Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
myppomeu2015-02-20 21:48:22
Browsers
myppomeu, 2015-02-20 21:48:22

What type of HTTP request is safe to allow following links for ABE rules in Noscript?

I use Firefox + Noscript. To limit cross-site requests, I wrote a number of rules of this type:

Site .twimg.com
Accept from .twitter.com .twimg.com
Deny

In this case, the transition to the specified site (in this case, twitter) via links from third-party sites stops working: Noscript blocks the GET request from the third-party site.
Would it be safe to include the line "Accept GET from ALL" in the rule? The resulting rule looks like this:
Site .twimg.com
Accept from .twitter.com .twimg.com
Accept GET from ALL
Deny

Will I be vulnerable to any type of attack by including this line? If so, which one and what is the safe way to allow following links to a site specified in the ABE rules?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
K
kocherman2012-07-25 17:44:39
Is it possible to use such construction in html