InformAction Forums

therube wrote:Options | Notifications, ABE -> checkmarked?

Yes.

When I go directly to http://shopping.yimg.com from the link here, I see the yellow bar with:

Request {GET http://shopping.yimg.com/ <<< http://forums.informaction.com/viewtopi ... 935#p15935, http://forums.informaction.com/viewtopi ... 935#p15935} filtered by ABE: <*.yimg.com> Deny

When I click Options, I get ABE popped up showing:

Site *.yimg.com
Accept from *.yahoo.com yahoo.com *.yimg.com yimg.com
Deny

BUT when I type http://shopping.yimg.com into the address bar, the site opens without any problems. No yellow error bar. The script list shows the toggle "Forbid yimg.com"!

Jojo999 wrote:BUT when I type http://shopping.yimg.com into the address bar, the site opens without any problems. No yellow error bar. The script list shows the toggle "Forbid yimg.com"!

Me too.

Alan Baxter wrote:

Jojo999 wrote:BUT when I type http://shopping.yimg.com into the address bar, the site opens without any problems. No yellow error bar. The script list shows the toggle "Forbid yimg.com"!

Me too.

This is correct.
ABE checks all the requests, except the ones generated in background by the browser (e.g. to check for automatic updates) and for top level pages loaded directly from the address bar or a bookmark (like in your case).
Otherwise I couldn't restrict requests to somewebapp.com to the somewebapp.com origin itself only (which is the primary anti-CSRF ABE use case), because I couldn't load http://somewebapp.com at all.

Can I please get an answer to my post of:
Jojo999 » Sat Feb 06, 2010 3:20 am

Jojo999 wrote: So HOW do I know that the ABE is actually blocking access to yimg.com at sites other than Yahoo.com?

You know because you wrote the rule.
You can check by looking in Tools|Error Console.
You'll get yellow notifications only if ABE is blocking a document load (either top level or iframe), because otherwise it would be too noisy to be useful.

Jojo999 wrote: btw: There is no indication that I notice that an ABE rule is in effect for an entry in the script list.

In fact, because script blocking and ABE are completely disjointed.
Script/plugin blocking works at the domain level, independently from the network protocol.
ABE works at the HTTP request level, considering the full destination URL, the HTTP method and the full origin.
So there's no meaningful way to correlate the two things.

BTW, when you refer to a certain post, like

Jojo999 wrote: Can I please get an answer to my post of:
Jojo999 » Sat Feb 06, 2010 3:20 am

please use a link, it's much easier to find (for instance, I can see "10:20 am" because of timezone).
Just right click on the little page icon beneath the referenced post title and select "Copy link", then paste it in your new post, thanks.