Setting top-level domain trust level

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Setting top-level domain trust level

Re: Setting top-level domain trust level

by ronks » Tue Dec 04, 2018 5:18 pm

Thanks! It's just that cloudfront and some other sites have an awful lot of those URLs; it becomes a sort of scripting whack-a-mole.

Re: Setting top-level domain trust level

by barbaz » Tue Dec 04, 2018 3:11 pm

You can only allow up to second-level domains from the UI.

Allowing *.cloudfront.net is comparable to allowing *.com, or any other TLD. Anyone can get a cloudfront.net subdomain and put their content there. It's a lot safer to only whitelist the specific cloudfront.net subdomains you need.

Setting top-level domain trust level

by ronks » Tue Dec 04, 2018 3:57 am

Jeaye's excellent guide says about top-level domain configuration that
> NoScript 10 allows you to modify the trust level of the specific domain used (such as blog.jeaye.com), as well as the entire top-level domain (such as ...jeaye.com)

But I don't see how. My settings show several pairs like
...d1z2jf7jlzjs58.cloudfront.net
https://d1z2jf7jlzjs58.cloudfront.net

with only that first string varied.
I would like to trust all ...cloudfront.net variations
and some other top levels domains like it.
How does one do that?

Top