Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday October 23 2017, @09:09AM   Printer-friendly
from the Digital-Arms-Race dept.

Submitted via IRC for TheMightyBuzzard

The popular content blocking extension uBlock Origin blocks CSP reporting on websites that make use of it if it injects neutered scripts.

CSP, Content Security Policy, can be used by web developers to whitelist code that is allowed to run on web properties. The idea behind the feature is to prevent attackers from injecting JavaScript on websites protected by CSP.

CSP reports any attempt of interfering with the site's policies in regards to scripts to the webmaster. This happens when users connect to the site, and is used by webmasters to analyze and resolve the detected issues.

[...] Raymond Hill, the developer of uBlock Origin, replied stating that this was not a bug but by design. The extension blocks the sending of CSP reports if it injects a neutered Google Analytics script.

Source: https://www.ghacks.net/2017/10/19/ublock-criticized-for-blocking-csp/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by urza9814 on Tuesday October 24 2017, @03:05PM (2 children)

    by urza9814 (3954) on Tuesday October 24 2017, @03:05PM (#586892) Journal

    Until you get to banks that offer different tiers of checking accounts, one with bill payment and the other without, and require a larger minimum balance to avoid a monthly service fee for the one with bill payment than for the other without.

    If your bank sucks, pick a better one. I don't see the problem here...

    Before I create an account at a bank, how do I go about seeing whether its web application for logged-in account holders requires the use of a script from a different domain? Or would you recommend that I go through the process of creating an account, set up online access, and then go through the process of closing my account once I discover that online access requires the use of a script from a different domain?

    You could always ask them. If they get enough requests for that info, they'll probably start marketing it. But I've never seen a bank that requires third-party scripts anyway, it seems like pretty poor security practices. So judge their competency the same way you would with anything else.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Pino P on Wednesday October 25 2017, @09:06PM (1 child)

    by Pino P (4721) on Wednesday October 25 2017, @09:06PM (#587566) Journal

    If your bank sucks, pick a better one. I don't see the problem here...

    The problem is that all banks suck. They just suck in different ways.

    • (Score: 2) by urza9814 on Thursday October 26 2017, @12:28PM

      by urza9814 (3954) on Thursday October 26 2017, @12:28PM (#587774) Journal

      So use a credit union. I've got all my money with PSECU and they're fuckin awesome. I don't think I've ever paid them a dime...no overdraft fees, no ATM fees (even ATM fees charged by other banks get refunded), no checking or debit fees, no credit card fees, no fees for the bill payer. No real minimum balance (It's $5)...and at the end of every year they pay me just for having an account.