ghost
commented
12 years ago https://github.com/RequestPolicy/requestpolicy/issues/61 and this one are closely related. If the user could allow whatever file extension to load cross-site, this would fix many usability issues: images, css, swfs/flvs would load properly without any user interaction.
This is not necessarily secure, so there should be a warning when changing this setting. Still, only allowing images from specific/all destinations may be less dangerous than allowing a whole domain just to display images/css.
I always install RP on workstations i build for other people, and they always end up totally disabling it because of these usability issues. This would be a major improvement. @jsamuel what is your view on this?
I'd like to allow css files to be loaded from 3rd parties. I know this is a bad idea concerning privacy and security so the setting might need a warning.