InformAction Forums

Whether anyone could come up with a use case for converting the request type but leaving the data, I don't know, but giving the option wouldn't hurt. The problem is that a website that's designed to take POST won't know what to do with GET data, and vice versa. It is not strictly the case that conv...

It makes no sense to separate method & data - 1) sending empty POST data is useless and will break things, and 2) how can you send POST data in a GET request? It would make more sense to just have 3 sub-categories: HTTPAUTH, COOKIE, and REQ My best guess is that the URL rewriting I mentioned ab...

If I were to submit a patch to add this feature, and presuming it met your standards, would you accept it? Based upon the specification (excerpt* below), the optional arguments would include such as the following (suggestions for alternative naming welcome): HTTPAUTH COOKIE METHOD DATA A user could ...

Verified.

This bug applies to ABE (not sure if it's relevant anywhere else) ...

[Edit]
Redacted PoC, embargoed until the fix is deployed in the stable channel

I completely understand regarding prioritization. Thanks!

To confirm that, is the cookie still set if you allow all 3rd-party cookies in the browser, then remove or comment out the Accept line in your rule? Yes, the cookie is still set.... FYI, the "working example" I put in my original post actually doesn't work unless you have HTTPS Everywhere...

Say that a user has the following rule in ABE: Site * Accept from SELF++ Anonymize Say that the user visits https://exampleONE.com with an image loaded from https://exampleTWO.com/image.jpg, and that image would normally set a cookie ... with the above rule set, the cookie is striped out. But (when ...

The ABE Anonymize action is replacing "??" with "?" in a URL, causing HTTP 400 Bad Request errors for requests from sites which load JavaScript and CSS from wp.com, if a rule such as follows is in effect: Site * Accept from SELF++ Anonymize This causes sites such as http://perspe...

Enhancement request ...

It would be useful if the Anonymize action were able to accept optional arguments in the same way that the INCLUSION method does. This would allow the user to specify for example that only cookies should be stripped from the request.

I am reporting a bug. NoScript sends multiple requests for the same non-existent file during the course of a single page load.

Using a tool such as the Live HTTP Headers extension (https://addons.mozilla.org/en-US/firefo ... p-headers/), and visiting such as the Wikipedia entry for NoScript (https://en.wikipedia.org/wiki/NoScript), you will see that NoScript will repeatedly request /rules.abe from bits.wikimedia.org ... thi...