RequestPolicy justinsamuel
Control which cross-site requests are allowed. Improve the privacy of your browsing. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks.
Description
RequestPolicy is a Songbird extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.
Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits, including specific pages you view throughout the day. Among the attacks that cross-site requests are used in, they are particularly dangerous with Cross-Site Request Forgery (CSRF) attacks where your browser is told to make a request to another website and that other website thinks you (the person) meant to make the request.
With RequestPolicy, the default for any cross-site request is to deny it. Users are notified when requests on the current page have been blocked (the status bar flag icon at the bottom right of your browser turns red). Clicking on this status bar flag icon gives you a menu where you can view and modify which requests are blocked and allowed. You can whitelist requests you approve of by origin site, destination site, or specific origin-to-destination.
More information on the privacy reasons for using RequestPolicy is available at:
http://requestpolicy.com/privacy
More information on the security reasons for using RequestPolicy is available at:
http://requestpolicy.com/security
RequestPolicy is not a replacement for NoScript! Each focuses on different, important issues. For the best security, we recommend using both RequestPolicy and NoScript.
*********************************************************************************
NOTE: As with any extension that blocks content, some websites will not work properly until you have allowed the required content. If a website you visit isn't working, you can use the RequestPolicy menu to allow the cross-site requests the website needs. After a short while of using RequestPolicy, you will have whitelisted all of the required cross-site requests for sites you frequently visit and you will use the RequestPolicy menu much less.
*********************************************************************************
Release Notes
Improvements:
* Crop the destination url that is shown in redirect notifications if it is very long.
* When manually whitelisting items, pressing enter while an input field is focussed now adds the items to the whitelist rather than closing the preferences window.
Bug fixes:
* Status bar icon and menu was incorrect when moving through history.
* After refreshing pages that attempt to redirect, "allow" option in notification box would sometimes fail.
* Meta refresh urls that are enclosed in quotes (e.g. ') redirected as if the quotes were part of the url.
* Following links to allowed destinations caused the link destination to be shown in the menu of other tabs still open to the same original url.
* A non-existent setter was being called in the request log (this broke the request log in Fx 3.1b3).
Images
(3)
Log in to Post a Comment
based on 2 ratings- myahoo (French translation)
- Team erweiterungen.de (German translation)
- Archaeopteryx (German translation)
- petruc (Portuguese [Brazil] translation)
- Sumin Byeon (Korean translation)
- pedro arana matus (Spanish [Mexico] translation)
- Володимир Савчук / Volodymyr Savchuk (Ukrainian translation)
- markh van BabelZilla.org (Dutch translation)
- alpmild (Russian translation)
- yfdyh000 (Chinese [simplified] translation)
- nikneyim (Turkish translation)
- Anonymous (Japanese translation)
- Aleksej R. Serdjukov kaj babilejanoj (Esperanto translation)
- Natanael_L01 (Swedish translation)
- James (Silencer) (Chinese [traditional] translation)
Jerome
Thanks ;)