Open gsingh93 opened 9 years ago
jkingsman
commented
9 years ago Could you provide an example of a false matching URL for this, please? Per the code, only 200's should match:
From https://github.com/jkingsman/bishop/blob/master/src/js/content_script/content_script.js#L148:
if (req.status == 200) {
if (pattern.test(req.responseText)) {
addSiteAndAlert(url, ruleName);
}
return false;
}
gsingh93
commented
9 years ago I can't give the URL because it's an internal company URL. I opened the dev console, switched to the network tab, went to internal.companywebsite.com/tool/cgi-bin, and it redirected with a 302 to internal.companywebsite.com/tool/prod, which is what it does for all URLs.
jkingsman
commented
9 years ago Hm; interesting. I'll do my best to replicate that then. Thanks for the info.
On Sep 24, 2015, at 5:11 PM, Gulshan Singh notifications@github.com wrote:
I can't give the URL because it's an internal company URL. I opened the dev console, switched to the network tab, went to internal.companywebsite.com/tool/cgi-bin, and it redirected with a 302 to internal.companywebsite.com/tool/prod, which is what it does for all URLs.
— Reply to this email directly or view it on GitHub.
gsingh93
commented
9 years ago I think I found the issue: https://stackoverflow.com/questions/8238727/how-to-prevent-ajax-requests-to-follow-redirects-using-jquery
So you'll never see a redirect with an XMLHttpRequest, only the status code after the redirect. Not sure what the proper workaround is.
jkingsman
commented
9 years ago Intriguing; good sleuthing. Not sure if there's a way around that, then.
I've had multiple false positives because of sites that redirect URLs that don't exist to some default page. There should be an option to not consider redirects (status codes 301/302) to be successful rule matches.