general discussion #484
Comments
|
Why is the website in a branch as opposed to a separate repository? |
|
@SkySkimmer |
|
FYI: 446e54b
A nice possibility to test the display of other origins is Google Image search. Here's an exemplary screenshot: |
|
What does the flag do? |
it shows red if anything has been blocked for that origin. Suppose you have a rule allowing everything which |
|
Nice changes @myrdd @SkySkimmer The idea was to have everything in the same Github repo for portability/accountability/integrity/authentication (code, issues, website, doc, releases one The released XPIs are attached to a git tag, so the committer can add a checksum to the commit for users to verify the integrity of the XPI. Unfortunately the XPIs on github can't be used for public releases (single-click installation not working, addon auto-update etc.) so it's not perfect, but once we have a signed XPI we could host the XPI anywhere (the original sslsites.de proposed by @myrdd would be ok IMHO, as long as the XPI is signed and matches the checksum in github tags). The only thing still outside the repo is the wiki, and we could add a submodule to it in the main repo (git submodule add https://github.com/RequestPolicyContinued/requestpolicy.wiki.git`), so you'd get it with |
How do you mean this? So you would sign the XPI with the CA certificate and with GPG, with the gpg-signed being for github? We could upload the certificate-signed xpi on both places, no?
adding the wiki to the repo sounds interesting – will this be for everyone who clones the main repo? Will the submodule be in all branches or just in one? (ok, master branch would be enough in general – as soon as 1.0 is released we will switch to master again.) |
The release process would go like:
By then:
I hope I made it clear :/ Please tell if something doesn't make sense ...
It will be for everyone who uses |
|
Oh, thanks a lot @nodiscc for the detailed explanation. I think this is the way I'll do it. Would you like to see pre-releases signed, too? Well, I guess it's just a few clicks, so I could do it ;)
alright, so go ahead and do that, if you'd like to @nodiscc :) we can do this either on master or on |
|
Pull request for the wiki as a submodule at #490, feel free to merge it if it's ok.
If you could sign every future tag that has an XPI attached (and add the SHA to the tag message) this would be great! Thanks! |
|
Found out about an add-on's call "Policeman" (https://addons.mozilla.org/en-US/firefox/addon/policeman) through an "ghacks.net" article. From the look of it, it purpose is similar what NoScript and RequestPolicy, however it look rather new and probably in rapid development, given a year it might be a contestant. It already is restartless/jetpack, which NoScript is trying to achieve with it next major version, and also one of the "Issue" planned for RequestPolicy. It also have a few other feature that RequestPolicy planned to have. Anyway, enough diagnosis, I wanted to ask what the contributor of RequestPolicyContinued think of it? It have potential if the developer continue to work on it. Currently is lack the ease of use but offer a strictness that surpass RequestPolicy current state. From the look of the commit ever since the RequestPolicyContinued started, it seem like "myrdd" does the major of the work. If Policeman become "better", would you consider stop working on RequestPolicy and perhaps contribute to Policeman instead? It would lessen the work that need to be put in this project. I would type more but this is already too long. |
|
hi @ldgbc thanks for your comment, I also stumbled on the ghacks.net article yesterday. I already recognized @futpib's work several months ago as he had made some changes to RequestPolicy (see here). As you can see from the commits there, his first step was to differentiate between different content types, which is also afaik the main feature of policeman. However, I still don't know the roadmap for policeman, so it would be great to hear @futpib's comment on this. It would be great if the two projects could work together in any form. In fact I already thought about some kind of framework/library which could be used by RP, NoScript etc. but this shouldn't be within the scope of this discussion. By the way, policeman is mainly written in coffeescript, but as it compiles to javascript, there's absolutely no problem. So working together and being in contact between projects would be great. However, having both RP and policeman could be ok or even good, i.e. it could be possible that @futpib has different plans than RP has, and users might be happy to choose between different addons. Once again, we need to hear what @futpib will say. PS: By the way, most of the work I've done so far is refactoring. The current internal structure is not good for maintaining. I already did a lot, but there's still a lot more to do. Possibly @futpib started his own addon/rewrite because refactoring is a lot of work (?). PPS: I'm currently working on restartlessness, and it looks good :) but it's indeed a bigger change. @ldgbc go ahead and write more about your thoughts :) |
|
Well, honestly, I don't have a definite roadmap (does RP have one?), but the addon is like an improved RP for me, so it will stay fairly similar to it anyhow. I think we can't get around duplicating effort here. I have tried working on RP, but changes I had in mind were hard (at least for me) to incorporate into existing code base (you guessed it @myrdd ). It's actually more then filtering on content-type, it's a mini-language for writing kind of rules. |
|
FYI: I've updated RP's readme and wiki. I think it's a little better structured now. Now my answer to @futpib
It's not written down :) But you could extract it from the issues that exist.
I agree with you that RP currently is still bad for extending. Nevertheless I would be very pleased if we could merge the two projects again some day or at least share the code basis. As for now, I will continue maintaining RP and refactoring its codebase. You're welcome to join at any time! :) |
|
Version The release provides a SHA-512 sum and the tag itself is signed with a GnuPG key. I've just uploaded the key to a keyserver ( |
|
congrats @myrdd thanks thanks thanks! |
I wanted to have the word "beta" in the version string. Also I wanted to remove the last zero. Sadly "1.0beta8" was not possible, so it's now |
|
Thank you @myrdd for the very quick release for the fix of #514 |
|
@nodiscc nice to hear you tried to find the problem. Yes, the code could have more comments. To debug chrome code, you have to use the browser toolbox, see here: https://github.com/RequestPolicyContinued/requestpolicy/wiki/Working-with-the-Source-Code Feel free to extend the wiki or ask questions. |
|
FYI, I've changed from Apache Ant to GNU Make. Now you can also run MozMill tests via |
|
My GPG key id is |
|
I did some work on the labels (recolouring). Also I created the Btw @nodiscc when you work on the issues, please remove a milestone from an issue if you close it as duplicate, wontfix etc. – for example like #141 |
|
I've got a question to the community. Currently I've got a quite list of issues on my personal computer which don't exist on github. It includes bugs, features that I'm planning and ToDo's in general (e.g. refactoring). I'm not sure whether I should create an issue for each one of them on github. It would probably be a little more work than managing them on my pc, but on the other hand if it's online you can review it. What do you think? Btw fyi, in Mozilla's source code repo every commit contains a link to a bug report, but I think that's not necessary for RP. |
|
@myrdd you could paste your todo on https://gist.github.com/ and link it from here. gists allow comments and you can update them (they are just git repositories, you'll get a clone URL when you save the gist). And yes it would be interesting. Ok for removing milestone for wontfix, duplicates, etc. |
|
That's a really nice idea @nodiscc, a public online scratchpad. :) Btw I'll translate/cleanup everything before creating the gist. |
|
@myrdd, yes, |
|
Posting here to start with to make sure that this isn't an open issue (I didn't find it when searching for "font" or "CSS" but maybe I'm not familiar enough with the issue to figure out what the right search term is). Going to http://www.tampabay.com/news/breaking/ with Request Policy Continued results in links to stories with an associated picture having a weird character that looks like a black circle with a white + in it showing up behind the headline text. Visiting the same page without Request Policy Continued results in an icon which I guess is supposed to represent a picture of mountains and the sun. I don't see anything that's not allowed that I would expect to prevent this transformation. (Let me know if you'd like screenshots of it with/without RPC enabled.) Is this expected behavior, an existing issue, or should I open a new issue for it? Thanks! |
|
@agilbertson1977 In this case please create a new issue. Please attach a screenshot of the expected and the actual appearance. Please also add a screenshot of RP's menu, to see which destinations have been allowed/denied. |
|
Recently I've been seeing blocked destinations such as "jid1-mnnxcxisbpnsxq-eff-at-jetpack". So far all of these have ended with "-eff-at-jetpack". My guess is that this has to do with an EFF addon. What is going on here? |
|
Using 1.0.beta12.4. Am I missing something? |
These seven entries allow facebook-internal and twitter-internal request, respectively. There are also blocking rules for those domains. So, for example, requests to
|
|
Without a minimal Allow Policy I can't even do a complete search on twitter. |
|
Hi @myrdd , it's been a long time, hope all is well. @Atavic in "default deny" mode you need to whitelist items manually to get full website functionality. |
|
Mozilla's add-on compatibility reporter shows it isn't multiprocess/e10s compatible. Reporter bug or is it actually true? |
|
According to: https://www.arewee10syet.com/ |
|
Mozilla's add-on compatibility reporter shows it isn't multiprocess/e10s compatible. Reporter bug or is it actually true?
RP is not yet e10s compatible. See
#828 (comment)
|
|
hey, I have some kind of suggestion for that amazing piece of addon that is requestpolicy: When there are some redirects, the user has to move his mouse all the way to the upper right hand corner of Firefox to click on allow, it's painful and sometimes there are timeouts (especially if you're slow or on a laptop), couldn't an enter key press fill the same function while being simpler to acheive? Thanks for having read |
|
Thanks for your comment @nazmifr. If you like to use the keyboard, you currently can press Alt+A to allow the request. If it's not „A“, it's the underlined letter on the „allow“ button. |
|
Thanks for your response, I will from now on. |
|
Hello, Please help me configure an "Allow" rule for web browsing. I perform a search on DuckDuckGo, then right-click some results and open in new tab. When I look at each "new tab", the website is blocked. I created the following rule: What am I doing wrong? |
I guess you put
|
|
Thank you! It worked! I'm thankful for this add-on and for your responsiveness. Here are my 2 cents on how to make it more noob-friendly:
--> Current "Allow" rule created by the command: --> Proposed "Allow" rule created by the command: --> Reason for the change: the current automated "Allow Rule" creation didn't work for me. I scoured the Internet for a couple of hours before creating a GitHub account and posting this question. Not complaining, just providing the perspective of a motivated noob.
|
|
myrdd, Scratch my last post. It seems more likely that I didn't see the setting until AFTER I created it manually, because the "Allow requests from" command seems to work everywhere else. I still think an FAQ that helps a new user get their search page up and running is a good idea. Here's what I propose: FAQ: My search engine web-page can't open any pages without me clicking on a link to "Allow" on each new page I open. What should I do? ANS: Here's how you add a rule to allow your search engine web-page to open new pages:
If you don't see the option to "Allow requests from" option when you hover over the icon:
|
|
Hi @zazenbingle,
Actually you should get a redirection notification when clicking on the link on duckduckgo.com. See here: #859 |
|
Are there any plans on migrating the add-on to Firefox 57.0 ("Firefox Quantum")? |
|
Work in progress, see issue #704 😃 |
|
I've recently received notification of a new release, but there's only an unbuilt version. Since AMO's dropped betas, where does 1 go to get prebuilt 1s? |
|
@TPS I put a link to the installation URL just now in the first post of #754. |
|
@myrdd Thanks very much! 🙇 |
|
Am I missing something, or is there no way to export/import the settings and custom rules? Also, I'm confused with regard to the subscriptions, since I would expect major sites like Amazon and Newegg to work with them, but I had to manually allow things to get them to not be complete disasters. Another thing, the interface is a bit confusing. You can select multiple things at once (e.g. you can select/underline permanently and temporarily allow and block, all at the same time) and it's not very clear what's going on. And the meaning of the (x+y) numbers isn't readily apparent (it's not difficult to figure out, but it would be nice if there was a key or something). It's also not clear what the different icons (?, do not enter sign (red circle with white dash), etc) or "mixed" destinations mean. And finally, the refresh page after whitelisting option doesn't work for me. I may create a separate issue for that, but it'll have to wait until I do more troubleshooting, so I figured I'd just mention it here for now. Frankly, I'm not sure RPC provides much, if anything, beyond what uBo and uMatrix do for me, and so I don't know if I'll continue using it, but it does seem like a good project, and I'd like to see it continue to improve, if for no other reason than to have options. |
|
@vertigo220 Just use uMatrix it is a good alternative and RP is dead at the moment. |
|
for the record, he just made a new release, although I have yet to get it get it compiled properly #907 and then see if it is able to install it in 60.08.0esr although soon it will be 68.0.x esr according to mozilla upstream. |
This issue is for general discussion and any kind of short comments or questions. Anything that doesn't need a separate issue can be written here. Off-topic allowed.
other useful discussions:
The text was updated successfully, but these errors were encountered: