tradeoff in the uMatrix default rules: third party frames are blocked but images/css are allowed
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
The default rules for the uMatrix
browser extension look something like this:
* * * block
* * css allow
* * frame block
* * image allow
* 1st-party * allow
* 1st-party frame allow
What's an example where you might want uMatrix to block a "3rd-party" frame, specifically? I assume it's not just that you want to block the text of the frame, because that would hardly be different from loading an image.
Does it imply that inside the context of a 3rd-party frame, uMatrix will treat most requests as "1st-party", and hence allow them by default? Or is the reason behind the default rules more subtle than that?
(I'm not very interested in the implications of Spectre in web browsers in this case. E.g. that was a completely unanticipated CPU bug, which I don't think was discovered at the time these defaults were set).
firefox
add a comment |Â
up vote
1
down vote
favorite
The default rules for the uMatrix
browser extension look something like this:
* * * block
* * css allow
* * frame block
* * image allow
* 1st-party * allow
* 1st-party frame allow
What's an example where you might want uMatrix to block a "3rd-party" frame, specifically? I assume it's not just that you want to block the text of the frame, because that would hardly be different from loading an image.
Does it imply that inside the context of a 3rd-party frame, uMatrix will treat most requests as "1st-party", and hence allow them by default? Or is the reason behind the default rules more subtle than that?
(I'm not very interested in the implications of Spectre in web browsers in this case. E.g. that was a completely unanticipated CPU bug, which I don't think was discovered at the time these defaults were set).
firefox
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
The default rules for the uMatrix
browser extension look something like this:
* * * block
* * css allow
* * frame block
* * image allow
* 1st-party * allow
* 1st-party frame allow
What's an example where you might want uMatrix to block a "3rd-party" frame, specifically? I assume it's not just that you want to block the text of the frame, because that would hardly be different from loading an image.
Does it imply that inside the context of a 3rd-party frame, uMatrix will treat most requests as "1st-party", and hence allow them by default? Or is the reason behind the default rules more subtle than that?
(I'm not very interested in the implications of Spectre in web browsers in this case. E.g. that was a completely unanticipated CPU bug, which I don't think was discovered at the time these defaults were set).
firefox
The default rules for the uMatrix
browser extension look something like this:
* * * block
* * css allow
* * frame block
* * image allow
* 1st-party * allow
* 1st-party frame allow
What's an example where you might want uMatrix to block a "3rd-party" frame, specifically? I assume it's not just that you want to block the text of the frame, because that would hardly be different from loading an image.
Does it imply that inside the context of a 3rd-party frame, uMatrix will treat most requests as "1st-party", and hence allow them by default? Or is the reason behind the default rules more subtle than that?
(I'm not very interested in the implications of Spectre in web browsers in this case. E.g. that was a completely unanticipated CPU bug, which I don't think was discovered at the time these defaults were set).
firefox
asked Apr 18 at 11:38
sourcejedi
18.4k32475
18.4k32475
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438494%2ftradeoff-in-the-umatrix-default-rules-third-party-frames-are-blocked-but-images%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password