
  3. Change from unchecked to checked
  4. You should now see the option to "Allow requests from..." when you hover over the icon.
@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Oct 10, 2017

Member

Hi @zazenbingle,

FAQ: My search engine web-page can't open any pages without me clicking on a link to "Allow" on each new page I open. What should I do?

ANS: Here's how you add a rule to allow your search engine web-page to open new pages:

  1. From your search enging web-page, hover over the red-flag icon for the "RequestPolicy Continued" extension.
  2. Click on "Allow requests from *.duckduckgo.com" [or whatever website you perform web-searches from]

Actually you should get a redirection notification when clicking on the link on duckduckgo.com. See here: #859

Member

myrdd commented Oct 10, 2017

Hi @zazenbingle,

FAQ: My search engine web-page can't open any pages without me clicking on a link to "Allow" on each new page I open. What should I do?

ANS: Here's how you add a rule to allow your search engine web-page to open new pages:

  1. From your search enging web-page, hover over the red-flag icon for the "RequestPolicy Continued" extension.
  2. Click on "Allow requests from *.duckduckgo.com" [or whatever website you perform web-searches from]

Actually you should get a redirection notification when clicking on the link on duckduckgo.com. See here: #859

@rain0r

This comment has been minimized.

Show comment
Hide comment
@rain0r

rain0r Nov 29, 2017

Are there any plans on migrating the add-on to Firefox 57.0 ("Firefox Quantum")?

rain0r commented Nov 29, 2017

Are there any plans on migrating the add-on to Firefox 57.0 ("Firefox Quantum")?

@jrrdev

This comment has been minimized.

Show comment
Hide comment
@jrrdev

jrrdev Nov 29, 2017

Collaborator

Work in progress, see issue #704 😃

Collaborator

jrrdev commented Nov 29, 2017

Work in progress, see issue #704 😃

@TPS

This comment has been minimized.

Show comment
Hide comment
@TPS

TPS Apr 18, 2018

I've recently received notification of a new release, but there's only an unbuilt version. Since AMO's dropped betas, where does 1 go to get prebuilt 1s?

TPS commented Apr 18, 2018

I've recently received notification of a new release, but there's only an unbuilt version. Since AMO's dropped betas, where does 1 go to get prebuilt 1s?

@myrdd

This comment has been minimized.

Show comment
Hide comment
@myrdd

myrdd Apr 20, 2018

Member

@TPS I put a link to the installation URL just now in the first post of #754.
It's https://sslsites.de/requestpolicy.256k.de/requestpolicy-nightly.xpi
Make sure to disable any other RP/RPC versions before installation.

Member

myrdd commented Apr 20, 2018

@TPS I put a link to the installation URL just now in the first post of #754.
It's https://sslsites.de/requestpolicy.256k.de/requestpolicy-nightly.xpi
Make sure to disable any other RP/RPC versions before installation.

@TPS

This comment has been minimized.

Show comment
Hide comment
@TPS

TPS Apr 20, 2018

@myrdd Thanks very much! 🙇

TPS commented Apr 20, 2018

@myrdd Thanks very much! 🙇

@vertigo220

This comment has been minimized.

Show comment
Hide comment
@vertigo220

vertigo220 May 5, 2018

Am I missing something, or is there no way to export/import the settings and custom rules? Also, I'm confused with regard to the subscriptions, since I would expect major sites like Amazon and Newegg to work with them, but I had to manually allow things to get them to not be complete disasters.

Another thing, the interface is a bit confusing. You can select multiple things at once (e.g. you can select/underline permanently and temporarily allow and block, all at the same time) and it's not very clear what's going on. And the meaning of the (x+y) numbers isn't readily apparent (it's not difficult to figure out, but it would be nice if there was a key or something). It's also not clear what the different icons (?, do not enter sign (red circle with white dash), etc) or "mixed" destinations mean.

And finally, the refresh page after whitelisting option doesn't work for me. I may create a separate issue for that, but it'll have to wait until I do more troubleshooting, so I figured I'd just mention it here for now. Frankly, I'm not sure RPC provides much, if anything, beyond what uBo and uMatrix do for me, and so I don't know if I'll continue using it, but it does seem like a good project, and I'd like to see it continue to improve, if for no other reason than to have options.

Am I missing something, or is there no way to export/import the settings and custom rules? Also, I'm confused with regard to the subscriptions, since I would expect major sites like Amazon and Newegg to work with them, but I had to manually allow things to get them to not be complete disasters.

Another thing, the interface is a bit confusing. You can select multiple things at once (e.g. you can select/underline permanently and temporarily allow and block, all at the same time) and it's not very clear what's going on. And the meaning of the (x+y) numbers isn't readily apparent (it's not difficult to figure out, but it would be nice if there was a key or something). It's also not clear what the different icons (?, do not enter sign (red circle with white dash), etc) or "mixed" destinations mean.

And finally, the refresh page after whitelisting option doesn't work for me. I may create a separate issue for that, but it'll have to wait until I do more troubleshooting, so I figured I'd just mention it here for now. Frankly, I'm not sure RPC provides much, if anything, beyond what uBo and uMatrix do for me, and so I don't know if I'll continue using it, but it does seem like a good project, and I'd like to see it continue to improve, if for no other reason than to have options.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment