[Bug Report] Erasing (for single scope) resets to default global scope rule (the one that the extension uses in new install).

[skudo12]

It's quite a bit hard to explain. By default, HTTPS only blacklists "Frame" and whitelists "IMG" and "CSS". The rest are greylisted.

To reproduce the bug, blacklist "COOKIE" (for example) in the global scope (*). Then enable auto-create temporary site-level scope. Go to a random website and make changes to the matrix. Using the erase all rule (4 erasers button) the matrix will reset to blacklist "Frame", "COOKIE" and whitelist "IMG", "CSS". However using the erase for this scope (single eraser), the matrix will reset to blacklist "Frame" and whitelist "IMG", "CSS". "COOKIE" is back to greylisted instead of blacklisted.

[gorhill]

Yes, for purpose of consistency, I should remove all temporary rules, which means not only cookie should become graylisted, but also css, img and frame, since these are also temporary. These temporary rules were copied from global scope strictly for convenience when the scope was first created.

Edit: Currently the behavior you see is because I revert to default factory rules for when there is not permanent scope counterpart, as seen here.

• So the choices of fix are:
  1. Clear all temporary rules at all, i.e. all become graylisted (consistent with the meaning of the eraser icon);
  2. Clear all temporary rules and copy again the type-based rules from global scope to the temporary local scope (inconsistent with the meaning of the eraser icon)
  3. Document clearly that the eraser "reset temporary rules to factory ones" (i.e. no fix required)

Edit: added third option for fix. Thinking more about it, I think 3 is the best compromise, I probably already went through all this in my head, hence why I implemented it this way.

[gorhill]

I will go with ii:

Clear all temporary rules and copy again the type-based rules from global scope to the temporary local scope

Going with i. is rather inconvenient, and going with iii. is causing HTTPSB to behave against user expectation, especially when using HTTPSB in a RequestPolicy-like mode.