Screenshots for RPC

[DJ-Leith]

It is easy to add screenshots to Github issues (I'm very new to Github).

In #445 I added a screenshot (here is the comment )

Here is the URL for the screenshot:
https://cloud.githubusercontent.com/assets/12447809/7897773/13f025da-06e1-11e5-890d-89291ebfd48b.jpg

This is 'not much use for the website'. I run many Profiles [1] and I use Classic Theme Restorer to colour (color) the "selected tab" with a specific colour so that I know which Profile I am using. The 'garish purple' tells me that I'm using a profile with an almost empty Whitelist (for both NoScript and RPC).

Below are some screenshots. I have added them to this issue. The URLs are 'automatically generated by Github', just right click and "Open Link in New Tab" to find the URL.
Feel free to use (or ignore) any or all of them without any attribution - you have explicit permission. Feel free to crop them, resize them etc. I have also added text to explain what I did. This is 'full and long winded': I am writing for people who are unfamiliar with RPC.

[1]
"Using Release, ESR, Beta, Aurora, and/or Nightly together."
http://forums.mozillazine.org/viewtopic.php?f=23&t=2821799

---

Abbreviations and conventions:
RP meaning the original RequestPolicy 0.5.x.x by Justin Samuel.
RPC meaning RequestPolicy Continued v1.0beta9.x
I am using single quotes (') as scare quotes: to indicate that I am conscious that I am using slang, jargon or other imprecise language.
I am using double quotes (" ") when I am making a direct quotation.

---

Updating from RP 0.5.xx to RPC

Before you start make a copy of your Profile.
In RP 0.5.xx the Whitelist is in "prefs.js" (in your Profile)
In RPC 1.x.x the Whitelist is in "user.json" in the sub-folder ...\Profile\requestpolicy\policies\

e.g. on Windows the Profile might be in this Folder:
C:\Users\UserNameHere\AppData\Roaming\Mozilla\Firefox\Profiles\k4t2y8gr.Test

Fig-001-RP-0-5-28-1-signed

Fig-002-RPC-0-5-29

Starting with either RequestPolicy 0.5.28.1-signed, or RP 0.5.28,
or RequestPolicy Continued 0.5.29

NoScript is also installed. Both NoScript and RP have short Whitelists in this example.
about:addons is on both Whitelists (by default) so the 'RP Flag' is grey on the Toolbar (nothing is
blocked) and the NoScript icon is showing all scripts are allowed at about:addons.

Fig-003-RP-short-whitelist

The Whitelist, in this example, is very short.
At the moment the Whitelist for RP is stored in the "prefs.js" file in the Profile.

user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "wikibooks.org|wikimedia.org wikinews.org|
wikimedia.org wikipedia.com|wikipedia.org wikipedia.org|wikimedia.org wikisource.org|wikimedia.org wikiversity.org|
wikimedia.org wiktionary.org|wikimedia.org bbc.co.uk|bbci.co.uk bbc.co.uk|bbcimg.co.uk");

In this example I allowed all the 'wikipedia family' of sites, to send requests to (in order to collect images from) - "wikimedia.org".
Then I allowed "bbc.co.uk" to send requests to "bbci.co.uk" and also "bbc.co.uk" to send requests to "bbcimg.co.uk".
As I did the BBC after Wikipedia they are recorded in "prefs.js" after the "wikimedia.org" entries.

Continued ...

[DJ-Leith]

Updating from RP 0.5.xx to RPC continued

Fig-004-Startpage

Fig-005-RPC-Releases-page

Here is the Release page for RequestPolicy 1.0.beta9.3

https://github.com/RequestPolicyContinued/requestpolicy/releases

Click the "requestpolicy-1-0-beta9-3.xpi" link to install.

Fig-006-Welcome-to-RequestPolicy

Next you will see this Welcome screen.

If you have 'an old RP' as in this example you have 'two RP Red flags' (one old one from RP and a new RPC Flag). This is expected as you update (when you have finished and restarted Firefox you will only have the new RPC Flag).

Note: NoScript is blocking about:requestpolicy?setup
add about:requestpolicy to the NoScript Whitelist

Fig-007-NoScript-Whitelist-after-adding-about-requestpolicy

If you are Upgrading, as in this example, click "Configure RequestPolicy".

If you have never used RP I recommend that you use the "Teach me how to use RequestPolicy" button. This will take you to
https://requestpolicycontinued.github.io/Quickstart.html
(Updated 2015-11-09: Old was https://www.requestpolicy.com/tutorial-1.0.html )

Fig-008-Configure-RequestPolicy-default

The defaults (shown) are good.

In this example, I am going to show you how to 'keep the RP Whitelist' we had before the Update.

So, select

"Block requests by default" and "No, don't use subscription policies."
Also, untick "Allow requests to the same domain".

Fig-009-Block-requests-Configure-Default Policy

Then press the "Return to browsing" link.

Now, look at about:addons (either in a New Tab or using the Menu).

Fig-010-Have-two-versions-of-RP

As you can see you still have the 'old RP'. Remove, in this example RP 0.5.29, and Restart Firefox.

Fig-011-After-Removing-the-old-RP-0.5.xx

Note: there is now only one 'RP Flag' - this is normal (you only saw two RP Flags when you had two versions of RP).

Now, click the 'RP Flag' and choose "Manage Policies" you will see this:

Fig-012-Manage-Policies-Your-Policy

Scroll down to see Your Rules.

In this example you might not see any!

Fig-013-The-old-rules-seem-to-have-gone

You might be alarmed. In this screen there are no Active rules!
However, open a New Tab and type about:requestpolicy?oldrules

Fig-014-Import-Old-Rules

Now click "Show re-import options".

Fig-015-The-Old-Rules-about-to-be-Imported

Here you can see the examples: wikimedia and the BBC (in the order from "pref.js").

Next, click the "Import Old Rules" button (at the bottom of the page).

Fig-016-Old-Rules-have-been-Imported

Fig-017-Active-Rules-before-Firefox-was-closed

These rules are saved in "user.json".

Close Firefox:

In "prefs.js" you will find:
user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "wikibooks.org|wikimedia.org wikinews.org|wikimedia.org wikipedia.com|wikipedia.org wikipedia.org|wikimedia.org wikisource.org|wikimedia.org wikiversity.org|wikimedia.org wiktionary.org|wikimedia.org bbc.co.uk|bbci.co.uk bbc.co.uk|bbcimg.co.uk");
The 'old rules' are still in "prefs.js".

Start Firefox and go to about:requestpolicy?yourpolicy

Fig-018-Your-Policy-Active-Rules-after-starting-Firefox

Now, click the "Remove unused rules left over from the old version of RequestPolicy." link.

Fig-019-before-Delete-Old-Rules

Click the "Delete old rules" button.

Fig-020-After-Deleting-Old-Rules

[DJ-Leith]

Using RequestPolicy with Default Deny and a short Whitelist

I very rarely add Rules - I nearly always use Temporary Rules.
In my usage these Temporary Rules are lost:

• usually when I close Firefox,
• sometimes when I click the "Revoke all temporary permissions" in the RP Menu,
• very rarely by using the UI to stop an individual Temporary Rule.

Fig-021-a-short-Whitelist

Here is a very short Whitelist, NoScript also has a very short Whitelist, in this example.
Note: github.com is NOT on either Whitelist.

Fig-022-The-Default-Policy-is-block-requests

Fig-023-starting-at-RPC-issue-445

Here is the URL: #445
This page looks odd because all requests, even to other pages at github, are blocked by RPC.

Fig-024-Press-the-RP-Flag

All 234 requests from github are still blocked.

Fig-025-About-to-Temporary-Allow-github.com-to-github.com

The first request I am going to Temporary Allow will be from github.com to the same domain github.com. I have clicked the github.com on the left, which has brought the 'list of potential outgoing requests' that RPC is blocking (on the right). I will now Temporarily allow requests from *.github.com to *.github.com.

Fig-026-After-Temporary-Allow-github.com-to-github.com

I clicked on the Tab "the project's website . Issue ..." to close the RPC Menu.
The site refreshed.
You can immediately see the page looks much better. There are still many requests being blocked,
e.g. icons to the right of the "Labels" near the scroll bar. myrdd's icon is also blocked, just below the green "Open" button (on the left).

Fig-027-There-is-now-one-Temporary-Rule

Look at the Rules in the "Your Policy" about:requestpolicy?yourpolicy.

Fig-028-About-to-Temporary-Allow-requests-to-githubusercontent-from-github

The RequestPolicy User Interface (UI) is 'sticky': it allows you to make several selections in one visit. Providing you do not 'click outside the RP menu' all your choices will be selected. When you are finished click the Tab "the project's website . Issue ..."
Starting with the top: avatars3.githubusercontent.com I will Temporary Allow (TA) all except "gravatar.com" (TA 6 domains). So I am Temporary Allowing this page at Github 'to request resources' from all of the githubusercontent sub-domains that are linked to this page. I have not allowed "gravatar.com" so there is still a 'Red RP Flag' showing some requests are being blocked.

Fig-029-All-githubusercontent-has-been-Temporary-Allowed

I also, using NoScript, Temporary Allowed the "Blocked Object" from
FONT@https://assets-cdn.github.com
(see that there are now 0 OBJECTs blocked in the NoScript status area).

You can now see the icons. The site is readable. If you wanted to 'login and make a comment' you might have to use NoScript to allow more JavaScript to run.

Next, look at the Rules in the "Your Policy" Tab on the right about:requestpolicy?yourpolicy.

Fig-030-seven-TA-Rules

Here you can see the 7 TA Rules.

Fig-031-Revoke-all-temporary-permissions

If you click the 'RP Flag' you can quickly delete 'all 7 TA Rules' by clicking
"Revoke all temporary permissions"

If you close Firefox all the Temporary Rules will be forgotten.