search

ACK-J / Port_Authority

Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.
GNU General Public License v2.0
129 stars 10 forks source link

fix: allow domain whitelisting by url.host #30

Closed jjk1492 closed 1 year ago

jjk1492 commented 1 year ago

Spoke with @ACK-J on how whitelisting is intended to filter and we decided on domain-based (so no path specific).

Whitelisting works by checking if a requests URL's host property contains the host property of whitelisted domain.

Given we are whitelisting by host if you wish to whitelist an entire domain you must ensure to NOT register a subdomain in the whitelist.

For example: If you whitelist foo.bar.com and then navigate to bar.com then requests WILL be blocked. But if you go to foo.bar.com requests WILL NOT be blocked

On the flip side, if you whitelist bar.com and then go to foo.bar.com requests WILL NOT be blocked.

ACK-J commented 1 year ago

image image

Looks like there might be a bug with the host blocking. Threatmetrix hosts aren't added to the blocked_hosts object or blocked from being accessed. Taking a look at the code now to see if I can figure out whats wrong. The above images are after requesting many threatmetrix hosts.

Edit: after re-cloning the repo, the issue no longer existed. @jjk1492 also confirmed that the plugin worked as expected on his end. I'm not sure why I was having that issue.