Updated Contributing ruleset recipes (markdown)

2024-06-02 18:34:52 +12:00 · 2018-02-08 05:40:15 -05:00 · 2018-02-08 05:40:15 -05:00 · b624cdbdd3
parent b70416ade6
commit b624cdbdd3
1 changed files with 15 additions and 5 deletions
--- a/Contributing-ruleset-recipes.md
+++ b/Contributing-ruleset-recipes.md
@ -6,16 +6,26 @@ The strictest ruleset for which recipes must un-break sites is:

 - All 3rd-party requests blocked by default (including images/css)
 - All scripts blocked by default (including 1st-party scripts)
+- All 3rd-party frames are blocked by default

 For any given 3rd-party, if only one type of request is needed, then the rule should allow only that one specific type. Example:

-    _ someserver.cdn script
+    _ someserver.cdn xhr

-For any given 3rd-party, if more than one type of request is needed, then a broad rules should appear before the more specific ones. Example:
+For any given 3rd-party, if more than one type of request is needed, two cases:

-    _ someserver.cdn *
-    _ someserver.cdn script
-    _ someserver.com xhr
+1. If only passive resources are needed, then the rules should be specifically only for these passive resources. Example:
+
+    _ somescdn.com css
+    _ someserver.com image
+
+2. If active resources are needed, then a broad rule should appear before the more specific ones. Example:
+
+    _ somecdn.com *
+    _ somecdn.com script
+    _ somecdn.com frame
+
+***

 Using rules for hostnames which are public suffix list or below is frowned upon, though it is something impractical to stick to this rules. When this happens, a convincing argument in favor of the exception should be made.