So IOW, the Cross-tab identity leak protection can now be configured to only check cross-tab POST requests, and this is the new default. Sounds good, I thought, let's update & take a look - if Giorgio thinks this is sufficient default security for this feature, sure would reduce the number of warnings & false positives, making this feature much nicer to use. Sweet.https://noscript.net/getit/#recent-development-history wrote:v 11.4.23rc1
x [TabGuard] Introduce prompt granularity options (default:
prompt only on POST requests)
But after updating, NoScript Options words this new option like -
So IOW, the new setting makes Cross-tab identity leak protection silently anonymize requests...and the default is to do this for all non-POST cross-tab requests? Not good, this would introduce serious usability issues
- Never prompt before anonymization
- Prompt before anonymizing POST submissions
- Prompt before anonymizing any request
So which is it?
Could whichever wording is wrong please be fixed?
And if the current wording of NoScript Options is the correct one, could the aforementioned issues with this please be addressed before this gets to NoScript stable channel? Otherwise it's just asking for a deluge of difficult support requests, if many people use Cross-tab identity leak protection.
Thanks for any clarification or action.