HTTP Switchboard for Chrome/Chromium:

I don't know what to say. Maybe try to disable and re-enable the extension (warning: do not uninstall, if you uninstall, you will lose all your rules).

 

i noticed the rules can easily be saved to a text file:
Rule Manager/Export Rules.
then copy and paste into a text file.

then it's just a matter of pasting, importing the rules and locking the padlocks afterwards.

tnx again ray, great work on this extension!

 

Well...do not worry...just switched from Dragon to Chromium!
Now all is fine!

 

still using this after a week.

the thing that works for me is to slowly build a list of whitelisted sites, the fewer the better.

definitely the best alternative to NoScript on a Chrome based browser, imo.

 

Absolutely It's actually more flexible than Noscript as you can easily create more fine-grained rules in HTTPSB (well, it's also possible in Noscript via ABE but that's much more complicated and laborious).

It doesn't have features like an XSS filter or protection against clickjacking but those features are provided by Chrome itself.

 

It looks like Raymond is about to release a big update

 

I would love to see an option to temporarily whitelist domain from the context menu. Some of my extensions like pocket function a little funky when javascript isn't enabled on the current domain. Quickly enabling javascript from the menu would be great.

 

You can enable the domain and all related below it with a single click to make the box go dark green. When you want to remove the whitelist, just click on the brush icon - Clear all temporary rules.... although I do realize this action will often spawn other blocked js which may need to be enabled for full site functionality.

BTW: v0.6.2 is released

 

Yes that is easy enough to do and I am very familiar with the extension but I'm just talking speed and convenience. Sometimes I quickly want to enable javascript on a domain without going into the extensions gui.

 

First of all, Gorhill, much appreciated! Awesome work.

^It would be nice if it had a Noscript-like feature where double-clicking the icon allows temporary whitelisting for scripts/specific rule-set per page/tab.
Perhaps also a setting where you have to enable such a double-click feature explicitly, to avoid temporary whitelisting accidentally.

 

I'm trying NoScript, and I can't see this feature. When I try to double-click the icon, the pop-up menu tries to show. How does it work exactly? I would like to try it to see how easy the feature can transpose in HTTPSB.

Also I can't find the per-page ruleset on NoScript. I tried the "Allow all this page" menu entry, but clearly global scope permissions are created, as pages in other tabs with similar hostnames were reloaded.

 

in Noscript, you can temporarily allow all a website by clicking on the mouse wheel...

 

I'm finally getting the hang of this. The tutorials on the wiki page have been a great help to me - Thanks Gorhill

https://github.com/gorhill/httpswitchboard/wiki

I'm having a couple of problems where websites work and then when I close the browser and reopen it shows "this webpage has a redirect loop". I pause/turn off HTTPSB load the page then restart HTTPSB to resolve and my permissions had previously been padlocked and remain so. Marketwatch.com is one but I don't see a problem with a quick reload.

It seems easy enough to just shut it off temporarily rather than needing a pause function especially since when off the box stays on top till its turned on again so you won't forget its off.

One of the best extensions available for Chrome. I'd never have found it though if it weren't for Wilders since it doesn't have 'script' in the name. When I do a search for 'script' on the Chrome extension start page HTTPSB comes up after maybe a hundred other extensions. I dislike that there is no way to do more granular searches for extensions anyway. As an old telco guy I can appreciate the 'switchboard' part of the name it fits perfectly.

 

Let's try to resolve this. I created an account and I have to say it was quite a challenge to find the proper ruleset to login, and in particular I had to de-blacklist hostnames which are part of the preset blacklists.

So let's try this recipe:

Code:

https%3A%2F%2Fid.marketwatch.com%0A%09wh
itelist%0A%09%09*%20a248.e.akamai.net%0A
%09%09*%20barrons.com%0A%09%09*%20d29usy
lhdk1xyu.cloudfront.net%0A%09%09*%20dowj
oneson.com%0A%09%09*%20marketwatch.com%0
A%09%09*%20rpxnow.com%0A%09%09*%20sb.sco
recardresearch.com%0A%09%09*%20wsj.com%0
A%09%09image%20*%0A%09blacklist%0A%09%09
*%20*%0A

Import the above text in the Rule manager. Lock the permissions in the before leaving the browser. (In the Rule manager, just click on each rule you just imported -- I need to work more on this page, it is still a very early version missing lots of functionality.)

It is a per-page ruleset, so those preset blacklisted hostnames which we must temporarily allow won't be whitelisted outside of the page "https://id.marketwatch.com".

 

Thanks gorhill, your extension is the only reason I use Chromium
Update:

0.6.3

Context menu entries:
To temporarily whitelist all for domain of current page
To revert temporary permissions

 

Wow fantastic! Thanks very much.

 

same here, it is the only reason i use Chrome at the moment.

i like the new features in 0.6.3!

 

Updated to 0.6.4.

 

Are extensions like "Do Not Track Me" and Adblocker plus" still needed with something like HTTP SB? Seems like within the drop menu I can see the data trackers like google and facebook and I'd assume ads would fall under one of the many permanent black listed sub columns on websites.

 

quite an important change as this make HTTP Switchboard a lot more easier to use on pages like the Chrome Webstore, as javascripts are not globally blocked as before..

from the changelog:
https://github.com/gorhill/httpswitchboard/wiki/Change-log#064

----

not for me it ain't.
the Switchboard icon tells me at a glance what is happening.
that is a very neat GUI thing, btw.

très bon travail sur ce plugin Ray.

let us know if you set up a donation page, i'm in for a few beers!

 

The dreaded Chrome bug has been slayed by gorhill. Issue 35 has been beaten and I didn't even notice

 

I'm voting this best browser extension of the year

 

quite an achievement, imo!
i've tested this new 0.6.4 version and it passed the tests here:
http://www.raymondhill.net/httpsb-test/httpsb-test-js-1.html
and
https://www.wilderssecurity.com/showpost.php?p=2287519&postcount=245

totally agree!
this extension, plus the added security of the Chrome sandbox makes this an ideal lightweight privacy and security combo.

 

XHR is referring to cross domain HTML requests, right? Is there a way to see more information on that request more easily, to determine if it should be whitelisted?

ex: I am fine with a.com making XHR to b.com but not c.com. I can't think of a usable UI that allows for this though.

 

The matrix shows the *destination* of the XHR request, so that would be easy for you to allow for XHR request to just b.com but nothing else.

If you want to allow XHR requests originating from a.com to b.com but nowhere else, than it is a matter of creating a per-site permission for a.com and whitelist XHR for b.com.