You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The initial whitelist that users are given the option to import when they use !RequestPolicy for the first time includes only one destination that is allowed from any origin: recaptcha.net. However, Google just bought reCAPTCHA:
So, we need to remove it from the suggested initial whitelist. (In case the reader of this wants an explanation of why this changes things: allowing any site to make requests to a Google property without the user's knowledge is exactly the opposite of what !RequestPolicy should do.)
It's a shame, too, as there are a handful of sites whose registration process is complicated by having reCAPTCHA blocked until after the user already has done some work.
The text was updated successfully, but these errors were encountered:
Thursday Dec 22, 2011 at 18:47 GMT
Originally opened as RequestPolicy/requestpolicy#40
The initial whitelist that users are given the option to import when they use !RequestPolicy for the first time includes only one destination that is allowed from any origin: recaptcha.net. However, Google just bought reCAPTCHA:
http://www.techcrunch.com/2009/09/16/google-acquires-recaptcha-to-power-scanning-for-google-books-and-google-news/
So, we need to remove it from the suggested initial whitelist. (In case the reader of this wants an explanation of why this changes things: allowing any site to make requests to a Google property without the user's knowledge is exactly the opposite of what !RequestPolicy should do.)
It's a shame, too, as there are a handful of sites whose registration process is complicated by having reCAPTCHA blocked until after the user already has done some work.
The text was updated successfully, but these errors were encountered: