The rule: * 1st-part * allow is I think included in the default install. Together with the global rules in my post #269 above, it is achieved that the frames are not allowed for the 1st party. Well, the cookies are not allowed too. Deleting those global block rules they will be allowed. I myself don't use that global allow 1st-party all rule. But if I would, I would keep the frames blocked.
I did an extension search for uMatrix via the Opera browser "add an extension" search and there was no match found for uMatrix. Is this a new/temporary development for this extension relative to Opera?
Never mind. uMatrix popped up when I searched under a different language-- French. A temporary mix-up for sure.
Not for merit of Umatrix there is a factor of disturbance in the test. The pop-up with Ublock not is present only if they are blocked "Inline Script" but this way the website is not usable. And this is not a condition to perform the test.
In the other thread you mention to enable script for http://film-stream dot org/ and it is enabled in my uMatrix settings. Still no pop-up.
Blocking 1st-party frames is just annoying and accomplish nothing really -- aside annoyingly breaking sites. The point of blocking iframe is to foil compromised pages injected with malicious iframes which purpose is to load their payload from shady 3rd-party web sites.
The popup will occur when you first visit the site and click anywhere on the page. Clearing the cookies for the site will cause the popup to occur again. uBlock has code dedicated to block popups, it's not the case for uMatrix. Edit: With uBlock, the same popup also occurs, because there are no filter in EasyList to take care of it. The new popup blocker can take care of these cases for when no filter exists.
TH Gorhill. Sampei = 1 VS Rest of the World = 0 P.S. I'm advising test for pop-up not dangerous: http://www.popuptest.com/goodpopups.html
Thank for clarifying, gorhill. Sampei, clicking the link you specified results in a new tab opening and a warning from Chromium that pop-ups were blocked on both the original site's tab and the new tab. Otherwise what are the security implications of this? I have frames blocked by default everywhere. Is there more to be concerned about?
Sampei Wrote: (Condition for the test) Script film stream.org (on) Click with the mouse on the link to the right: >>> vedi tutti gli aggiornamenti >>> After opening the popup to a new test must close and reopen the browser. If not there are other disturbing factors better correct your browser settings and delete cookies on exit.
What gorhill is telling can be achieved if not allowing 1st party by the rule : * 1st-party frame allow I myself don't trust any unknown site and so I am not allowing 1st-party by default. I don't also have the rule above, since i see no reason to allow frames to every site i visit, sites that I am blocking plugin, script, XHR, other (and cookies).
^^ I block frames, plugins and scripts globally by default (plus block all 3rd party frames in ublock) i used to globally block cookies as well, but went ahead and whitelisted 1st party
What I would like gorhill to do to uMatrix. This not something about security but usability, especially for new users. It is to allow disable hosts files for a scope basis. I posted this on the other thread, but later 2 posters got so very much interested in their proxomitron stuff, so I repost the link of my meaning: https://www.wilderssecurity.com/thre...d-blocking-scripts.373285/page-9#post-2471962 Post #202 in that link. I know uBlock is so hot or something and I use it too, but only as an adblocking extension. I myself don't care about advanced features in it. Blocking 3rd party frames with it is already a nuisance operating same time uMatrix. But if the developer can have some time and it is not too difficult to implement the above mentioned feature I would like to have in uMatrix.
Another request if possible: would it be possible to use CIDR notation or even IP ranges in the rulesets? eg: 198.38.0.0/16 (CIDR) or even a range like 198.38.0.0 - 198.38.255.255. Netflix, for instance, requires so many IP addressses to work properly. EDIT ..or can wildcards even be used? eg: 198.38.*.*