Add option to not consider redirects as a successful match

[gsingh93]

I've had multiple false positives because of sites that redirect URLs that don't exist to some default page. There should be an option to not consider redirects (status codes 301/302) to be successful rule matches.

[jkingsman]

Could you provide an example of a false matching URL for this, please? Per the code, only 200's should match:

From https://github.com/jkingsman/bishop/blob/master/src/js/content_script/content_script.js#L148:

if (req.status == 200) {
        if (pattern.test(req.responseText)) {
            addSiteAndAlert(url, ruleName);
        }
        return false;
}

[gsingh93]

I can't give the URL because it's an internal company URL. I opened the dev console, switched to the network tab, went to internal.companywebsite.com/tool/cgi-bin, and it redirected with a 302 to internal.companywebsite.com/tool/prod, which is what it does for all URLs.

[jkingsman]

Hm; interesting. I'll do my best to replicate that then. Thanks for the info.

On Sep 24, 2015, at 5:11 PM, Gulshan Singh [email protected] wrote:

I can't give the URL because it's an internal company URL. I opened the dev console, switched to the network tab, went to internal.companywebsite.com/tool/cgi-bin, and it redirected with a 302 to internal.companywebsite.com/tool/prod, which is what it does for all URLs.

— Reply to this email directly or view it on GitHub.

[gsingh93]

I think I found the issue: https://stackoverflow.com/questions/8238727/how-to-prevent-ajax-requests-to-follow-redirects-using-jquery

So you'll never see a redirect with an XMLHttpRequest, only the status code after the redirect. Not sure what the proper workaround is.

[jkingsman]

Intriguing; good sleuthing. Not sure if there's a way around that, then.