Open ansell opened 10 years ago
nodiscc
commented
10 years ago @ansell it can be done through the preferences page: Preferences -> Manage policies -> Your policy. Example allow rule for requests from datavu.blogspot.com to apis.google.com:
Hope it helps
nodiscc
commented
10 years ago Maybe this should be added to the doc too?
d7415
commented
10 years ago Ever since v1 came out I've missed the ability to set full domain by a simple click. It might get very cluttered, but it did simplify matters if you don't want to "give away" the whole domain.
ansell
commented
10 years ago @nodiscc Yes, I have been manually typing the domain names in. To clarify, this issue is just about not having a single click in the list of choices that are given, to not give away the whole domain, as @d7415 says.
myrdd
commented
10 years ago I cannot get the option to only directly allow the full domain name of the origin to access the full domain name of the destination
Ever since v1 came out I've missed the ability to set full domain by a simple click
In version 0.5 you had the "stictness" option, which disappeared for 1.0. You could select between Base domain (like *.google.com), Host (www.google.com) and full address (http://www.google.com:80). I'd like to have Base domain and Host in v1.0 stable. I'm also thinking about a new feature: selecting the "strictness" per Base domain. This way you could use per default Host strictness and for some domains Base domain strictness. The other way round it'll be also possible. Would this solve your feature request @d7415 @ansell? Should this be supported in v1.0 stable?
About how I would implement this: In the new menu you could right-click a domain and some options will show up. One of those options could be "switch to base domain strictness for this domain".
ansell
commented
10 years ago The simplest quick fix for me would be to add the Host to Host option to the current list of "Base domain" to "Base domain" and "Host to Base domain"/etc. options.
However, being able to define the default strictness per domain would also be useful. I definitely didn't like the 0.5 behaviour where you had to select a single global strictness, as it made working with things like cloudfront.net (and mtsX.google.com/etc.) very difficult if you otherwise wanted Host or Full Address as the default.
In particular, your suggestion of a default strictness per Base Domain, would make it easy to define HTTPS-only sites if you could specify Full Address as the default for sensitive sites (alternative to that is defining a new rule in HTTPS-Everywhere which is a little cumbersome right now).
myrdd
commented
10 years ago The simplest quick fix for me would be to add the Host to Host option to the current list of "Base domain" to "Base domain" and "Host to Base domain"/etc. options.
Yes, but I don't want to add even more options to the list. It would be only a very temporary solution.
However, being able to define the default strictness per domain would also be useful.
So I think we need this feature in 1.0.
In particular, your suggestion of a default strictness per Base Domain, would make it easy to define HTTPS-only sites if you could specify Full Address as the default for sensitive sites
support for full-address is possible, but maybe a little more complex. maybe we will focus on this feature for v1.1.
aspensmonster
commented
10 years ago Yes, but I don't want to add even more options to the list. It would be only a very temporary solution.
I wouldn't shy away from adding options into the list; presumably, the list is only going to be "long" once, when the user sets the policy. If you're worried about clutter, perhaps just a check-box to show more options? Or even using check-boxes to show/hide various strictness levels?
d7415
commented
10 years ago @myrdd That would work for me. Ideally I'd like the full address (or some same <-> same setting for http vs https) but Host would be a big improvement.
myrdd
commented
10 years ago I created a separate issue for getting back the strictness: https://github.com/RequestPolicyContinued/requestpolicy/issues/474
The current 1.0.0b7 interface allows the selection of a range of options for allowing access but for some reason I cannot get the option to only directly allow the full domain name of the origin to access the full domain name of the destination.