Rated 1 out of 5 stars

by seanstizz773 on Aug. 23, 2011 ·

i recently posted a review stating that when you have request policy installed and enabled when you do a browser security test at browserscope.org "the sts test" http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security the test will not complete and does not work but when request policy is installed but disabled the test fails. when request policy is not installed the sts test passes. just stating the obvious that request policy could be a target for a man in the middle attack. on my last post this security flaw was acknowledged by request policy then my post mysteriously disappeared.

This review is for a previous version of the add-on (0.5.22.1-signed.1-signed). 

by Justin Samuel (Developer) on April 12, 2012 ·

Hi. My previous reply did not acknowledge a security flaw (there is not one). RequestPolicy's blocking of requests can make some Browserscope tests fail but that doesn't mean there is a security flaw. Rather, some tests may not have been able to run. Please see this ticket for more information: https://github.com/RequestPolicy/requestpolicy/issues/251 --- Thanks!