Stops login to FlickR Rated 3 out of 5 stars
FlickR recently started preventing me logging in. Disabling Smart Referer resolved the issue. It's a shame, as it's been a reassuring add-on, but now unusable for me.
Works flawlessly, but Firefox 28 has (hidden) preferences for this! Rated 4 out of 5 stars
Since Firefox 28 there are three new items in about:config:
network.http.referer.XOriginPolicy: 0=always send, 1=send if base domains match, 2=send if hosts match
network.http.referer.spoofSource: false=real referer, true=spoof referer (use target URI as referer)
network.http.referer.trimmingPolicy: 0=send full URI, 1=scheme+host+port+path, 2=scheme+host+port
Referrer processing is done in this order. Thus, setting XOriginPolicy to 2 makes spoofSource and trimmingPolicy useless if going from a.example.com to b.example.com, since no referrer would be send anyway due to the XOriginPolicy.
If using the three new I'd suggest to set the old network.http.sendRefererHeader to 2 (default, always send referrer).
Rated 5 out of 5 stars
Just what I was looking for. The default whitelist is quite helpful too!
To bad... :( Rated 3 out of 5 stars
Not available for your platform. FF 25.0.1 (latest), Win8 (64)
This is an essential function and should be widely available. Please make this compatible or point me in the direction of something that is.
It's already available for that platform and version, something's wrong on your side.
A must have extension for privacy. Rated 5 out of 5 stars
Firefox should include this addon by default, it's simple and effective!!! Thank you for taking the time to make this! Five stars all the way!
You're very welcome.
Rated 4 out of 5 stars
It works, but when I make a change to the preferences, it seems that I need to restart the browser before the changes can take effect.
That shouldn't be the case at all, can you give me some ways to reproduce that behaviour?
Good Rated 4 out of 5 stars
I need my own local whitelist like in RefControl
You already have a local whitelist, just put them in the Allow field in the addon's preferences page.
Auto downloading of whitelist.txt Rated 5 out of 5 stars
The automatic downloading of the whitelist without user intervention is ok for most but not all. Removing the link in the options stops the download. How can the whitelist.txt be an option or manually setup? Where is it stored? Is it deleted when the browser closes, and then needs to get downloaded again? Other than what is mentioned about the whitelist.txt, the addon works as mentioned.
Reply: Ok, thanks!
It's already an option, if you remove the link from the addon's preference page it won't be reinstated unless you write the URL of your whitelist in that box.
It's not stored anywhere, it's just downloaded and set temporarily in the internal state of the addon, it gets downloaded every 24 hours or every time you enable the addon.
Rated 5 out of 5 stars
amazing! this should be integrated in firefoxThis review is for a previous version of the add-on (0.0.10).
Rated 5 out of 5 stars
A minimalistic add-on that does what it says on the tin. Excellent. My only suggestion would be to include an auto-updating rulelist to auto-whitelist major websites that, inevitably, have resulted (and will continue to result) in negative reviews here on AMO. It's important to have a custom whitelist field for fringe cases, but end-users really shouldn't have to whitelist things like disqus.com and api.solvemedia.com on their own.This review is for a previous version of the add-on (0.0.10).
That does sound like a good idea, I'll think about how to approach it.
Thanks for the positive review.
Has problems Rated 3 out of 5 stars
I've always said that security and privacy are a good thing... up until it interferes with your own access to content.
3 stars for effort. The addon is a good idea in theory.
This addon interferes with viewing content that is served from third-party hosting servers--both enterprise level, and discount alike), such as image hosting, flash media, and video streaming server hosting companies, to name a few, that won't serve the content without a receiving a referrer url from the site that is paying for the hosting to support their portal. This is typically to keep down bandwidth increases resulting from link proliferation due to other services (such as Google Search, for instance.)
This add-on interferes with a lot of sites on the web.If you are multimedia oriented, and spend much of your time looking at video, image sites (like Wallbase.cc), or listening to streaming music, then this add-on is not for you.
If you spend most of your time scanning news websites, reading articles, writing blogs, and doing research, then this add-on is probably a good idea for you, especially if your involved in controversy like 9/11 Truth, research into US banking and Wall Street frauds, and any other type of conspiracy or government cover-up studies.
* Update: The developer brings up a good point... the addon apparently allows you to "white-list" sites. I didn't check for that. :)
As any other privacy addon you have to whitelist what you want to happen, and you can do that with this addon too.
It's like saying NoScript and RequestPolicy are bad because they break websites out of the box, you have to configure them, this is true for Smart Referer too.
Prevents videos from playing Rated 4 out of 5 stars
I was wondering why a lot of video sites were giving me "video not found" or notices that I needed to visit the video site to play the video (even though I was already there). After I disabled this add-on I was able to view videos on those sites without any problems. Perhaps a whitelist function might be needed in future releases? It was only after I posted this initial review that I found out there were instruction s on preventing this problem on the add-ons home page.This review is for a previous version of the add-on (0.0.10).
Yeah, it's on the preferences page of the addon in the addon manager.
Essential privacy tool Rated 5 out of 5 stars
After blocking tracking URLs and cookies, controlling information leakage through Referer headers is another important privacy measure. And this extension makes it pretty much install-and-forget!This review is for a previous version of the add-on (0.0.8.1).
Just works Rated 5 out of 5 stars
Coming here from the "change referer button" add-on, and breathing a sigh of relief. Now I can have a whitelist so disqus actually works. And I can use my own referer, which is handy. The "dumb referer" used by Change Referer Button was causing websites to not load properly, unless turn off referer spoofing, which renders the tool useless.This review is for a previous version of the add-on (0.0.8.1).
A nice addon just got better Rated 5 out of 5 stars
Review Update: my only complaint against this addon was that it didn't offer a GUI, but since this has changed with version 0.0.8*, I have nothing to complain about thus far.
Very nice addon, keep it up. :)
*) For other users: The new version is still marked as experimental until it gets reviewed by Mozilla but can be had from "complete version history" link at the bottom of the page, if anyone is interested.
[scraped]A simple/minimal GUI for...but nice addon nevertheless.[/scraped]
I added an interface to change the settings, you'll find it in the preferences page in the addon manager.
Although this means bumping the minimum version to Firefox 7.0.
If you could bump the stars or add anything else you don't like after the new version is reviewed it would be nice.
Rated 5 out of 5 stars
Been using this for several months now, and I'd mostly forgotten about it. That's a good thing for an extension like this, in my opinion. I like the additional privacy, and a website I visit is blacklisted from a popular imagehost for silly reasons, which this bypasses. Somewhat ironically, I've noticed it breaks Github in addition to Disqus. Updating the whitelist results in both sites working fine now.Thanks for this useful, minimal add-on.
RE Github: on the Github site the verify email address function wasn't working, and neither was the network graph (would just sit there with the loading animation), until I added it to the same whitelist as Disqus. So really just some minor things were acting strange.
Thanks for the review.
Just curious, where does it break GIthub? The gists on external websites or Github itself?
Rated 5 out of 5 stars
Great add-on! I'll tell you why; it is simple and "just works"! With the recently added white-list support (which i only have needed for disqus thus far) it is close to perfect for its purpose. One thing though, i wish the strict mode would be disabled per default because many bigger sites use content-servers on a sub-domain and if they require referrer then there will be problems. This way ppl trying it out won't just discard it right away because they run into problems with the default options. Also it would be nice with a link to a test page (test by subdomain, domain, and so on) that reports back what referrer it got, so you can see if it works or not, then you could check if you break it by typing in invalid white-list regular expressions and such..Thanks for a great add-on!
Late update/reply to meh (Aug 1, 2013): I read the description of self-referrer -it seems to be appropriate as the default mode, which it is now. Regarding the test-page: I think the new, easier, white-list feature you now have available (wildcards, not reg-exp) is sufficient to weed out most errors. The rest should be test-able by checking the pages in the white-list (example: Disqus). Also I realized anyone can make their own test-page by posting a link to an HTTP header check page like http://xhaus.com/headers in some random forum, then just click the link to see the results! :)
You know what? I agree with disabling strict mode by default.
Do you think it would be worth to set as default "self" mode too? It uses as referer the URL you're going to.
About the test page, I can provide a simple .php to put up locally, to test it I usually fill the /etc/hosts with the fake domains I want to test on and change the set of links on the .php page.
Putting it online would be harder because it would require a local DNS server to do the required magic and I don't have the resources to get a VPS for it.
Something I could do about it is a simple JS page on my website where you can test your whitelists against a set of domains.
Rated 4 out of 5 stars
I appreciate the no-restart nature of this extension, but I believe RefControl is still superior because of a toolbar button allowing easy disabling/enabling and access to per-site rules.
Four stars for a well executed extension, but no five because of the lack of any gui.
EDIT: The developer replied to my review before I edited to remove a silly mistake I'd made, which is what he references in #2. The lack of GUI is by design to prevent people who don't know what they're doing from modifying the extension's behavior. He mentions a way to create a button using Custom Buttons, but the created button will not inform the user via a pressed state or icon change of the enabled/disabled status of Smart Referer. RefControl users who do not create a lot of per-site rules may find Smart Referer to be a simpler solution for them.
1. There are other addons that are made for that particular reason, if you look at the homepage you will see how to achieve that with Custom Buttons.
2. This is exactly what this addons does, this is not a general refer handling addon, it's specifically made to provide smart referers, which are made for 3rd party requests. RefControl version of smart referers is just a `referer.host == url.host`.
This addon was *never* made to have a GUI or have many options, you should use it as it comes and change behavior only if you know what you're doing.
To be even more clear, Smart Referer is not in competition with RefControl, they are two completely different addons and they do different things.
Nonetheless using both at the same time will break one or the other, if not both.
Thank you for the review.
Rated 3 out of 5 stars
I like the concept, as I don't like webistes tracking where I have been...
I had previously been using RefControl 0.8.xx
But through my testing, found it was interfering with Disqus comment system.
Thought I would give this one a go.
But no, Disqus sections of pages still fail to show any comments when Smart-Referer is running.
Tried the suggestion of setting Smart-Referer to loose (?) not strict via FF about:config. So it is now set extensions.smart-referer.strict to 'False'.
But that did not change fact that Disqus comment sections fail to show any comments.
Only when I have turned off (Disabled) Smart-Referer (and RefControl) do Disqus comments display.
(In my eval testing, I would only be testing with one or other of these referral controls, not both at same time.)
Other point that I would suggest, is: There seems no way to know that Smart-Referer is working (assuming I don't care about Disqus issue). So a way to show that Smart-Referer is working would be nice.
As well as a way for it to work that also allows Disqus comments to function.
There is no way of making Disqus work, the issue is that Disqus uses the referer to work and it can be on any website, thus when the requests go the referer is removed because it's going to the disqus domain from another domain. Unless you add all the websites that use Disqus to the whitelist of RefControl, they won't work. You should tell Disqus to fix the issue because it's nothing we or RefControl guys can do.
If it's enabled, it's working, the whole point of the addon is to be minimal and not require any fiddling other than the strict mode in case you need to use websites with weird domain setups.
EDIT: ok, I added whitelist support and tested, it now works with Disqus, check the README here: https://github.com/meh/smart-referer for what to do. Keep in mind it will take some time to be reviewed, in the meantime you can use the package in the download section of the page I posted above.
Rated 4 out of 5 stars
I really like the concept behind this add-on and overall it seems to work really well, but it is not without flaw. In less than 24 hours I've already found one site that does not like it.
With the add-on enabled, I cannot reply to topics on 4chan. Since linking to a previous page, from the same domain, this should not happen... and after disabling Smart Referer, the problem resolves itself.
So it seems like Smart Referer could use a little more tweaking or whitelist support. Beyond that, it seems like a great add-on and I'm looking forward to future releases.
Just disable strict mode, set extensions.smart-referer.strict to false.
Also the next version that is being reviewed will have whitelist support.