HTTP Switchboard for Chrome/Chromium:

Gorhill has worked some magic that I was unaware of. A few versions of HTTP-SB ago I couldn't translate a page unless I allowed javascript. Now all my extensions work properly without allowing javascript, what happened? If this extension gets better than it already is I don't know what to do.

 

Great, thanks. Interesting use of CSP, smart.

 

Just curious... When you say "I allowed javascript", you mean you disabled HTTPSB and allowed js in Chromium? Do you have a specific case with symptoms of the problem you had? Even if the problem is not there anymore, I still would like to understand the technical cause of the (now solved apparently) problem.

 

Google could not translate the page unless I greylisted javascript for that domain. I don't shutoff HTTP-SB. Google translate would try to translate and then fail. The same goes for many of my extensions like vimium. Before if javascript wasn't greylisted for the specific domain I couldn't use vimium. I don't allow javascript for most sites unless it is completely necessary or the site breaks if it isn't on.

 

How does HSB handle websites *with* CSP enabled? For example, Facebook uses CSP I believe. So does Twitter.

When you enable 'all' for a website are you removing the CSP handled by those websites?

 

Same here.
Since the last update, I can visit a Chinese (simplified Han) written page, Chrome automatically suggests translation and then I only have to allow 'translate.googleapis.com' to get the page translated.

 

No way. The only time I use CSP is to add a single CSP directive, "script-src 'none'", to the response headers and only when *all* these conditions are met:

* The request is for a 'main_frame' object (which could contain inline javascript);
* Javascript was evaluated as being blocked for that particular request;

Otherwise response headers are left untouched, and HTTPSB doesn't care about whatever they contain.

There is the case when the above directive forbidding js is added to response headers which already contain CSP directives, in which case the standard says that when many CSP overlap, the most restrictive win, in which case concerning js, HTTPSB's one (if added) will win, and js won't run.

 

Great, thanks.

 

0.6.8.0 released

Raymond is practically unrelenting in making this awesome extension better and better all the time

 

I just quickly assembled a page which allows to parse "HAR" as JSON (see explanation on the page), which is the way one can export the data in the Developer console/Network tab of Chromium. If you want to see what was *not* blocked on a particular web page, open the developer console, click "Network" tab, right-click and select "Clear Browser Cache", and then force a refresh of the web page.

Once the reload is completed, right click again somewhere inside the "Network" tab pane and select "Copy All as HAR", then paste the result into the text area @ http://raymondhill.net/httpsb/har-parser.html, then click "Parse".

What was *not* blocked will be listed in the result.

Here I define "blocked" as "did not connect to the remote server" (so that there is no log entry of a request created on a remote server.)

 

It is still necessary to disable javascript in the chrome settings after you fix?

 

No. HTTPSB will actually add the "*://*" = "allow" rule for javascript when up and running, but your personal settings will not interfere when HTTPSB is enabled.

 

I am working on some cookie related stuff, and I just found out that there were manual exceptions created for cookies in Chromium settings. There is no way I would ever have enter these exceptions:

*.scorecardresearch.com
*.doubleclick.net
* google.com

A couple of others (I deleted ASAP, I should have taken note.) Also I found out today that somehow, my settings to have all cookies cleared when I close the browser was reset to the default ("keep everything").

Chromium was updated a few days ago (I am on Linux Mint), so I wonder if this is when my cookie settings got reset. Anything similar happened to anybody? (I am wondering if the Chromium team put these settings back... That would not be very nice.)

 

No, I've seen nothing like that using Chrome in either Lite or openSUSE.

 

I use the nightly Chromium script in Linux and I haven't seen it either.

 

You're seeing this too. I haven't seen this in Chromium, but on Chrome Dev Win7--I've seen similar.

I accept cookies then dump all on close unless whitelisted. Post-dump, I kept seeing those 3 in addition to quantserve's which is not my policy. I ended up blacklisting them (always block) and just checked--not there.

 

Gorhill is planning on working on cookie management but needs our input.

From github:

 

Hmm, I'm not sure if I understand it the proper way, but...

- Blacklisted cookies: Always remove all cookies, even on whitelisted domains.
- Whitelisted cookies: Always keep all cookies unless on blacklisted domains.
- Graylisted cookies with session cookies allowed: Keep all cookies until x minutes of not being used.

I'm not sure if I understand the "normal cookies" part.

 

Hi gorhill,

I am currently testing SB together with ADblock (not Adblock +) in Facebook.
If I disable ABblock I get some "suggested Post" (which is basically advert): with HTTPSB I am able to detect the image of that post and block it, but I am not able to make that post invisible as AdBlock does.

Actually my goal is to get rid of Adblock and use HTTPSB only...also to avoid the Chrome notification of Extension Error, because of the conflict between them.

 

Adblock modifies the DOM, something HTTPSB does not do. As said elsewhere, I don't plan on having HTTPSB play with the DOM at this point. There is so much endless potential issues which can arise when making assumptions about DOM layouts (breaking pages, ads no longer being blocked because rules need to be revised constantly, etc.), I don't plan getting into that.

I want to focus on privacy and security (which one side effect is less ads showing) and do it as perfectly as possible, rather than try to do everything imperfectly.

 

Clear. Thanks.

 

Hi Raymond,

the change log shows v0.6.9.0 but the web store still has the earlier v0.6.8.1??

EDIT

0.6.9.0 uploaded to web store. Thanks Raymond

 

0.6.9.0 has some really good cookie management. That has been on my wish list for a while. This extension should be dynamite by 1.0.

 

Agreed. This is getting better all the time. I do wonder, Raymond, if it is possible to integrate the blocking of specific components of a site's cookies such as is possible with Edit this cookie extension? eg in screenshot:

 

Actually what i would like to see done is if I have on strict blocking and I don't have cookies white/graylisted they are deleted immediately. The session cookies already are handled properly. That way it would be easy to choose the cookies you want or don't want. I removed the vanilla cookie manage extension as Http-SB has a better method to handle them.

It annoys me to see google/google analytics channel id cookies every time I view my cookies.

btw...XFCE ftw...