HTTP Switchboard for Chrome/Chromium:

Discussion in 'other software & services' started by apathy, Nov 25, 2013.

  1. luxi

    luxi Registered Member

    Joined:
    Aug 31, 2013
    Posts:
    74
    It does feature fine grain controls over whatever elements you wish to allow or block. You could, for example, allow images while still blocking scripts or plugins (like Flash) and vice versa, which as far as I know has no alternative in Firefox or Chrome at the moment. With NoScript you can only whitelist an entire address and are forced to take all that comes with it, and there's not much more control than that (but it is generally easier).

    In Firefox there is a very limited amount of control over site-by-site permissions natively (that is, without an extension). You can block cookies, plugins... everything, but it's less robust and is far more of a hassle that way.

    NoScript has it's own unique and highly useful features, so it can't be entirely replaced with something like this. Still, it would be nice to have some of HTTPSB's features in Firefox somehow.
     
    Last edited: Nov 26, 2013
  2. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    by gorhill:
    That made me finally get it. Thank you for the explanation :)
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy

    Immagine.JPG

    http://s7.postimg.org/a6s9vdbtn/image.jpg
     
    Last edited: Nov 27, 2013
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Google Ajax.
     
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Frankly, Sampei Nihira. I'm never sure if I understand the meaning or motivation behind your posts. Do you mean that you have posted a link to a malicious page to 'test' this app without notifying us that it was malicious?
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I think that's what has happened :cautious: It was my suspicion and why i went at it without reservations on Linux.
     
  7. gorhill

    gorhill Guest

    I don't use Windows either, so I didn't see the request to install a "codec". However, if it was a test, it requires a minimum of information about the methodology, so we could at least be able to understand what went on, but aside a jpg, there is no other info. The state of the matrix when the site was visited is kind of important, and also the state of the chromium setting for javascript (enabled or disabled by default?).
     
  8. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    if you are a Gmail user, could you get rid of ads there?

    I tried with HTTPSB but then I had to re-enable ADB because I could not figure out how to block ads in Gmail.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I had to enable the main site's url before being presented with the prompt to install the codec. After that it's social engineering if the individual proceeds to install it. It's not automated as in a driveby download.
     
  10. gorhill

    gorhill Guest

    I looked into this, and Google is being crafty: the web requests for ads are mixed in the page along with the legitimate mail stuff, i.e. no special frames etc. HTTPSB doesn't touch the DOM at all (by choice at this point in development) -- which is something AdBlock does, hence it is able to find and hide the div tag which contains the ads. The way web pages are designed is a very mutable variable, and as of now I want to restraint from tampering directly with the internals of web pages, I consider this a good recipe for creating never-ending issues. At this point I consider AdBlock Plus a complement of HTTPSB: each can often block something the other can't (see https://github.com/gorhill/httpswit...chboard-does-more-than-say-adblock-or-adblock)
     
  11. OuterLimits

    OuterLimits Registered Member

    Joined:
    Nov 13, 2009
    Posts:
    66
    I had completely missed that you can set specific rules for a specific web page.

    Making my 3rd try with this now.
     
  12. gorhill

    gorhill Guest

    Just to be sure there is no misunderstandings, the scope for the permissions is dictated by:

    Code:
    {scheme}://{hostname}
    So permissions for `https://youtube.com` won't apply to `http://youtube.com` (scheme is different) or `https://www.youtube.com` (hostname differs). I ended up calling this "per-page" permissions but it's not literally per-page, neither is it per-website. Internally there is nothing preventing me from doing it literally up to per-page, but I can't figure a neat UI to manage this.
     
  13. OuterLimits

    OuterLimits Registered Member

    Joined:
    Nov 13, 2009
    Posts:
    66
    When I first load a webpage only certain javascript tries to load because it is dependent on other javascript loading so as I go through that process how am I keeping the second or third wave of script functional for that site only?

    My other question is whether functions - cookies, script etc need to have the lock
    moved to the right also if its there for the page the script or cookies come from?

    I understand what you mean re http or https etc - thanks
     
  14. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235

    Per page rules only work on direct hits it seems. So if visiting youtube.com and you have per page coookie rules to reject youtube.com, those cookie rules won't be applied when youtube.com interacts on another "mother" page. You need more per-page or global rules

    Final edit: This seems to work as intuitively expected. Seeing some crashes on webstore page though.
     
    Last edited: Nov 28, 2013
  15. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Thanks gorhill for clarifying. Please carry on your great work!
     
  16. gorhill

    gorhill Guest

    I am not sure to understand the question. Do you mean this: Whitelist all by default for a site you trust?

    "Crashes"?

    In general, for any questions or issues, it will help me a lot to answer to the point if I am given a real scenario and specific as to what is happening.

    Also, you might want to visit the forum where I try to help people by posting ready-to-use recipes: [url="https://groups.google.com/forum/?hl=en#!forum/httpsb]HTTPSB[/url].

    There is a recipe in there which you could import for "Google Account" which resolve the problem of logging in centrally for any Google services requiring logging in (like the Chrome Web Store) (as people start to use these recipes, I will fix any issue encountered for these. So far they work very well for me.)
     
  17. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Maybe this is a very basic or even stupid question, I am sorry.
    How to import a recipe in HTTPSB?

    I read this:

    "Go to "Rule manager", paste in "Recipe" box, click decode, click import."

    but I am not able to find the Rule Manager..

    Thanks.
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    here:
    Image 1.png
     
  19. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Just realized I am still running an old version...

    (Version: 0.5.4)

    Usually Chrome Extensions should update automatically, should not they?

    How to update it now without losing all settings?

    Thanks
     

    Attached Files:

  20. gorhill

    gorhill Guest

    Do you have "Process behind-the-scene requests" checked? If yes, this interferes with the Web Store (including updates, and also potentially with other extensions doing their job if they required communicating with outside world.)
     
  21. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    No, it's not checked.
    I am using Dragon, not Chrome. Could it be the reason?
     
  22. gorhill

    gorhill Guest

    I see it is based on chromium -- which is what I use to develop HTTPSB so that there is no dependency on anything specific to chrome. It appears there might be something specific in Dragon. Is the button "Update now" or (something similar-sounding) present in the extensions page?
     
  23. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Nothing.
     

    Attached Files:

  24. gorhill

    gorhill Guest

    Sorry, I should have mentioned, the option is available if "Developer mode" is checked:

    chromium-extensions-dev-mode.png
     
  25. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Ok thanks. Done, but still no update option.
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.