Allow trusted sites to be added based on domain name

Bug reports and enhancement requests
Post Reply
espressobeanies
Posts: 1
Joined: Wed Mar 20, 2019 3:32 am

Allow trusted sites to be added based on domain name

Post by espressobeanies » Wed Mar 20, 2019 3:41 am

I'd like to see trusted sites be added to NoScript's allow list based on domain name because Cloudflare domains are popping up a lot of times from the general sites I visit with URLs containing insanely unique URL UUIDs as their sub-domains. It would make more sense to whitelist the entire domain if you trust content from them.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

User avatar
therube
Ambassador
Posts: 7325
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Allow trusted sites to be added based on domain name

Post by therube » Wed Mar 20, 2019 11:19 am

Would simply adding "cloudflare.com" (or is it cloudflare.net or is it cloudfront.com, .net, or...) work?

Even though you may want to "trust" a particular site in cloud*.*, I'd think it unsafe to blanket trust cloud*.*.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5

barbaz
Senior Member
Posts: 8969
Joined: Sat Aug 03, 2013 5:45 pm

Re: Allow trusted sites to be added based on domain name

Post by barbaz » Wed Mar 20, 2019 12:22 pm

They probably mean Cloudfront.

This is by design. Each cloudfront.net subdomain is controlled by whichever site owns it. Any site can get a cloudfront.net subdomain. Allowing all of cloudfront.net is much like allowing *.com. It's safer to allow only the specific subdomain(s) you need.
*Always* check the changelogs BEFORE updating that important software!
-

musonius
Senior Member
Posts: 87
Joined: Sun Jul 08, 2018 5:38 pm

Re: Allow trusted sites to be added based on domain name

Post by musonius » Wed Mar 20, 2019 4:40 pm

There are cloudfront domains which are mostly harmless and there are cloudfront domains which are mostly harmful. Allowing all cloudfront domains is more or less like allowing the whole internet. The default white list may need an update indeed (I for one would be perfectly fine with an empty white list), but allowing all cloudfront domains really should not be an option.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Post Reply