How to allow top level domains in NoScript 10 (Quantum)?

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: How to allow top level domains in NoScript 10 (Quantum)?

Re: How to allow top level domains in NoScript 10 (Quantum)?

by Giorgio Maone » Tue Jan 16, 2018 12:09 pm

Hand wrote:I have this problem with:

github.io
googleapis.com
cloudfront.net
gov.xx (xx is the country)

Allowing domains other than the ones above, the subdomains are allowed.
This should be fixed now: if you want to shoot yourself in your foot (these domains are way too broad, that's why the public suffixes list has them as TLDs) you can just enter them as they are in the NoScript Options "Add / search site" text box and hit the [+] button.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by Hand » Wed Jan 03, 2018 7:02 pm

I have this problem with:

github.io
googleapis.com
cloudfront.net
gov.xx (xx is the country)

Allowing domains other than the ones above, the subdomains are allowed.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by NYCgirl » Tue Jan 02, 2018 6:27 pm

I removed the "..." and entered "www.cloudfront.net". The problem is solved! NoScript now trusts the subdomains of cloudfront.net, and doens't show me a list of dozens of subdomains that have to be approved each time.

You should know that other users may be using the "..." (which is called "ellipsis"). When testing in mid-December, using ellipsis was the only way to enter a domain without "www". If I attempted "cloudfront.net", the plus sign would remain greyed out.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by FranL » Tue Jan 02, 2018 5:47 pm

Giorgio Maone wrote:You mean you entered "...cloudfront.net" (with the leading dots) literally? You're not supposed to (and it wouldn't match anything)*. Just enter "cloudfront.net" [...].

*in RC2 I'm gonna add an input validation rule against extra leading and trailing dots to avoid this counfusion
Thanks for clarifying this, Giorgio. If the user types the leading dots when manually adding domains, there's a subtle difference in the rendering of the domain name. For example, if I manually add "...xyzzy.net" (incorrect) and "xyzzy.net" (correct), and I see this (zoomed for clarity):

Image

Note the difference in how the dots are rendered.
Anyone who has entries like the first one above should fix them.

UPDATE: Unfortunately, the rendering difference isn't as visible (or maybe doesn't exist at all) when the lock is green and the domain names are black, so the best way to find such incorrectly-typed domain names is to enter "..." in the text box, which causes the Options page to isolate only those domains which contain the user-typed dots.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by Giorgio Maone » Tue Jan 02, 2018 5:26 pm

NYCgirl wrote:Thanks for the quick response! I'm glad we're moving to resolve this.

But I'm not sure how you'd like us to set the TLD to allow. I tried this: Using "options" I set "...cloudfront.net" as "Trusted" https://ibb.co/ctcfHG .
You mean you entered "...cloudfront.net" (with the leading dots) literally? You're not supposed to (and it wouldn't match anything)*. Just enter "cloudfront.net" (and possibly turn the lock to green, so the matching is limited to HTTPS resources only).

*in RC2 I'm gonna add an input validation rule against extra leading and trailing dots to avoid this counfusion

Re: How to allow top level domains in NoScript 10 (Quantum)?

by NYCgirl » Tue Jan 02, 2018 4:07 pm

Thanks for the quick response! I'm glad we're moving to resolve this.

But I'm not sure how you'd like us to set the TLD to allow. I tried this: Using "options" I set "...cloudfront.net" as "Trusted" https://ibb.co/ctcfHG . But when I load a website that uses cloudfront.net subdomains, they are still "Default" https://ibb.co/egsY4w. This is exactly how it was before I installed the RC1.

What do you think?

Re: How to allow top level domains in NoScript 10 (Quantum)?

by Giorgio Maone » Tue Jan 02, 2018 2:00 pm

Please check latest dev build, thanks.

Code: Select all

v 10.1.6.3rc1
=============================================================
x Domain matching now works also for manually entered TLDs
  and pseudo-TLDs, such as "gov.us" or "cloudflare.net"

Re: How to allow top level domains in NoScript 10 (Quantum)?

by NYCgirl » Tue Jan 02, 2018 4:13 am

Try Trello.com, which is a project management software http://ibb.co/nAvKbb. To display content, they link to Cloudfront.net. I'd like to turn that site, with all of its subdomains, into a trusted site

(sorry for the delay in response)

Re: How to allow top level domains in NoScript 10 (Quantum)?

by Tomatix » Tue Dec 12, 2017 7:26 pm

NYCgirl wrote:No Solution Yet

Thanks for your suggestions and references. I tried all of them, but there's no solution yet:
I didn't see a solution in any of the threads mentioned
It was only one thread referenced so far (2(+1) times).

What you want is not possible by design. It's a feature, not a bug.
The "other thread" tries to explain why:
https://forums.informaction.com/viewtop ... =15#p93703
NYCgirl wrote: https://ibb.co/ke7pFG
Could you provide the name of that or a similar site for testing?

Re: How to allow top level domains in NoScript 10 (Quantum)?

by 8-bit » Mon Dec 11, 2017 5:36 pm

FranL wrote:Are you giving a workaround to a bug or describing how it should work? If the latter, it seems backwards to me. I assume the "..." prefix is meant to imply sub-domains (as well as the primary domain). So the absence of the "..." prefix must mean "no sub-domains — just this primary domain". Please correct me if my assumptions are wrong.
Not a workaround, because there is no bug to workaround. When typing it in the domain field on the master preferences page, you do not prefix the domain with "..." NS will automatically add it when it is on the list, but when adding it manually via the domain field do not prefix it with "..." - Only type cloudfront.net - you do not even need to prefix it with http(s)://

Please provide a site you are having problems with, and I will be happy to test it on my system.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by FranL » Mon Dec 11, 2017 5:03 pm

8-bit wrote:Just type "cloudfront.net" into the box and click the plus sign. DO NOT TYPE "...cloudfront.net".
...
I have personally tested this. - subdomains will be trusted.
Are you giving a workaround to a bug or describing how it should work? If the latter, it seems backwards to me. I assume the "..." prefix is meant to imply sub-domains (as well as the primary domain). So the absence of the "..." prefix must mean "no sub-domains — just this primary domain". Please correct me if my assumptions are wrong.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by 8-bit » Mon Dec 11, 2017 4:17 pm

NYCgirl wrote:Images: Trusting "cloudfront.net" doesn't convey trust to its many subdomains
https://ibb.co/g2HZhw

https://ibb.co/ke7pFG
Just type "cloudfront.net" into the box and click the plus sign. DO NOT TYPE "...cloudfront.net". You then click the RED lock next to it to make sure it is only allowing cloudfront.net from a secure connection, or if you wish, leave the lock open/red and it will trust it from BOTH insecure (http) & secure (https) connections. It is not greyed out and adds to the list perfectly. I have personally tested this. - subdomains will be trusted. If this does not work, I suggest trying it with a fresh profile. (backup your current one)

FYI: Do not use ibb.co for image hosting, it has been known to be serving up all kinds of malware. Please re-post pics from a different host if possible.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by NYCgirl » Mon Dec 11, 2017 3:02 am

We're making progress, but we're quite there.

* If I type "...cloudfront.net" (literally, ellipsis followed by the domain name), I can add the domain to the trusted list in NoScript options
* but even after adding, the subdomains are not trusted. Rather, I have to manually change the setting for each one. And since cloudfront uses many, many subdomains, it means a lot of manual work
*This was tested on 10.1.5.7rc1 after selecting Temporarily set top level domains as trusted

Images: Trusting "cloudfront.net" doesn't convey trust to its many subdomains
https://ibb.co/g2HZhw

https://ibb.co/ke7pFG

Re: How to allow top level domains in NoScript 10 (Quantum)?

by barbaz » Sun Dec 10, 2017 4:26 pm

FranL wrote:Wait — doesn't the "..." prefix on a trusted domain name mean "trust all sub-domains too"?
It does.
FranL wrote:Not sure what "other thread" you're referring to, b
Read DHO's previous post in this thread and all will become clear.

Re: How to allow top level domains in NoScript 10 (Quantum)?

by FranL » Sun Dec 10, 2017 4:17 pm

DHO wrote:The above is a helpful description of how to add a trusted entry for ...cloudfront.net.
However NoScript 10 probably won't interpret this new rule to mean that *.cloudfront.net should be trusted (this is the problem with trusting specified domains described in the other thread).
Wait — doesn't the "..." prefix on a trusted domain name mean "trust all sub-domains too"? Not sure what "other thread" you're referring to, but what else could that "..." prefix mean?

Top