Granularity of Temporarily set top-level sites to TRUSTED
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Granularity of Temporarily set top-level sites to TRUSTED
I have checked off: Temporarily set top-level sites to TRUSTED
This should allow the top-level domains, which it does, but I noticed some sites here and there suffer from a bug. Some sites have two domains with the same name, but not both are honored by the Trusted permission.
If we have a site www.example.com we might have:
...example.com
and
http://www.example.com
One of these will be Trusted by NoScript, but the other will not. To me, both should be Trusted by NoScript since they're the same site IMO.
Example site:
http://www.city-data.com/
Temp trusted: http://www.city-data.com
Set to Default: …city-data.com
I have encountered a bunch of sites where this happens. I will supply a list if you want.
Here are my specs:
NoScript Version: 10.1.7.5
Firefox: 59.0.2 x64 on Windows 10
This should allow the top-level domains, which it does, but I noticed some sites here and there suffer from a bug. Some sites have two domains with the same name, but not both are honored by the Trusted permission.
If we have a site www.example.com we might have:
...example.com
and
http://www.example.com
One of these will be Trusted by NoScript, but the other will not. To me, both should be Trusted by NoScript since they're the same site IMO.
Example site:
http://www.city-data.com/
Temp trusted: http://www.city-data.com
Set to Default: …city-data.com
I have encountered a bunch of sites where this happens. I will supply a list if you want.
Here are my specs:
NoScript Version: 10.1.7.5
Firefox: 59.0.2 x64 on Windows 10
Last edited by barbaz on Fri Mar 30, 2018 1:39 am, edited 2 times in total.
Reason: more descriptive title
Reason: more descriptive title
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Top-level domains not working properly
That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Re: Top-level domains not working properly
Is there a way to trust *.example.com then?barbaz wrote:That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
Last edited by barbaz on Wed Mar 28, 2018 6:54 am, edited 1 time in total.
Reason: kill board-generated link
Reason: kill board-generated link
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Top-level domains not working properly
"...example.com" trusts both "example.com" and *.example.com
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Re: Top-level domains not working properly
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Top-level domains not working properly
So to be clear, does it work that way for you or not?tancrackers wrote:That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
*Always* check the changelogs BEFORE updating that important software!
-
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Top-level domains not working properly
Notice also that if the lock icon is closed and green, only the HTTPS (secure) version of the site(s) will be trusted, so https://www.city-data.com will work but http://www.city-data.com won't.
For ...citydata.com to match http://www.city-data.com you'll net to set the lock icon to open/red.
For ...citydata.com to match http://www.city-data.com you'll net to set the lock icon to open/red.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Re: Top-level domains not working properly
It does not currently work the way that I was expecting.barbaz wrote:So to be clear, does it work that way for you or not?tancrackers wrote:That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
In my settings, they are both red.Giorgio Maone wrote:Notice also that if the lock icon is closed and green, only the HTTPS (secure) version of the site(s) will be trusted, so https://www.city-data.com will work but http://www.city-data.com won't.
For ...citydata.com to match http://www.city-data.com you'll net to set the lock icon to open/red.
Code: Select all
https://i.imgur.com/iNIlZrS.png
Essentially, one can look at ScriptSafe on Chrome. Their option: "Allow the same domain and subdomains" is more what I was looking for.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Top-level domains not working properly
I am sorry, I totally misunderstood the problem! Let me try to summarise it.
Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.
What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.
Do I have it right this time?
Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.
What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.
Do I have it right this time?
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Re: Top-level domains not working properly
Yes! Exactly.barbaz wrote:I am sorry, I totally misunderstood the problem! Let me try to summarise it.
Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.
What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.
Do I have it right this time?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Granularity of Temporarily set top-level sites to TRUSTE
Thanks for confirming. I've changed the thread title to better reflect the issue at hand.
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 10
- Joined: Thu Mar 17, 2016 11:56 am
Re: Granularity of Temporarily set top-level sites to TRUSTE
Is this a legitimate feature that would be considered for a future release?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0