Provide and maintain RequestPolicy whitelist #36
Comments
Hi, thanks for sharing your thoughts! While I like the idea, it does not appear to be possible to maintain self-updating whitelists. RequestPolicy does allow users to import domains from a file, but this does not allow for pushing updates to clients. It's also not possible to remove old (obsolete) whitelist entries once imported. This might help users with strict policies with the initial set-up:
Am I missing something with regards to maintenance? |
Respectfully, the proposed RP whitelist seems like an insecure (too trusting) approach. When DE's "retrieve and cache missing" option is enabled, I would hope DE would raise an infobar announcing "page is requesting a not-yet-cached item from a recognized CDN. Allow/Deny". Upon 'Allow' buttonclick, DE would retrieve and permacache the item then trigger a page reload. It's reasonable to expect this will be a seldom-occurring interruption. http://www.jsdelivr.com/about Ultimately, after extended surfing, the local DE permacache could accumulate the entirety of https://github.com/jsdelivr/jsdelivr/archive/master.zip |
@stewie Thanks for weighing in.
Note that you can block requests for any missing resources from preferences, and then whitelist any domains of websites that break without the expected libraries. So, adding the CDN domains to your RequestPolicy whitelist does not necessarily mean allowing all requests for missing resources. |
Closing this issue for now (since there now is a static RequestPolicy whitelist). I will be sure to re-open this issue if anyone has a strategy for continued maintenance. |
Hey!
I use Decentraleyes along with Requestpolicy. Right now it is necessary to whitelist the domains mentioned here by hand.
It would be useful, if there was a whitelist, which is updatet, with the progress of the Decentraleyes addon.
Best wishes,
Sammy
The text was updated successfully, but these errors were encountered: