[Tfug] RequestPolicy: a Firefox extension for controlling cross-site requests

Justin Samuel justin at justinsamuel.com
Fri Nov 28 13:08:51 MST 2008


Hey All,

New to TFUG, had a friend mention that some TFUG'rs had expressed
interest in the Firefox extension I'm developing, so I figured I'd
spread the word now that it's ready for usage.

The extension is called RequestPolicy. It is an implementation of my
belief that we should have more control over cross-site requests while
browsing. What is a cross-site request? It's where a webpage you are
visiting tells your browser to make a request to another site, for
example, to retrieve additional content/ads for display or to track
visitors. Cross-site requests can even be used for attacks (e.g.
Cross-Site Request Forgery [CSRF]).

Why would we want to block certain cross site requests? There are both
privacy and security reasons for doing so, as you either already know
or can see from the brief description above. If either greater privacy
or security in your browsing is desirable, RequestPolicy may be of
interest to you. (Of course, if privacy and security are of interest
to you in your browsing, you probably also want to be using other
extensions such as NoScript. The two complement each other well.)

The Mozilla add-on page for RequestPolicy is here (currently requires
registration as the extension is still classified as experimental):

https://addons.mozilla.org/en-US/firefox/addon/9727/

Here's the extension's own website where you can also download it from
(though, you don't get to download it through https as you do from
mozilla.org):

http://requestpolicy.com/

On the extension's site you can also find a more detailed discussion
of the privacy and security reasons for using RequestPolicy.

If anyone has any questions, let me know. I'm very grateful in advance
for any feedback, suggestions, or bug reports you can offer. I'd like
to soon take off the pre-release status I have set for it at
mozilla.org in order to make it available to more people, so you all
may be the last line of defense in terms of bugs, etc.

Thanks, and I hope to make it to a happy hour one of these times (I've
known about them for a while, but most of my laziness has been the
biking home afterwards part).

Justin




More information about the tfug mailing list