X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=0ca500628218eaa89dcc3f2c3e61dd4eb6e9b3c2;hp=788dc7b656e95186d1366a67b707c6ce4ba7741e;hb=d01bb4028a9d19a62672a8d7d8d13f09ae270851;hpb=352696e3ebdddaaf4d370ee35f2bab3ed3b18134
diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 788dc7b6..0ca50062 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -1,11 +1,9 @@
+
+I. INTRODUCTION
+ ===============
+
This file holds Privoxy's main configuration. Privoxy detects
@@ -266,7 +255,7 @@ II. FORMAT OF THE CONFIGURATION FILE
PATH to where the User Manual is
located:
- user-manual /usr/share/doc/privoxy/user-manual
+ user-manual /usr/share/doc/privoxy/user-manual
The User Manual is then available to anyone with access to
Privoxy, by following the built-in URL:
@@ -277,7 +266,7 @@ II. FORMAT OF THE CONFIGURATION FILE
If the documentation is not on the local system, it can be accessed
from a remote server, as:
- user-manual http://example.com/privoxy/user-manual/
+ user-manual http://example.com/privoxy/user-manual/
@@ -1994,6 +1983,11 @@ ACLs: permit-access and deny-access
Requests are accepted if the specified trusted-cgi-refer is the prefix
of the Referer.
+
+ If the trusted source is supposed to access the CGI pages via
+ JavaScript the cors-allowed-origin
+ option can be used.
+
Declaring pages the admin doesn't control trustworthy may allow
@@ -2005,7 +1999,75 @@ ACLs: permit-access and deny-access
-@@trusted-cgi-referer http://www.example.org/local-privoxy-control-page]]>
+@@#trusted-cgi-referer http://www.example.org/local-privoxy-control-page]]>
+
+
+
+
+cors-allowed-origin
+
+
+ Specifies:
+
+
+ A trusted website which can access &my-app;'s CGI pages through JavaScript.
+
+
+
+
+ Type of value:
+
+ URL
+
+
+
+ Default value:
+
+ Unset
+
+
+
+ Effect if unset:
+
+
+ No external sites get access via cross-origin resource sharing.
+
+
+
+
+ Notes:
+
+
+ Modern browsers by default prevent cross-origin requests made
+ via JavaScript to &my-app;'s CGI interface even if &my-app;
+ would trust the referer because it's white listed via the
+ trusted-cgi-referer
+ directive.
+
+
+ Cross-origin resource sharing (CORS) is a mechanism to allow
+ cross-origin requests.
+
+
+ The cors-allowed-origin option can be used to specify
+ a domain that is allowed to make requests to Privoxy CGI interface
+ via JavaScript. It is used in combination with the
+ trusted-cgi-referer
+ directive.
+
+
+
+ Declaring domains the admin doesn't control trustworthy may allow
+ malicious third parties to modify Privoxy's internal state against
+ the user's wishes and without the user's knowledge.
+
+
+
+
+
+
+@@#cors-allowed-origin http://www.example.org/]]>
@@ -2164,7 +2226,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
target_pattern
- socks_proxy[:port]
+ [user:pass@]socks_proxy[:port]
http_parent[:port]
@@ -2177,7 +2239,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
(http_parent
may be . to denote no HTTP forwarding), and the optional
port parameters are TCP ports,
- i.e. integer values from 1 to 65535
+ i.e. integer values from 1 to 65535. user and
+ pass can be used for SOCKS5 authentication if required.
@@ -2253,6 +2316,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
forward-socks4 / socks-gw.example.com:1080 .
+
+ To connect SOCKS5 proxy which requires username/password authentication:
+
+
+ forward-socks5 / user:pass@socks-gw.example.com:1080 .
+
+
To chain Privoxy and Tor, both running on the same system, you would use
something like:
@@ -2273,8 +2343,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
forward 192.168.*.*/ .
- forward 10.*.*.*/ .
- forward 127.*.*.*/ .
+ forward 10.*.*.*/ .
+ forward 127.*.*.*/ .
Unencrypted connections to systems in these address ranges will
@@ -3323,8 +3393,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
This directive was added as a work-around for Firefox bug 492459:
Websites are no longer rendered if SSL requests for JavaScripts are blocked by a proxy.
- (https://bugzilla.mozilla.org/show_bug.cgi?id=492459),
+ (
+ https://bugzilla.mozilla.org/show_bug.cgi?id=492459),
the bug has been fixed for quite some time, but this directive is also useful
to make it harder for websites to detect whether or not resources are being
blocked.
@@ -3446,15 +3516,17 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# Best speed (compared to the other levels)
compression-level 1
+
# Best compression
compression-level 9
+
# No compression. Only useful for testing as the added header
# slightly increases the amount of data that has to be sent.
# If your benchmark shows that using this compression level
# is superior to using no compression at all, the benchmark
# is likely to be flawed.
compression-level 0
-
+
@@ -3607,7 +3679,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# that are enabled based on CLIENT-TAG patterns.
client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
disable-content-filters Disable content-filters but do not affect other actions
-
+
@@ -3668,7 +3740,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# Increase the time to life for temporarily enabled tags to 3 minutes
client-tag-lifetime 180
-
+
@@ -3741,7 +3813,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# Allow systems that can reach Privoxy to provide the client
# IP address with a X-Forwarded-For header.
trust-x-forwarded-for 1
-
+
@@ -3813,7 +3885,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
# Increase the receive buffer size
receive-buffer-size 32768
-
+
@@ -3842,15 +3914,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#activity-animation 1]]>
-
- activity-animation 1
-
-
-
-
+
]]>
@@ -3864,15 +3930,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-messages 1]]>
-
- log-messages 1
-
-
-
-
+
]]>
@@ -3890,15 +3950,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-buffer-size 1]]>
-
- log-buffer-size 1
-
-
-
-
+
]]>
@@ -3910,15 +3964,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-max-lines 200]]>
-
- log-max-lines 200
-
-
-
-
+
]]>
@@ -3931,15 +3979,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-highlight-messages 1]]>
-
- log-highlight-messages 1
-
-
-
-
+
]]>
@@ -3950,15 +3992,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-font-name Comic Sans MS]]>
-
- log-font-name Comic Sans MS
-
-
-
-
+
]]>
@@ -3969,15 +4005,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#log-font-size 8]]>
-
- log-font-size 8
-
-
-
-
+
]]>
@@ -3990,15 +4020,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#show-on-task-bar 0]]>
-
- show-on-task-bar 0
-
-
-
-
+
]]>
@@ -4011,15 +4035,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#close-button-minimizes 1]]>
-
- close-button-minimizes 1
-
-
-
-
+
]]>
@@ -4033,15 +4051,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
@@#hide-console]]>
-
-
#hide-console
-
-
-
-
+
]]>