RequestPolicy Continued

Rated 4 out of 5 stars

by Sam Archer on Feb. 27, 2016 · permalink

Congratulations on building an incredibly handy and mandatory tool for the Firefox community, your efforts are sincerely appreciated.

I just need to highlight one small point of interest which I feel deserves some clarity. It might be a bug or it might just be me misconfiguring something.

(Step-1) I have disabled all Subscription Policies because I would like to create my own on the fly if and when needed which works just fine.

(Step-2) Under Default Policy I have also ONLY selected “Block requests by default” and took the tick mark OUT from the “Allow requests to the same domain” box because I do not want ANY scripts to be allowed initially when I visit any website and therefore have full control over what eventually does get allowed.

When I visit www.github.com for example, the above settings are applied 100% correctly and I have to manually configure github.com to allow loading scripts from its own domain which is exactly what I want.

The problem however is when I visit www.google.com or www.yahoo.com for example. Somehow they are allowed to always load scripts from their own domain although I have explicitly disabled the options to do so.

My understanding is that the default behavior would always be executed in the absence of a policy rule and I have NO policy rules for Yahoo nor Google. So question time. Why is Google and Yahoo downloading scripts from their own domain when default policy clearly dictates otherwise and I have no policies set for them?

I clean installed the latest Firefox 44.0.2 32bit from scratch and installed the latest RequestPolicy Continued as the ONLY extension and still the problem persists. It is therefore not a conflict between extensions.

Once more, sincere gratitude for your efforts on a great security product.