Partially addresses a non-critical vulnerability: requests to loopback/private addresses should be ignored. More information: https://github.com/claustromaniac/poop/issues/21

changes in 1.3.0:

- fixed the console messages of the Referer spoofing feature
- the extension now also alters requests using the OPTIONS method (preflight requests), but only when it knows the following (actual) requests will be GET requests. Read the updated documentation and/or the issues in the GitHub repo for more information

changes in 1.3.1:

- fixed non-preflight requests using the OPTIONS method not being ignored

- fixed the console messages of the Referer spoofing feature
- the extension now also alters requests using the OPTIONS method (preflight requests), but only when it knows the following (actual) requests will be GET requests. Read the updated documentation and/or the issues in the GitHub repo for more information

- minor bugfix: the cross-origin Referer spoofing feature was not sending the full URL, which is not ideal because it doesn't match the behavior of network.http.referer.spoofSource, and raises entropy unnecessarily.

- trivial cosmetic changes
- reworded the Type filters section of the options page
- updated list of public suffixes

- fixed a pretty important issue related to the popup. It was showing the wrong hostname whenever there were iframes, and overrides created from the popup applied to that hostname.
- fixed two cosmetic issues with the popup: 1) the color of the counters (green/red) was being applied only on refresh. 2) the elements inside the fieldsets did not align vertically in a reliable way (they could even overlap)
- added a button to open the options page from the popup

- The original algorithm was extremely minimalist. The extension now has two broad modes of operation: aggressive and relaxed. Both modes should be safe, but the aggressive mode is less tolerant and therefore expected to break website functionality. The relaxed mode is an improved version of what the extension was already doing in v0.3.0.
- Added UI elements:
- a toolbar icon with a popup that displays the count of altered and failed requests in the relevant tab. It also has controls for toggling the main functionality of the extension on and off, and controls for overriding the global mode of operation on a per-site basis, or fully whitelist websites.
- an options page, pretty self-explanatory.
- Updated documentation. Please visit the homepage.

Streamlined the code a tad. It should perform better.

- Changed the icon to svg (thanks @KOLANICH).
- Improved two of the checks.

Fixed Authorization headers being accidentally removed from requests.