HTTP Switchboard for Chrome/Chromium:

Discussion in 'other software & services' started by apathy, Nov 25, 2013.

  1. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I noticed that too a few days ago. Last time I checked Scriptsafe developer's blog he was using Firefox with Noscript in Linux as his personal browser setup. So, it doesn't seem as he is trusting his app too much, but it's nice of him to improve it this way for people that still use it.
     
  2. luxi

    luxi Registered Member

    Joined:
    Aug 31, 2013
    Posts:
    74
    Just updated to version 0.9.7.1 and I see it's got some notable new features. I'm disabling AB+ as HTTPSB now has element hiding support (yay). Blocked domains now have links to hpHosts and WOT if you want to easily check out a certain site. You can now also change the diagonal stripes color and opacity of blocked frames (changed mine to a nice blue, from the previous default red). Did I miss anything?

    Thank you gorhil, these latest changes are awesome and make your extension even more usable and useful.
     
    Last edited: Jun 13, 2014
  3. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    544
    Location:
    Switzerland
    Hi,

    first, I had tested the HTTP Switchboard short (few hours only). It seems VERY VERY interesting! Maybe I will change my (default) Browser from Firefox to Chrome.

    But before I have the following (stupid?) question:

    In NOSCRIPT (Fx) after regulating a site (domain) - which means: allowed all good things (scripts), blocked all bad things (added to untrust-list) - the statusbar from Noscript no more appeared UNTIL the site was changed with for ex new unknown script.

    So I knew:

    - No NoScript-Statusbar/Infobar = No relevant changes related to NoScript and no things are required to check (to allow or block).

    - WITH NoScript-Statusbar/Infobar = Ah, there is something new blocked - I should check this (could be a new script which is required for problem-free service on this site - or whatever).

    In HTTP Switchboard I have the Icon of course. But this is an overview, not more. How can I see, If there are new blocked things in a later time (except I check the dashboard after each (re)load of a site)?

    Thank you very much for answering in advance!

    Greetings from Switzerland,
    Alpengreis

    PS: Sorry for my bad english, it's not easy for me to explain such things in this language (also not with translators) ...
     
  4. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    861
    Location:
    Canada
    There is no status bar in HTTPSB. In general I am not fond of getting in the face of users with widgets which overlay on top of web pages, or as a bar (if that is possible in chromium, I didn't check). I can see your point though.

    But even if I wanted to implement this behavior, it's less straightforward than with NoScript, because HTTPSB deals with more than just scripts (other stuff can also break pages), and also because block/allow rules propagate through inheritance. I don't see how I would implement the behavior you describe if I wanted to. If a user click the `all` cell in the matrix, this means all non-blacklisted cells will become "allowed", including future ones which may appear on the page, so the concept of "new" doesn't really make sense in HTTPSB, because future requests which may not have occurred yet are taken care through inheritance. "Graylisted" in HTTPSB is also a valid state which the user may choose on purpose.


    Bottomline is that although I offer a NoScript-like setup as a convenience for some users to start playing with HTTPSB, HTTPSB is first itself, i.e. not trying to be a clone of something else.

    edit: remove redundancy and not really needed emphasis.
     
    Last edited: Jun 21, 2014
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    544
    Location:
    Switzerland
    Hi gorhill,

    thank you for detailled explanation!

    Okay, with all the things it could be really an overload of infos - I understand.

    Have a nice rest of weekend!
    Alpengreis
     
  6. Niluje

    Niluje Registered Member

    Joined:
    Jun 24, 2014
    Posts:
    2
    Hello everyone,

    I have a question about the Ubiquitous Allow rules. I tried to find an answer to my question on the web (hello ADB+ syntax) and to fiddle a bit with it, but was in the end unable to do what I want.

    I am using the Pocket addon, and since they modified the addon, I now need to allow getpocket.com XHR on each and every site I visit in order to save the page. I tried adding getpocket.com in the Ubiquitous Allow rules, which allowed everything for getpocket.com except XHR, and was unable to also allow it with XHR.

    => Is there anyway to allow getpocket.com on everysite and scope domain including for XHR stuff?

    Thank you for your help and kudos gorhill for this impressive and very neat addon!

    Cheers
     
  7. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    861
    Location:
    Canada
    Matrix-related ubiquitous rules do not support finer granularity than hostname. So what you did above should have worked, but you say it allowed everything except XHR.. So I suspect that you generically blacklisted XHR requests? (I don't see another explanation). The limit to coarse granularity for matrix-related rules is a limitation for performance reasons, CPU and memory. I did try not too long ago to support higher granularity for the ubiquitous rules but that would have inflated the code size just to evaluate the matrix to scary proportion.

    So a solution is whether you disable the generic blacklisting of XHR, or you disable strict blocking in the settings. I wanted to try getpocket.com, to see for myself the problem and what solution there is, but I was asked to register, I prefer not.
     
  8. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I use the Pocket extension as well. Are you blocking behind the scene requests? It uses those requests, the easy way to see if you are blocking them is to open the settings page on HTTPSB and while its open click on the HTTPSB icon. http://i.imgur.com/m9mRuxp.png
     
  9. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Gorhill, I noticed that the page doesn't refresh when I disable/enable abp filters.
     
  10. Niluje

    Niluje Registered Member

    Joined:
    Jun 24, 2014
    Posts:
    2
    Thank you for your quick answers :)

    I do indeed generically blacklist the XHR (as I think you said on your github it was a main conveyor of various attacks). I am not sure about the behind the scene requests - i did not change the default settings on these.
    I will be away for the next few days, but I will try your suggestion and tell you how it goes when I come back.

    Thanks again and have a nice evening/day.
     
  11. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    861
    Location:
    Canada
    The code for "smart reload" is based on the state of the matrix. ABP filtering was added later and it's not really compatible with the existing code. I would need to implement this, but given the amount of work I convinced myself it wasn't that important (I rationalize like that a lot). But if ever there are requests for a smart reload in µBlock, I suppose I will have too.
     
    Last edited: Jun 25, 2014
  12. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    861
    Location:
    Canada
    Many people have been expected rules in global scope to become part of narrower scope when it is created.

    It had been suggested that I copy all global rules into newly created scopes. I was against because I fear rule bloat, as even rules which are irrelevant to a specific site would be copied. But then, if a user is tidy and keep the number of rule in his global scope to a minimum, only what is needed, it starts to make sense. It's the dilemma I am facing. But I can definitely see how convenient that would be. To wash my hands of whatever resulting bloat, I could just provide a new setting, "Copy global rules into domain- or site-level scope at creation time"...
     
  13. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    Hi Raymond, is there any way to export HTTPSB settings from Chrome extension and then import them in the Opera's one?
    I am currently testing Opera and I would like not to waste time in setting HTTPSB again from scratch.
    Thanks
     
  14. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,395
    Maybe you could use HTTPSB Chrome extension in Opera but first you will have to install "Download Chrome Extension" from the Opera extension store.
     
  15. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    HTTPSB is already available for Opera itself, no need to use the Chrome one.
     
  16. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,395
    Yes I know but I meant that if you use the Chrome extension in Opera, you might be able to copy the content of HTTPSB extension directory from Chrome to Opera (extension directory).
     
  17. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    861
    Location:
    Canada
    Yes: Go in the About tab in HTTPSB's dashboard, then select "Back up to file...", and then you can later import the resulting file using "Restore from file...".
     
  18. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    Great! Thanks!
     
  19. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I noticed that even though I have xhr translate.googleapis.com whitelisted in my global scope it still isn't whitelisted in domain level scopes when I need to translate a foreign site. Btw congrats on reaching 1.0.0!!!
     
  20. tlu

    tlu Guest

    I assume it's because of what it said in the changelog:

    This means that your global rules are not copied to your existing domain- or site-level scopes but only to new ones. This may change in a future version as Raymond wrote.

    I'll second that! HTTPSB is definitely outstanding!
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,006
    Location:
    Canada
    gorhill has it honed to near perfection. Thanks gorhill!
     
  22. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I'm wondering now what are the most important thinks to block: Javascript, frames, xhr? The only thing I'm not blocking right now is css,img,plugin, and other. I have flash blocked via click to play. I need other allowed or I can't download stuff. I'm trying to strike a balance between security and ease of use. Currently using Noscript-like mode.
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,869
    Location:
    Italy
    Incompatibility with HTTPSB and Avira Browser Safety?

    Immagine.jpg
     
  24. tlu

    tlu Guest

    That's probably the same as this one.
     
  25. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,869
    Location:
    Italy
    With Avast Online Security does not happen.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.