HTTP Switchboard for Chrome/Chromium:

Discussion in 'other software & services' started by apathy, Nov 25, 2013.

  1. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
  2. gorhill

    gorhill Guest

    What's Chromecast? An app? I get "We recommend you set up your Chromecast from another device" when I go there.

    Re. "it's all green/whitelisted/allowed", when I go at http://192.168.1.106/apps/YouTube, I get a "Request parameter missing" error. The matrix shows zero request, and the extension icon shows all green because one request out of one was allowed, the main frame request.
     
  3. gorhill

    gorhill Guest

    Oh I see the problem... I add the "Content-Security-Policy: script-src 'none'" regardless of whether there is actual javascript. In fact, I can't know at this point whether there is actual javascript, I just know whether it is allowed or blocked, it's just the headers of the page. And the CSP directive can't obviously be added later when I have more information about the javascript environment, as it will be too late by then to prevent javascript from running.

    I don't see how to solve this except for reporting/adding a javascript of count 1 as a proxy value for all the 3rd-party javascript sources which have to execute on the the 1st-party page.
     
  4. tlu

    tlu Guest

    Thanks for confirming this problem. I remember that I've come across other sites with the same problem (unfortunately I can't remember right now which ones :oops: ). So if you'd find a solution that would be great.
     
  5. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
  6. gorhill

    gorhill Guest

    Heh, I missed that the IP address was a LAN address. The net traffic of those apps of course is found in the behind-the-scene scope.
     
  7. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Hi Raymond, I just downloaded the 0.7.9.3 zip from GitHub link.
    When trying to update 0.7.9.2 this way, through 'loading unpacked extension' in Chrome, I get 2 versions of 0.7.9.2 in Chrome Extensions, with also 2 times the HTTPSB matrix icon.
    Also, reading the changelogs on GitHub, I see version 0.8.0.0 announced.
    Is there a way to manually install that version? Updating through Chrome keeps me at 0.7.9.2.
    regards, baserk.
     
  8. tlu

    tlu Guest

    See Raymond's remarks here.

    That version is not yet out. Quote from the changelog site:

     
  9. gorhill

    gorhill Guest

    I have the habit of writing down in the change log what will be in the next version so that I dont forget all the changes, and when I release the change log is all up to date. The change log for unreleased versions often reflect the state of the project in Github, although I can't guarantee it.

    Unless for development purpose, I don't recommend installing the sources themselves from Github (except for official releases in dist/*.zip), as the "build" is sometimes broken because I want to work from another computer, etc.

    Version 0.8.0.0 is taking longer because I really want to have as much as possible the preset recipes to not work halfway, as this is destined to become one of the key feature of HTTPSB. This is the current status of what is holding v0.8.0.0 from being released.
     
  10. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Thanks tlu and gorhill.
    I'll keep a sharper eye on this thread/info posted here.
     
  11. musings4

    musings4 Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    21
    I think there's a bug in HTTP SB in which Opera's Last Pass & Adblock Plus extensions fails to function properly in certain scenarios. In ABP, when updating or subscribing filters, it fails to download. In Last Pass, after I input my login credentials, an error occurs stating some functions are disabled (offline mode) and / or the icon turns yellow which states it can't connect to there servers. When I disable HTTP SB, the issues disappear. I've attached an image:

    ABP.PNG

    Last Pass.PNG

    This was on a Windows 7 64 bit OS.
     
  12. tlu

    tlu Guest

    No, it's not a bug, it's a feature ;). You obviously block all behind-the-scene requests in HTTPSB which is fine - but that also blocks all requests made by your extensions. In order to solve that problem you should do the following:

    1. Open the HTTPSB statistics page and select "Chromium: Behind the scene". You should see something like:

    xmlhttprequest <a> https://easylist-downloads.adblockplus.org/...

    If you don't, please perform a manual update of your filter lists in Adblock. You should get an error message in Adblock and a corresponding red entry in the HTTPSB statistics like the one above.

    2. While on that page click the HTTPSB symbol which opens the chromium-behind-the-scene matrix. You will see a number (probably 1) in the XHR cell for easylist-downloads.adblockplus.org. Whitelist that cell and click the padlock to save that rule.

    3. Now login into Lastpass. You should see red entries in the statistics page like:

    cookie https://lastpass.com/{cookie: PHPSESSID}
    xmlhttprequest <a> https://lastpass.com/login.php

    4. Click the HTTPSB symbol again, whitelist the cookie and XHR cell for lastpass.com and save those rules with the padlock.

    5. You might need to perform this procedure for other extensions you're using if you think that those requests are legitimate. Remember that there are extensions which are/have become malicious and contact, e.g., specific adservers. You'll find some related threads here on Wilders. HTTPSB protects against such evil extensions.

    6. Very important: By blocking all behind-the-scene requests you will not be able to install new extensions or update existing ones. I don't know about Opera - for Chrome I have to whitelist the "other" cell for clients2.googleusercontent.com. You'll find the necessary rule(s) by performing the steps above accordingly.
     
    Last edited by a moderator: Feb 8, 2014
  13. gorhill

    gorhill Guest

    Thanks to tlu for having taken the time to answer your problem.

    I will just add that out-of-the-box, HTTPSB ships with the behind-the-scene matrix being in allow-all mode, so as to not interfere with the browser and extensions functions.

    I suppose you used the Rule manager's "Delete all" feature for you to end up with a behind-the-scene matrix in block-all mode? This is something I address in the next version: the "Delete all" button (renamed "Mark all for deletion") won't remove these out-of-the-box rules if they exist, so as to avoid the problem you are experiencing.
     
  14. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Any idea when you release again Gorhill? I am curious about your personal thoughts on behind-the-scene requests. Do you block them or allow them all. I am currently allow them all but I don't like the idea of browser operations going on without my knowledge.

    My two favorite projects HTTPSB and Bazqux Reader are both excellent with a single developer making a project that whole programmer teams can't do. Kudos!
     
  15. gorhill

    gorhill Guest

    I hope to release within a few days. Could be today even if I don't see anything wrong with the latest changes.

    I block all behind-the-scene requests by default, and allow 'other' for 'googleusercontent.com' to not break the Chrome store. All my privacy-related settings which can cause net requests to remote servers are unchecked.

    There is still the issue that Chromium still connect to Google servers behind behind-the-scene at launch and regularly afterward (for extension updates quite probably), something for which the extension cannot do anything. I suspect there are command line switches to disable this.
     
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    just one general comment:

    when using programs like HTTP SB or NoScript i eventually get tired of allowing this and that.

    i know HTTP SB has a huge blacklist so i'm wondering what would be recommended to make the experience less intrusive.

    there's a few options in the settings, like Strict Blocking and temporary site-level scope...
     
  17. gorhill

    gorhill Guest

    This is the biggest drawback of using such a blocker, and some feedback comments on the Chrome store confirm that. HTTPSB is certainly easier to use than NoScript, but whoever couldn't stand NoScript is likely to not being to stand HTTPSB -- I was mistaken with my initial goal of making the extension more friendly to less geeky users.

    This is what I am trying to address with the preset recipes, as these take care to resolve the real puzzle of figuring the proper set of whitelist rules to unbreak a site.

    More infrastructure work will be released next version, but when it comes to the recipes themselves, it's a long term task, as creating out the recipes themselves is time consuming, and there will never be an end to creating them.

    So I want to focus on the biggest user-benefit-bang for the time-buck for now, which is to create preset recipes for the most common cases.

    Another piece of infrastructure which will help I hope is to allow the import of preset recipes rather than just relying on the build-in ones. This will allow the community out there to come up with there own recipe book, without having to wait on the project's direct contributors.
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    sounds good ray! :thumb:

    don't spend all your time on this m8, or you'll start dreaming about that stuff. ;)
     
    Last edited: Feb 11, 2014
  19. tlu

    tlu Guest

    Yes, I've seen this complaint very often ;) But aren't probably 80-90% of all sites you visit actually sites which you regularly load? If you whitelist them once and save those rules, HTTPSB won't bother you anymore. And from my experience, many of the 20% other sites you stumble upon (via links in postings here or via search engines etc.) can be, at least, viewed without the need to whitelist them.

    Just my 2 cents ...
     
  20. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i do whitelist my favorite sites but i'm an avid surfer.
    when i need info on a subject a can check a whole bunch of websites in no times.

    when it gets exasperating is when a site needs to load 2 or 3 external resources in order to function.

    i'm wondering if some websites just do that to upset some of us. ;)

    i'm thinking that pretty soon it will be almost impossible to surf the web with things like NoScript or HTTP SB.
    i hope i'm wrong, but it has been getting increasingly more complicated in the last year or so it seems to me...
     
    Last edited: Feb 11, 2014
  21. tlu

    tlu Guest

    When it's getting too tedious in some cases, you could (temporarily) whitelist "all".

    Or you could generally select "Auto-whitelist" in the settings (although I hesitate to suggest that).
     
  22. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i'm wondering if just Allow All with all the blacklists enabled would be sufficient...

    from what i've gathered, NoScript in Allow All mode still offers some protection.
    though protection is not what concerns me the most.

    it's all the bandwidth sucking adds and trackers, which are probably covered by HTTB SB blacklists.
     
  23. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    244
    Location:
    United States
    I was asked about the use of ABP and HTTP SB and if they work well together or if it is redundant to use both. I wasn't sure how to answer, as I'm only running HTTP, but I did notice in the settings page of HTTP you can click on the various ABP blacklists such as 'easylist'. If easylist was the only list you used in ADP and clicked on that in HTTP would that take care of this whole question?
     
  24. gorhill

    gorhill Guest

    You can get a sense of how much you are blocking from here:

    https://github.com/gorhill/httpswit...sed-blockers:-Most-recent-results-on-one-page

    I measured HTTPSB in two different modes: out-of-the-box settings and allow-all/block-exceptionally mode.

    Eventually when the library of preset recipes become comprehensive, I envision a new mode, "auto-apply preset recipe if one exists", in which case the results from such benchmarks would probably place HTTPSB more in line with Ghostery -- possibly better.
     
  25. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx everyone. :thumb:

    i am presently trying HTTP SB in Allow All mode with Strict Blocking and frames blacklisted.

    got all the blacklists enabled.
    i figure more is better. ;)

    this should make it fairly painless while still still being very good at cutting out the sludge.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.