
Chromium: I just wanted to quickly hack an iframe blocker for personal use - gorhill
https://github.com/gorhill/httpswitchboard
======
pygy_
For Firefox, Request Policy is more or less equivalent. HTTP Switchboard has a
better interface, though. Request policy works on a global per domain basis
(allow/forbid), this one has better granularity (you can specify the type of
content for each (sub)domain).

[https://www.requestpolicy.com/](https://www.requestpolicy.com/)

[https://addons.mozilla.org/en-
US/firefox/addon/requestpolicy...](https://addons.mozilla.org/en-
US/firefox/addon/requestpolicy/)

~~~
anglebracket
> [https://addons.mozilla.org/en-
> US/firefox/addon/requestpolicy...](https://addons.mozilla.org/en-
> US/firefox/addon/requestpolicy/)

I like and use RequestPolicy on a daily baiss, but unfortunately the version
on AMO hasn't been updated for some time now. There are a number of long-
standing issues (like clicking links in the view source view,) including one
that allows bypassing the whitelist entirely [0].

>this one has better granularity (you can specify the type of content [...]

Mmm, RequestPolicy's meant to allow or deny cross-domain communications full
stop. It doesn't care too much about what happens once it's allowed.

The granularity offered in HTTP switchboard is better suited to dealing with
cross-domain "annoyances" than RequestPolicy.

>[...]for each (sub)domain).

Not quite the same, but RequestPolicy allows you to use the effective TLD,
full domain, or scheme + full domain + port for your rules (it's under
preferences.) By default it uses the effective TLD.

[0] [http://blog.saynotolinux.com/2013/11/bypassing-
requestpolicy...](http://blog.saynotolinux.com/2013/11/bypassing-
requestpolicys-whitelist.html)

~~~
pygy_
_> Not quite the same, but RequestPolicy allows you to use the effective TLD,
full domain, or scheme + full domain + port for your rules (it's under
preferences.) By default it uses the effective TLD._

The trouble is that the setting is global. If you chose "full domain", the UI
doesn't allow you to whilelist a TLD anymore, which is annoying for some CDNs
(some sites change the subdomain of their CDN for each page load).

~~~
anglebracket
Yeah, that's a design issue in RequestPolicy that I'd like to see fixed. I
never use the full domain option because it's such a pain to use on sites with
many subdomains.

------
MDCore
What the title nor the github account are up front about is that this is an
ad/privacy blocker that comes with a rather large blacklist[1]. I tried
disabling it (because, like the title, I only wanted to block a single thing)
but it wouldn't let me work around the blacklist.

Perhaps be more up front that this is an adblocker.

[1]: This is just one of the blacklists:
[https://github.com/gorhill/httpswitchboard/blob/a325083df02b...](https://github.com/gorhill/httpswitchboard/blob/a325083df02bd013ff533054415925af77a79fed/assets/httpsb-
blacklist.txt)

~~~
pygy_
You could fork it, get rid of the black lists and publish it on the Chrome web
store.

It is licensed under the GPL, which was created for this very use case.

~~~
MDCore
I suppose I could if I wanted to go to that very large amount of effort just
to get that small amount of functionality. Methinks a userscript would be a
lot easier.

I'd agree with your comment if I'd said "They should take the blacklist out."
Instead I wrote that the title and github project are not up front about a
core piece of functionality of the plugin.

~~~
rmrfrmrf
Userscripts wait for the DOM to finish loading, though, no? Thus defeating the
purpose of saving bandwidth?

~~~
tyilo
They run at either "document-start", "document-end" or "document-idle".
"document-start" is as soon as possible.

------
johnpmayer
Do you think that there will ever be widespread/mainstream client-side control
of the web like this? Where it was the norm that, say, 90% of web users
blocked ads and analytics? Would it be good or bad?

~~~
lowboy
I think we'd see sites implement some sort of check to see if their ad scripts
loaded properly, and ad/analytic providers enabling this through hooks. There
would probably be "good" providers that would get whitelisted.

As a web user, I welcome this extension. It's my browser, and I should be able
to control its IO.

As a web developer... well, I've never been a fan of advertising-based
revenue, but I'd like accurate analytics.

~~~
dictum
I block most tracking services. I wish I didn't have to do that. I'd love if
sites could get accurate analytics, as long as the data stays with the website
owners (so, nothing from external companies and no pinging Google etc.), isn't
shared with third parties (no, not even "trusted" third parties), retention
times are not longer than 2 years, it's reasonably anonymized, etc.

Until a trustworthy self-hosted analytics script that's fast and doesn't
consume too many resources appears, my browser/OS and other info will remain
underrepresented in websites' analytics dashboards.

~~~
tomrod
What is your method to block things?

~~~
wtallis
NoScript takes care of most tracking systems (those loaded from third-party
domains), and has surrogate scripts to prevent it from breaking websites that
attempt to depend on the most common tracking scripts, and for this it is the
first line of defense. AdBlock I use mostly for most common forms of single-
pixel tracking images (and ads, of course), and Cookie Monster to manage
cookie permissions, and BetterPrivacy to get rid of flash cookies.
RequestPolicy is the nuclear option for when I'm feeling most paranoid. (EDIT:
RequestPolicy's 1.0 betas have a default-allow mode, which makes it much
easier to leave enabled during everyday use.)

For me, the toughest thing is to figure out which cloudfront subdomains to
allow.

------
mmastrac
Very nice. I like the effort you've put into making it look great as well.

------
ooobo
Not something I would use as I haven't got too annoyed with the web yet, but
that is one excellent, common-sense interface,

------
Sarkie
Good idea but not great default.

Installed it, none of my sites work because of your addon blocking everything
by default.

It needs to allow everything first by default and I can selectively turn off
the crap.

------
grannyg00se
Thanks for posting this. The code is easy to follow which is always a notable
accomplishment. It's also a really good example of github usage including
opening of issues, commenting on them, and closing them. And a pretty nice
wiki as well.

------
iagooar
I really like this tool. The panel is just great for seeing what exactly is
being blocked and what not (which is not the case in some other addons).

I think it is pretty solid right now, if you keep working on it, it could soon
become the new Adblocker.

------
timeiscoffee
well, this kills feedly..

~~~
gorhill
It's working for me if I whitelist `feedly.com`.

------
oakaz
add a pause button please

~~~
gorhill
It's in the extension's pop-up menu: click the top-right icon, and there is
the option "HTTPSB on/off" (recording continues though even if off, so one can
still see what is going on in the page).

